So it's a tiny bit better but not sure it has captured all of what was being
proposed to fix the original, still not there.
1. The signature on the software statement should be optional
2. The software statement should be an assertion, the assertion can be whatever
profiles exist, I understand
Regarding glossary, I can take a shot unless Mike wants to first.
Phil
@independentid
www.independentid.com
phil.h...@oracle.com
On 2014-02-03, at 6:36 PM, Justin Richer wrote:
> I still haven't done a deeply comprehensive read of the three posted drafts,
> but I'm pretty happy with what I've
I still haven't done a deeply comprehensive read of the three posted drafts,
but I'm pretty happy with what I've read so far. Implementors should note that
if you merge all three drafts together you get functionality that is compatible
with -14 (plus software statements).
Some comments inline
I am generally in agreement on the new drafts. Thanks Mike!
Here are some comments:
In the software statement section 3:
> If the authorization server determines that the claims in a software
>statement uniquely identify a piece of software, the same Client ID
>value MAY be returned for
On Jan 28, 2014, at 5:08 PM, George Fletcher
mailto:gffle...@aol.com>> wrote:
I have a situation where some "trusted" clients would like to use the ROPC
flow. However, there are a number of external circumstances that can block the
request even though the user's credentials are actually valid.
