solid-oidc
solid-oidc copied to clipboard
solid
The repository for the Solid OIDC authentication specification.
In #sotd: Add content to this section.
* Language should be tightened up, e.g., "Check to be sure that" - who/what? * "Now" and "we" is used a lot. Consider paraphrasing. * Remove/Paraphrase fluff "The thing we...
In #security-client-trust: Unclear how to use this information as a security consideration. Perhaps elaborate. Alternatively, reuse some of this information in #concepts or somewhere else early on.
In #security-client-secrets: >Client secrets SHOULD NOT be stored in browser local storage. Perhaps "browser or application"? Clarify what's intended with "local" - specific to localStorage or sessionStorage or using it...
In #security-client-ids: >An AS SHOULD assign a fixed set of low trust policies to any client identified as anonymous. Elaborate a bit more on "anonymous".
In #oidc-issuer-discovery-link-headers: Mention why/how this may be useful, e.g., when resource is not publicly readable (401/403)?
Consider the following: * including a complete example of HTTP requests/responses that's relevant for all conforming roles that are required by this specification or link to the example (e.g., in...
s/utilizing/using Add more detail on what the implementer wants to achieve, i.e., to enable who and to do what. Consider changing last paragraphs starting "The OAuth 2.0 [RFC6749]" to explain...
Either re-open https://github.com/solid/solid-oidc/issues/23 because conventions may differ or change, or mention somewhere up front in a section, or in the example description e.g., syntax that's used.
Give **significant** things an identifier and provide a description in RDF.