I wrote directly to their EC member, Trish Gee, right after the ballot concluded. I gave her a copy of the PFD spec, which I hoped would address some of their concerns, explained why we had chosen not to do OpenID Connect/OAuth2, and asked for a more detailed breakdown of their concerns.
She did respond, and said the concerns had been raised by an internal working group, and that she'd forward the updated spec to them and follow up to make sure we got more detailed feedback. I haven't heard anything further from them, but I just now pinged her to see if there was any further feedback.
There's not much we can do about the fact that we didn't to OIDC/OAuth2, but I'm optimistic that the recent updates will address most of their other concerns.
On 07/23/2017 06:18 AM, Arjan Tijms wrote:
-- Will Hopkins | WebLogic Security Architect | +1.781.442.0310 Oracle Application Development 35 Network Drive, Burlington, MA 01803