Re: [OAUTH-WG] Question regarding draft-hunt-oauth-v2-user-a4c

Fri, 13 Jun 2014 09:55:34 -0700 

Mike -  when i see language like

[quote]
This list augments the set of features that are already listed elsewhere as being "REQUIRED" or are described with a "MUST", and so is not, by itself, a comprehensive set of implementation requirements for OPs. 
[\quote]
in Section 15.1, I have to say this isn't a clear definition of what is MTI.
I guess someone could through comprehensive research determine exactly what might be meant by this section, but that doesn't meet the criteria of "very clear definition of MTI". 

- prateek

- prateek
Actually, there is a very clear definition of what the minimal Mandatory To Implement (MTI) in OpenID Connect is - it's right in the spec. See the (quite short) sections:
*15.1.* <http://openid.net/specs/openid-connect-core-1_0.html#ServerMTI> Mandatory to Implement Features for All OpenID Providers *15.2.* <http://openid.net/specs/openid-connect-core-1_0.html#DynamicMTI> Mandatory to Implement Features for Dynamic OpenID Providers 

-- Mike

-----Original Message-----
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Prateek Mishra
Sent: Friday, June 13, 2014 9:24 AM
To: Bill Burke; Phil Hunt
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Question regarding draft-hunt-oauth-v2-user-a4c
Excellent, now you have put your finger on the precise issue with OIDC - lots of optional extensions and shiny trinkets and lack of a clear definition of a core subset for servers.
I realize its exciting for consultants, software and toolkit vendors to have that sort of optionality, but in practice, its NOT A GOOD THING in a protocol. 

[quote]

>

>> It is a bit like saying an 18 wheeler is suitable for driving the

>> kids to school. :-)

>

> I don't think this is true.  Most oidc oauth extensions are optional

> with the sole requirement that providers don't barf if you send them.

>

[\quote]

_______________________________________________

OAuth mailing list

OAuth@ietf.org <mailto:OAuth@ietf.org>

https://www.ietf.org/mailman/listinfo/oauth




_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to