[Openid-specs-ab] Proposed interop feature list

Mike Jones Michael.Jones at microsoft.com
Fri Feb 3 17:00:51 UTC 2012


It is allowed because these are OAuth Bearer calls, but you're right that the query parameter method is deprecated for security reasons, and so it's not a best practice.  I'll delete use of the query parameter method from the list of interop features, though, because we don't want to encourage its use.

Are there any other features that you'd like to see added to the list for interop testing?  I know you've been doing testing, so I suspect you have some more that I hadn't gotten down at this point.

				Thanks again,
				-- Mike

-----Original Message-----
From: Roland Hedberg [mailto:roland.hedberg at adm.umu.se] 
Sent: Thursday, February 02, 2012 11:52 PM
To: Mike Jones
Subject: Re: [Openid-specs-ab] Proposed interop feature list

Hi again,

By the way, I didn't know that the query-parameter method was allowed for CheckID and Userinfo endpoints.
I doesn't look like that reading the documents.

-- Roland



More information about the Openid-specs-ab mailing list