+1 to Justin.
2014-07-22 9:54 GMT-04:00 Richer, Justin P. <[email protected]>: > Errors like these make it clear to me that it would make much more sense > to develop this document in the OpenID Foundation. It should be something > that directly references OpenID Connect Core for all of these terms instead > of redefining them. It's doing authentication, which is fundamentally what > OpenID Connect does on top of OAuth, and I don't see a good argument for > doing this work in this working group. > > -- Justin > > On Jul 22, 2014, at 4:30 AM, Thomas Broyer <[email protected]> wrote: > > > > > On Mon, Jul 21, 2014 at 11:52 PM, Mike Jones <[email protected]> > wrote: > >> Thanks for your review, Thomas. The “prompt=consent” definition being >> missing is an editorial error. It should be: >> >> >> >> consent >> >> The Authorization Server SHOULD prompt the End-User for consent before >> returning information to the Client. If it cannot obtain consent, it MUST >> return an error, typically consent_required. >> >> >> >> I’ll plan to add it in the next draft. >> > > It looks like the consent_required error needs to be defined too, and > you might have forgotten to also import account_selection_required from > OpenID Connect. > > >> >> >> I agree that there’s no difference between a response with multiple “amr” >> values that includes “mfa” and one that doesn’t. Unless a clear use case >> for why “mfa” is needed can be identified, we can delete it in the next >> draft. >> > > Thanks. > > How about "pwd" then? I fully understand that I should return "pwd" if > the user authenticated using a password, but what "the service if a client > secret is used" means in the definition for the "pwd" value? > > (Nota: I know you're at IETF-90, I'm ready to wait 'til you come back > ;-) ) > > -- > Thomas Broyer > /tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/> > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
