[Openid-specs-ab] LoginId hint

Breno de Medeiros breno at google.com
Fri Aug 31 00:39:17 UTC 2012


+1
On Aug 30, 2012 4:54 PM, "Nat Sakimura" <sakimura at gmail.com> wrote:

> I think we had similar discussion before and the result then was to
> signify that it is a hint through the parameter name. I support login_hint.
>
> =nat via iPhone
>
> On Aug 31, 2012, at 7:50 AM, Pam Dingle <pdingle at pingidentity.com> wrote:
>
> I am worried that the name of "login_id" might be misinterpreted to be
> authoritative rather than tentative.
>
> Could we change the parameter name to strongly indicate that this is just
> a suggestion rather than an instruction?  Something like suggested_user or
> login_hint or chosen_id?
>
> Cheers,
>
> Pamela
>
> On Thu, Aug 30, 2012 at 11:01 AM, Breno de Medeiros <breno at google.com>wrote:
>
>>
>>
>>
>> On Thu, Aug 30, 2012 at 11:00 AM, Richer, Justin P. <jricher at mitre.org>wrote:
>>
>>>  As far as the spec is concerned, that's up to the IdP. A "Smart" IdP
>>> might prompt the user with something like:
>>>
>>>  "You are logging in to site X who thinks you're Bob, but you're logged
>>> in as Alice. Click here to log in as Bob instead."
>>>
>>
>> Well, it might be useful to give RPs some expectations. For instance, RPs
>> should be expecting the case where they supply a login_id but receive a
>> session authenticated to a different user.
>>
>>
>>>
>>>   -- Justin
>>>
>>>  On Aug 30, 2012, at 1:52 PM, Breno de Medeiros wrote:
>>>
>>> Consider the case where partners share a computer, or a user has a
>>> personal account and a professional account with the same IDP. If the
>>> currently logged-in user is different from the suggested user via login_id,
>>> what are the expectations?
>>>
>>>
>>> On Thu, Aug 30, 2012 at 7:55 AM, Justin Richer <jricher at mitre.org>wrote:
>>>
>>>>  Ryo,
>>>>
>>>> We talked about this on the call this morning. Right now, we're saying
>>>> that it's RECOMMENDED that they have the same value, but it's not required.
>>>> Since there are currently two discovery setups (SWD and Webfinger/XRD) that
>>>> use different parameter names, it might be a moot point to try and match
>>>> those.
>>>>
>>>>  -- Justin
>>>>
>>>>
>>>> On 08/30/2012 01:28 AM, Ryo Ito wrote:
>>>>
>>>> Do the principal parameter at discovery request and login_id parameter
>>>> have same value?
>>>> If it is Yes, the unification of the parameter name or reference will
>>>> help developers.
>>>>
>>>>  Thanks,
>>>> Ryo
>>>>
>>>> 2012/8/30 George Fletcher <gffletch at aol.com>
>>>>
>>>>> How about adding the following to section 2.1.2 of Messages... after
>>>>> the id_token parameter
>>>>>
>>>>> login_id
>>>>>     OPTIONAL. A hint to the authorization service as to the login_id
>>>>> the user may use to authenticate (if necessary). This hint can be used by
>>>>> an RP if it first asks the user for their email address (or other
>>>>> identifier) and then wants to pass that value as a hint to the discovered
>>>>> authorization service.
>>>>>
>>>>> Thanks,
>>>>> George
>>>>>
>>>>>   On 8/29/12 2:00 PM, Nat Sakimura wrote:
>>>>>
>>>>> Hey, now I am getting the support!
>>>>>
>>>>>  Could one of you provide the actual text proposal for it?
>>>>>
>>>>> =nat via iPhone
>>>>>
>>>>> On Aug 30, 2012, at 1:40 AM, Chuck Mortimore <
>>>>> cmortimore at salesforce.com> wrote:
>>>>>
>>>>>   +1
>>>>>
>>>>> - cmort
>>>>>
>>>>> On Aug 29, 2012, at 9:26 AM, "Pam Dingle" <pdingle at pingidentity.com>
>>>>> wrote:
>>>>>
>>>>>  +1 from me too - need this for account chooser, among other things.
>>>>>
>>>>> On Wed, Aug 29, 2012 at 8:39 AM, Richer, Justin P. <jricher at mitre.org>wrote:
