[Openid-specs-risc] RISC Profile
Phil Hunt
phil.hunt at oracle.com
Mon Feb 5 19:29:09 UTC 2018
Marius,
Thanks for the draft.
Some questions:
Section 2 - Subject Identifier.
How is the JSON object conveyed in SET? Is it in the payload identified as an attribute? Is it the value of “sub” in the top level?
Section 3 - Discovery
There is a lot of metadata that to me is not service provider wide - but is stream specific. Example, signer certificates may be assigned in pairwise or domain specific fashion. This may be of particular concern to tenancy based service providers.
Included in the discovery should be some discussion of authentication and authorization.
Should discovery not be part of SECEVENTs?
Note also, an issue came up in OAuth Metadata and Connect well-known paths - Mike can probably explain. See:
https://www.ietf.org/mail-archive/web/oauth/current/msg17745.html
Section 4 - we had discussions in Singapore that a majority of attendees indicated they need a multi-profile management API. Why does the RISC document have one?
I understand there is some pressure for the pilot, but it would seem to me that the pilot can be done through manual administration and should not require a management API (except for error checking) at this time.
Phil
Oracle Corporation, Identity Cloud Services Architect
@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>
> On Feb 2, 2018, at 2:25 PM, Marius Scurtescu via Openid-specs-risc <openid-specs-risc at lists.openid.net> wrote:
>
> <risc-secevent.pdf>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20180205/3dc0f413/attachment.html>
More information about the Openid-specs-risc
mailing list