2014-07-24 10:30 GMT-04:00 Phil Hunt <phil.h...@oracle.com>: > I’m not at all saying that OpenID is bad. If you want an IDP, its fine. > But if all a client wants is authentication, they think why can’t I just > use RFC6749?
If all what one wants is to build a simple client, there is a standing document called OpenID Connect Basic Client Implementer's Guide 1.0. It is a profile that deals only the 'code' flow. Size-wise, it is 32 pages. The break down are as below approximately: Abstract, Intro, ToC - 2.5 pages Terminology - 1.5 pages Getting ID Token - 9 pages ID Token Validation - 1 page (Seems missing from a4c draft?) Userinfo Endpoint - 7 pages Serializations - 1 page (missing in a4c?) String Operations etc. - 1 pages (missing in a4c?) Considerations - 2 pages (very brief in a4c) References, Acknowledgement - 2 pages Document History etc. - 7 pages The a4c draft is 14 pages long. It will be longer than this in the end as it is missing bunch of things. The comparable portion of the Basic Client Profile is 14 pages or so. Just one data point. -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
