[Openid-specs-ab] Agenda addition for today's call

Mike Jones Michael.Jones at microsoft.com
Wed Jun 22 23:04:49 UTC 2011


This is good enough as-is that I'm going to check it into SVN and put it on openid.net/specs after a few editorial changes to make it more like the other docs.

Speak now if any of you want me to hold off for any reason...

                                                                -- Mike

From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Monday, June 20, 2011 2:52 PM
To: Mike Jones
Cc: Nat Sakimura; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Agenda addition for today's call

For discussion:

Dynamic client registration and secret rotation.

Thinking about it,  It makes more sense to have the IdP configuration information as part of registration.

One flow could be having a RP go to a web page and do a manual registration, then plug in their client_id, client_secret, return_to, and Idp client registration endpoint into their software and have it do a refresh to get the other parameters.

I suspect that the Client Registration endpoint will need to also be the issuer_id.   Without introducing a post authentication discovery step we need to map the signature on the session token back to a shared secret (or public key)  If we allow the other endpoints to be on other domains potentially, that leaves the registration one as the likely choice.

John B.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110622/ca379187/attachment.html>


More information about the Openid-specs-ab mailing list