Hi Barry,
here is a new attempt to get the OAuth assertion drafts finalized. The authors
have updated the drafts during the last year (after they returned from the IESG
back to the working group). My shepherd write-ups can be found here:
The shepherd write-ups can be found
here:https://git
Phil
@independentid
www.independentid.com
phil.h...@oracle.com
On 2014-02-05, at 6:08 PM, Mike Jones wrote:
> Thanks for your comments, Phil. I'm working on addressing them at present.
>
> One comment confuses me. You wrote "Section 4.1 - It would be good to have
> an example with a softwa
My thought was the original statement shouldn't be returned because the server
would return the "processed" information. IOW reflecting what it took from the
certificate vs. from the registration request.
If you just echo back the certificate you aren't necessarily reflecting the
final state o
I think it would be echoing back the software statement that was processed as
part of the request for consistency. Replying with a different software
statement is going to be too confusing.
The entirety of the reply represents the configured state for the client.
John B.
On Feb 6, 2014, a
I would agree with Phil, the server makes right in this case, specific
statement may be sent but the processed statement is returned which may be
different
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley
Sent: Thursday, February 6, 2014 10:39 AM
T
Phil
@independentid
www.independentid.com
phil.h...@oracle.com
On 2014-02-06, at 10:38 AM, John Bradley wrote:
> I think it would be echoing back the software statement that was processed
> as part of the request for consistency.
FWIW -- I don't really think anything should be returned o
I'd actually already noticed that the term "software assertion" was present in
some of the text that I inherited and replaced it with "software statement". :-)
-Original Message-
From: Phil Hunt [mailto:phil.h...@oracle.com]
Sent: Thursday, February 06, 2014 10:28 AM
To: Mike Jones
Cc: E
Telling the client the state of it's configuration is useful to the client if
the server "makes right".
I think Tony is arguing for the server putting the entire response into the
software statement element in the response. Where at the moment the spec
provides those elements at the top level
I just spoke to Tony about this in person and to Phil about it on the phone.
We're all good with having the server return the actual values used in the
registration (which is what the spec already does).
-- Mike
-Original Message-
From: John Bradley [mai
OK
On Feb 6, 2014, at 4:17 PM, Mike Jones wrote:
> I just spoke to Tony about this in person and to Phil about it on the phone.
> We're all good with having the server return the actual values used in the
> registration (which is what the spec already does).
>
>
Yes. Mike and I did agree on this.
To confirm I have understood it,I thought I would send this so that we have a
record of why we went with returning the statement (cause I know I'll forget in
the future) :-)
I was concerned that returning the software statement (which was an input
value) d
Yes
-Original Message-
From: Phil Hunt [mailto:phil.h...@oracle.com]
Sent: Thursday, February 06, 2014 11:55 AM
To: Mike Jones
Cc: John Bradley; oauth@ietf.org list
Subject: Re: [OAUTH-WG] Dynamic Registration Plan: Your Feedback Needed!
Yes. Mike and I did agree on this.
To confirm
Yes that is what I confirmed with Mike.
On Feb 6, 2014, at 4:54 PM, Phil Hunt wrote:
> Yes. Mike and I did agree on this.
>
> To confirm I have understood it,I thought I would send this so that we have a
> record of why we went with returning the statement (cause I know I'll forget
> in
13 matches
Mail list logo