>>>>>
>>>>>> +1, I've asked for this feature too.
>>>>>>
>>>>>>   -- Justin
>>>>>>
>>>>>>   On Aug 29, 2012, at 11:27 AM, George Fletcher wrote:
>>>>>>
>>>>>>    Hi,
>>>>>>
>>>>>> We've run into a case where it would be nice to be able to pass into
>>>>>> the /authorize endpoint a value to pre-fill the loginid field on the
>>>>>> authentication UI. We allow for an id_token to be passed as a hint of the
>>>>>> desired user, but this only works for an "already authenticated" use case.
>>>>>>
>>>>>> If we consider the Account Chooser case where what is stored is the
>>>>>> user's email address, it would be nice to be able to start the identity
>>>>>> federation flow passing that email address along to the IdP.
>>>>>>
>>>>>> Did I just miss support for this in the specs?
>>>>>>
>>>>>> Thanks,
>>>>>> George
>>>>>>
>>>>>> --
>>>>>> Chief Architect                   AIM:  gffletch
>>>>>> Identity Services Engineering     Work: george.fletcher at teamaol.com
>>>>>> AOL Inc.                          Home: gffletch at aol.com
>>>>>> Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com
>>>>>> Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch
>>>>>>
>>>>>>   _______________________________________________
>>>>>> Openid-specs-ab mailing list
>>>>>> Openid-specs-ab at lists.openid.net
>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Openid-specs-ab mailing list
>>>>>> Openid-specs-ab at lists.openid.net
>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>  --
>>>>> *Pamela Dingle*  |  Sr. Technical Architect
>>>>> *Ping**Identity*  |   www.pingidentity.com
>>>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>>> - - - - -
>>>>> *O:* 303-999-5890   *M:* 303-999-5890
>>>>> *Email:* pdingle at pingidentity.com
>>>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>>> - - - - -
>>>>>   *Connect with Ping*
>>>>> Twitter: @pingidentity
>>>>> LinkedIn Group: Ping's Identity Cloud
>>>>> Facebook.com/pingidentitypage
>>>>>  *Connect with me*
>>>>> Twitter: @pamelarosiedee
>>>>>
>>>>>   _______________________________________________
>>>>> Openid-specs-ab mailing list
>>>>> Openid-specs-ab at lists.openid.net
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>
>>>>>   _______________________________________________
>>>>> Openid-specs-ab mailing list
>>>>> Openid-specs-ab at lists.openid.net
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Openid-specs-ab mailing list
>>>>> Openid-specs-ab at lists.openid.net
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>
>>>>>
>>>>
>>>>
>>>>  --
>>>> ====================
>>>> Ryo Ito
>>>> Email : ritou.06 at gmail.com
>>>> ====================
>>>>
>>>>
>>>> _______________________________________________
>>>> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Openid-specs-ab mailing list
>>>> Openid-specs-ab at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>
>>>>
>>>
>>>
>>>  --
>>> --Breno
>>>
>>>
>>>
>>
>>
>> --
>> --Breno
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>
>
> --
> *Pamela Dingle*  |  Sr. Technical Architect
> *Ping**Identity*  |   www.pingidentity.com
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - -
> *O:* 303-999-5890   *M:* 303-999-5890
> *Email:* pdingle at pingidentity.com
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - -
> *Connect with Ping*
> Twitter: @pingidentity
> LinkedIn Group: Ping's Identity Cloud
> Facebook.com/pingidentitypage
> *Connect with me*
> Twitter: @pamelarosiedee
>
>  _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120830/56da6b40/attachment-0001.html>


More information about the Openid-specs-ab mailing list