What is the point of Messages §3 Serializations?
http://openid.net/specs/openid-connect-messages-1_0-16.html#Serializations
Pretty much just says things "MAY be JSON serialized" but it doesn't seem to relate to anything in particular. As far as I know or can tell, all the JSON and other serializations and encodings are pretty explicitly called out throughout Connect, JWT, and JOSE.
This section seems kind of lost, out of place, unnecessary and not tied to anything else in the spec suite. No?
Comments (5)
-
-
- changed milestone to Implementer's Draft
-
assigned issue to
-
As I thought, it is referenced from Standard.
4.2. UserInfo Response The sub (subject) Claim in the UserInfo Endpoint response MUST exactly match the sub Claim in the ID Token, before using additional UserInfo Endpoint Claims. Upon receipt of the UserInfo request, the UserInfo Endpoint MUST return the JSON Serialization of the UserInfo response as in OpenID Messages 1.0 [OpenID.Messages] in the HTTP response body
Standard defines two other serializations. I suppose either JSON serialization is to be moved to Standard, or other serialization should be moved from Standard to Messages.
Considering the fact that there could be other bindings than HTTP in the future, unifying the serialization in Messages may make sense.
-
reporter I believe that section from Standard actually refers to 2.5 in Messages http://openid.net/specs/openid-connect-messages-1_0.html#StandardClaims in
-
- changed status to resolved
Fixed
#821- Moved definition of JSON Serialization to where it's used.→ <<cset 23740efa39bf>>
- Log in to comment
We will add the clarification in 2.9 about how to serialize the request object. If the serializations section in Messages isn't used, we should delete it. Mike will cross-check.