On 6/12/2014 4:18 PM, Phil Hunt wrote:
Phil
On Jun 12, 2014, at 12:50, Bill Burke <bbu...@redhat.com> wrote:
On 6/12/2014 12:49 PM, Prateek Mishra wrote:
The OpenID Connect 2.0 COre specification alone is 86 pages. It has
received review from maybe a dozen engineers within the OpenID community.
The OpenID Connect spec is 86 pages because it pretty much rehashes the OAuth2
spec walking through each flow and how Open ID Connect expands on that flow.
A4c looks like a subset of this work minus some additional claims and, IMO, is
incomplete compared to OIDC.
In what regards?
Much of oidc is out of scope for this requirement.
What is in a4c that isn't already in OIDC?
It is a bit like saying an 18 wheeler is suitable for driving the kids to
school. :-)
I don't think this is true. Most oidc oauth extensions are optional
with the sole requirement that providers don't barf if you send them.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
