[Openid-specs-ab] LoginId hint

Breno de Medeiros breno at google.com
Thu Aug 30 17:52:25 UTC 2012


Consider the case where partners share a computer, or a user has a personal
account and a professional account with the same IDP. If the currently
logged-in user is different from the suggested user via login_id, what are
the expectations?


On Thu, Aug 30, 2012 at 7:55 AM, Justin Richer <jricher at mitre.org> wrote:

>  Ryo,
>
> We talked about this on the call this morning. Right now, we're saying
> that it's RECOMMENDED that they have the same value, but it's not required.
> Since there are currently two discovery setups (SWD and Webfinger/XRD) that
> use different parameter names, it might be a moot point to try and match
> those.
>
>  -- Justin
>
>
> On 08/30/2012 01:28 AM, Ryo Ito wrote:
>
> Do the principal parameter at discovery request and login_id parameter
> have same value?
> If it is Yes, the unification of the parameter name or reference will help
> developers.
>
>  Thanks,
> Ryo
>
> 2012/8/30 George Fletcher <gffletch at aol.com>
>
>>  How about adding the following to section 2.1.2 of Messages... after
>> the id_token parameter
>>
>> login_id
>>     OPTIONAL. A hint to the authorization service as to the login_id the
>> user may use to authenticate (if necessary). This hint can be used by an RP
>> if it first asks the user for their email address (or other identifier) and
>> then wants to pass that value as a hint to the discovered authorization
>> service.
>>
>> Thanks,
>> George
>>
>>   On 8/29/12 2:00 PM, Nat Sakimura wrote:
>>
>> Hey, now I am getting the support!
>>
>>  Could one of you provide the actual text proposal for it?
>>
>> =nat via iPhone
>>
>> On Aug 30, 2012, at 1:40 AM, Chuck Mortimore <cmortimore at salesforce.com>
>> wrote:
>>
>>   +1
>>
>> - cmort
>>
>> On Aug 29, 2012, at 9:26 AM, "Pam Dingle" <pdingle at pingidentity.com>
>> wrote:
>>
>>  +1 from me too - need this for account chooser, among other things.
>>
>> On Wed, Aug 29, 2012 at 8:39 AM, Richer, Justin P. <jricher at mitre.org>wrote:
>>
>>>  +1, I've asked for this feature too.
>>>
>>>   -- Justin
>>>
>>>   On Aug 29, 2012, at 11:27 AM, George Fletcher wrote:
>>>
>>>    Hi,
>>>
>>> We've run into a case where it would be nice to be able to pass into the
>>> /authorize endpoint a value to pre-fill the loginid field on the
>>> authentication UI. We allow for an id_token to be passed as a hint of the
>>> desired user, but this only works for an "already authenticated" use case.
>>>
>>> If we consider the Account Chooser case where what is stored is the
>>> user's email address, it would be nice to be able to start the identity
>>> federation flow passing that email address along to the IdP.
>>>
>>> Did I just miss support for this in the specs?
>>>
>>> Thanks,
>>> George
>>>
>>> --
>>> Chief Architect                   AIM:  gffletch
>>> Identity Services Engineering     Work: george.fletcher at teamaol.com
>>> AOL Inc.                          Home: gffletch at aol.com
>>> Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com
>>> Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch
>>>
>>>   _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>
>>
>>  --
>> *Pamela Dingle*  |  Sr. Technical Architect
>> *Ping**Identity*  |   www.pingidentity.com
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> - - -
>> *O:* 303-999-5890   *M:* 303-999-5890
>> *Email:* pdingle at pingidentity.com
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> - - -
>>   *Connect with Ping*
>> Twitter: @pingidentity
>> LinkedIn Group: Ping's Identity Cloud
>> Facebook.com/pingidentitypage
>>   *Connect with me*
>> Twitter: @pamelarosiedee
>>
>>   _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>   _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>
>
>  --
> ====================
> Ryo Ito
> Email : ritou.06 at gmail.com
> ====================
>
>
> _______________________________________________
> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
--Breno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120830/22df9179/attachment-0001.html>


More information about the Openid-specs-ab mailing list