[Openid-specs-ab] OpenID Connect Federations
Andreas Åkre Solberg
andreas.solberg at uninett.no
Fri Aug 24 11:21:37 UTC 2012
again, I'm considering the possibility of building Identity Federations with OpenID Connect.
I sketched my idea here:
The idea is basically to define a chain of JSON documents that lists trusted providers with the combination of issuer, jwt, UI info and possibly restrictions.
I've done an attempt to get updated on the latest work on the 1.0 spec. A few comments wrt federations.
I think it important to not rule out the possibility of implicit authorization. It is not obvious in Identity Federations to apply user consent /authorization at all.
OIC Standard 2.3.4
Another thing is the discovery protocol. OIC Discovery 3.2 says response MUST be a plain JSON. I believe there will be several use cases for signing the response as a self-signed JWT.
More information about the Openid-specs-ab