[Openid-specs-ab] [openid/connect] Messages 2 - undefined roles for OpenID Provider and Relying Party (issue #565)

jbufu issues-reply at bitbucket.org
Tue Apr 3 14:40:07 UTC 2012

--- you can reply above this line ---

New issue 565: Messages 2 - undefined roles for OpenID Provider and Relying Party

jbufu on Tue, 3 Apr 2012 16:40:07 +0200:

Terminology section defines OpenID Providers and Relying Parties, however their roles are not defined throughout the definitions in section 2 Messages (and neither in the protocol overview section).

Definitions in section 2 are written in terms of OAuth2 players (Client/Authorization Server/etc.), and the specification does not define any relationship between RPs and OAuth2 Clients, and between OPs and OAuth Servers. 

Given that a "Message" is defined in the Terminology section as a request or response between an RP and an OP, the specification does not define, in effect, any Messages per this definition.

The specification should make it clear if and when (always?) an RP takes the role of an OAuth2 Client, and an OP the role of a OAuth2 Authorization Server. Currently (draft 8) the reader is left to guess when and how these mappings apply.


This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.

More information about the Openid-specs-ab mailing list