<meta http-equiv="content-type" content="text/html; charset=utf-8">
<body bgcolor="#FFFFFF" text="#000000">
I reviewed the current CIBA specification. Attached are my detailed
The main points I'd like to highlight are the following :<br>
- It would be very useful to get a dedicated chapter detailing
explicitely the Use Cases for which CIBA specification should be
used. We did this in UQ spec and I think it is important to have the
same thing in CIBA in order to be able to identify clearly the
similarities and differences between UQ and CIBA. These chapter
would be useful for RP to choose which spec they need for their Use
- The (re)introduction of the "context" parameter is ambiguous for
me and furthermore with a "required" flag . Why (or in which Use
Case - see previous remark) do you need to introduce this parameter
? Do You have examples in mind as "context" value ?<br>
- There are a lot of references to OAuth 2.0 or OpenID Connect Core
specs but in several context, nothing similar exist in both specs.
For example (but it is just one example), the way to push
notification in case of error is completely new so it seems to be
difficult to refer to OAuth and OpenID Connect specs.<br>
- In my understanding, we agreed in Paris that the
client_notification_endpoint would be preregistered and consequently
not transmitted as a parameter in the first request.<br>
Looking forward to having your comments on these remarks,<br>
<div class="moz-signature">-- <br>
<font face="TIMES"><font size="2">
<img src="cid:part1.D900645E.59D35248@orange.com" <br="">
<b> MARAIS Charles </b><br>
<b> Orange Labs Lannion</b></font><br>
Tel : +33 (0)2 96 07 24 18 <br>
Orange Labs Lannion <br>
2, avenue Pierre Marzin <br>
22307 LANNION Cedex - France
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.