On 6/12/2014 12:49 PM, Prateek Mishra wrote:
The OpenID Connect 2.0 COre specification alone is 86 pages. It has received review from maybe a dozen engineers within the OpenID community.
The OpenID Connect spec is 86 pages because it pretty much rehashes the OAuth2 spec walking through each flow and how Open ID Connect expands on that flow. A4c looks like a subset of this work minus some additional claims and, IMO, is incomplete compared to OIDC.
FWIW, add 5 Red Hat engineers to the "dozen" of reviewers. We originally were creating our own oauth2 extension using JWT, but found that any feature we wanted to define already existed in OpenID Connect. These guys have done great work. Aren't many of you here authors of this spec and/or the same companies?!? I think your energies are better focused on lobbying OIDC to join the IETF and this WG.
-- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
