[Openid-specs-ab] Agenda addition for today's call
Michael.Jones at microsoft.com
Wed Jun 22 23:04:49 UTC 2011
This is good enough as-is that I'm going to check it into SVN and put it on openid.net/specs after a few editorial changes to make it more like the other docs.
Speak now if any of you want me to hold off for any reason...
From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Monday, June 20, 2011 2:52 PM
To: Mike Jones
Cc: Nat Sakimura; openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Agenda addition for today's call
Dynamic client registration and secret rotation.
Thinking about it, It makes more sense to have the IdP configuration information as part of registration.
One flow could be having a RP go to a web page and do a manual registration, then plug in their client_id, client_secret, return_to, and Idp client registration endpoint into their software and have it do a refresh to get the other parameters.
I suspect that the Client Registration endpoint will need to also be the issuer_id. Without introducing a post authentication discovery step we need to map the signature on the session token back to a shared secret (or public key) If we allow the other endpoints to be on other domains potentially, that leaves the registration one as the likely choice.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab