[Openid-specs-mobile-profile] [Async JWT Profile] draft-oauth-versatile-jwt-profile-04

nicolas.aillery at orange.com nicolas.aillery at orange.com
Wed Apr 5 10:03:54 UTC 2017


Hi James,

   Thanks.
   Here is a draft v4,

Regards

Nicolas



De : Manger, James [mailto:James.H.Manger at team.telstra.com]
Envoyé : mercredi 5 avril 2017 05:29
À : AILLERY Nicolas IMT/OLPS
Cc : openid-specs-mobile-profile at lists.openid.net; MARAIS Charles IMT/OLPS; CLEMENT Philippe IMT TECHNO; MARIOTTE Hubert IMT/OLN
Objet : RE: [Async JWT Profile] draft-oauth-versatile-jwt-profile-03

§3.3 "Polling Request" says:
  "A Client configured with a "client_notification_endpoint" MUST NOT send a Polling Request."
But this seems unnecessary, and contradicts §2 that says "a given "client_id" can use both mechanisms".
Drop this "MUST NOT" paragraph.
[Nicolas] Ok, fixed

You should be able to move the common parts of §4.3.1 and §4.3.2 into §4.3, instead of repeating them. Particularly that the notification POST MUST be a JSON object, and the presence or absence of an "error" member indicates if it is an error or success response respectively.
[Nicolas] Ok, modified

It might be nice for §1.3.2 "Asynchronous Poll flow" to show one (or more) unsuccessful polling requests, not just the final one that succeeds.
[Nicolas] Ok, added

Add a sentence to §2 "Client registration" (probably), and perhaps even an example metadata value:
  "An OP MUST indicate the asynchronous modes it supports by listing the associated "grant_type" values in the "grant_types_supported" member of the OP's metadata [OpenID.Discovery]"
[Nicolas] Ok, done


--
James Manger

From: nicolas.aillery at orange.com<mailto:nicolas.aillery at orange.com> [mailto:nicolas.aillery at orange.com]
Sent: Tuesday, 4 April 2017 6:30 PM

Hello James,

   Thanks for the reviews!
   Here are my comments inline, and a draft v3,

Regards,

Nicolas

_________________________________________________________________________________________________________________________

Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170405/2dce6642/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: draft-oauth-versatile-jwt-profile-04.txt.pdf
Type: application/pdf
Size: 25648 bytes
Desc: draft-oauth-versatile-jwt-profile-04.txt.pdf
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170405/2dce6642/attachment-0001.pdf>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: draft-oauth-versatile-jwt-profile-04.xml
Type: application/xml
Size: 41775 bytes
Desc: draft-oauth-versatile-jwt-profile-04.xml
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20170405/2dce6642/attachment-0001.xml>


More information about the Openid-specs-mobile-profile mailing list