Nat, You don't have to convince me.
You have to sell all the people not implementing OpenId who think OAuth is sufficient. I agree A4C is currently too long. I think Mike and John may be on to something even better. Phil > On Jul 24, 2014, at 11:50, Nat Sakimura <sakim...@gmail.com> wrote: > > > 2014-07-24 10:30 GMT-04:00 Phil Hunt <phil.h...@oracle.com>: >> I’m not at all saying that OpenID is bad. If you want an IDP, its fine. But >> if all a client wants is authentication, they think why can’t I just use >> RFC6749? > > If all what one wants is to build a simple client, there is a standing > document called OpenID Connect Basic Client Implementer's Guide 1.0. > > It is a profile that deals only the 'code' flow. > Size-wise, it is 32 pages. The break down are as below approximately: > > Abstract, Intro, ToC - 2.5 pages > Terminology - 1.5 pages > Getting ID Token - 9 pages > ID Token Validation - 1 page (Seems missing from a4c draft?) > Userinfo Endpoint - 7 pages > Serializations - 1 page (missing in a4c?) > String Operations etc. - 1 pages (missing in a4c?) > Considerations - 2 pages (very brief in a4c) > References, Acknowledgement - 2 pages > Document History etc. - 7 pages > > The a4c draft is 14 pages long. It will be longer than this in the end as it > is missing bunch of things. > The comparable portion of the Basic Client Profile is 14 pages or so. > > Just one data point. > > -- > Nat Sakimura (=nat) > Chairman, OpenID Foundation > http://nat.sakimura.org/ > @_nat_en
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth