Provide them with an updated spec and javadoc that I think
should address at least some of their concerns.
Explain the decision we made to not implement OpenID Connect
or OAuth2 based on the limited time we had to complete the JSR,
and our view that JSR-375 is nonetheless useful on its own
merits, and as a foundation on which things like OpenID Connect
can be implemented.
Request more information about their concerns.
They've said they'll respond with more information; hopefully we
can address their concerns.
Will
On 07/10/2017 09:27 PM, David Blevins
wrote:
Let me add I fully
understand someone largely inactive popping up a the finish line
and asking a massive scope creep question is frustrating. I am
understandably patient and really just curious on our thoughts.
--
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Application Development
35 Network Drive, Burlington, MA 01803