[Openid-specs-ab] LoginId hint

John Bradley ve7jtb at ve7jtb.com
Fri Aug 31 17:27:36 UTC 2012


+1

On 2012-08-31, at 12:36 PM, George Fletcher <gffletch at aol.com> wrote:

> +1
> 
> On 8/30/12 8:39 PM, Breno de Medeiros wrote:
>> +1
>> 
>> On Aug 30, 2012 4:54 PM, "Nat Sakimura" <sakimura at gmail.com> wrote:
>> I think we had similar discussion before and the result then was to signify that it is a hint through the parameter name. I support login_hint. 
>> 
>> =nat via iPhone
>> 
>> On Aug 31, 2012, at 7:50 AM, Pam Dingle <pdingle at pingidentity.com> wrote:
>> 
>>> I am worried that the name of "login_id" might be misinterpreted to be authoritative rather than tentative.
>>> 
>>> Could we change the parameter name to strongly indicate that this is just a suggestion rather than an instruction?  Something like suggested_user or login_hint or chosen_id?
>>> 
>>> Cheers,
>>> 
>>> Pamela
>>> 
>>> On Thu, Aug 30, 2012 at 11:01 AM, Breno de Medeiros <breno at google.com> wrote:
>>> 
>>> 
>>> 
>>> On Thu, Aug 30, 2012 at 11:00 AM, Richer, Justin P. <jricher at mitre.org> wrote:
>>> As far as the spec is concerned, that's up to the IdP. A "Smart" IdP might prompt the user with something like:
>>> 
>>> "You are logging in to site X who thinks you're Bob, but you're logged in as Alice. Click here to log in as Bob instead."
>>> 
>>> Well, it might be useful to give RPs some expectations. For instance, RPs should be expecting the case where they supply a login_id but receive a session authenticated to a different user.
>>>  
>>> 
>>>  -- Justin
>>> 
>>> On Aug 30, 2012, at 1:52 PM, Breno de Medeiros wrote:
>>> 
>>>> Consider the case where partners share a computer, or a user has a personal account and a professional account with the same IDP. If the currently logged-in user is different from the suggested user via login_id, what are the expectations?
>>>> 
>>>> 
>>>> On Thu, Aug 30, 2012 at 7:55 AM, Justin Richer <jricher at mitre.org> wrote:
>>>> Ryo,
>>>> 
>>>> We talked about this on the call this morning. Right now, we're saying that it's RECOMMENDED that they have the same value, but it's not required. Since there are currently two discovery setups (SWD and Webfinger/XRD) that use different parameter names, it might be a moot point to try and match those.
>>>> 
>>>>  -- Justin
>>>> 
>>>> 
>>>> On 08/30/2012 01:28 AM, Ryo Ito wrote:
>>>>> Do the principal parameter at discovery request and login_id parameter have same value?
>>>>> If it is Yes, the unification of the parameter name or reference will help developers.
>>>>> 
>>>>> Thanks,
>>>>> Ryo
>>>>> 
>>>>> 2012/8/30 George Fletcher <gffletch at aol.com>
>>>>> How about adding the following to section 2.1.2 of Messages... after the id_token parameter
>>>>> 
>>>>> login_id
>>>>>     OPTIONAL. A hint to the authorization service as to the login_id the user may use to authenticate (if necessary). This hint can be used by an RP if it first asks the user for their email address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service.
>>>>> 
>>>>> Thanks,
>>>>> George
>>>>> 
>>>>> On 8/29/12 2:00 PM, Nat Sakimura wrote:
>>>>>> Hey, now I am getting the support! 
>>>>>> 
>>>>>> Could one of you provide the actual text proposal for it? 
>>>>>> 
>>>>>> =nat via iPhone
>>>>>> 
>>>>>> On Aug 30, 2012, at 1:40 AM, Chuck Mortimore <cmortimore at salesforce.com> wrote:
>>>>>> 
>>>>>>> +1 
>>>>>>> 
>>>>>>> - cmort
>>>>>>> 
>>>>>>> On Aug 29, 2012, at 9:26 AM, "Pam Dingle" <pdingle at pingidentity.com> wrote:
>>>>>>> 
>>>>>>>> +1 from me too - need this for account chooser, among other things.
>>>>>>>> 
>>>>>>>> On Wed, Aug 29, 2012 at 8:39 AM, Richer, Justin P. <jricher at mitre.org> wrote:
>>>>>>>> +1, I've asked for this feature too.
>>>>>>>> 
>>>>>>>>  -- Justin
>>>>>>>> 
>>>>>>>> On Aug 29, 2012, at 11:27 AM, George Fletcher wrote:
>>>>>>>> 
>>>>>>>>> Hi,
>>>>>>>>> 
>>>>>>>>> We've run into a case where it would be nice to be able to pass into the /authorize endpoint a value to pre-fill the loginid field on the authentication UI. We allow for an id_token to be passed as a hint of the desired user, but this only works for an "already authenticated" use case.
>>>>>>>>> 
>>>>>>>>> If we consider the Account Chooser case where what is stored is the user's email address, it would be nice to be able to start the identity federation flow passing that email address along to the IdP. 
>>>>>>>>> 
>>>>>>>>> Did I just miss support for this in the specs?
>>>>>>>>> 
>>>>>>>>> Thanks,
>>>>>>>>> George
>>>>>>>>>  -- 
>>>>>>>>> Chief Architect                   AIM:  gffletch
>>>>>>>>> Identity Services Engineering     Work: george.fletcher at teamaol.com
>>>>>>>>> AOL Inc.                          Home: gffletch at aol.com
>>>>>>>>> Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com
>>>>>>>>> Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch
>>>>>>>>> _______________________________________________
>>>>>>>>> Openid-specs-ab mailing list
>>>>>>>>> Openid-specs-ab at lists.openid.net
>>>>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>>>> 
>>>>>>>> 
>>>>>>>> _______________________________________________
>>>>>>>> Openid-specs-ab mailing list
>>>>>>>> Openid-specs-ab at lists.openid.net
>>>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> 
>>>>>>>> -- 
>>>>>>>> Pamela Dingle  |  Sr. Technical Architect
>>>>>>>> PingIdentity  |   www.pingidentity.com
>>>>>>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>>>>>> O: 303-999-5890   M: 303-999-5890
>>>>>>>> Email: pdingle at pingidentity.com
>>>>>>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>>>>>>> Connect with Ping
>>>>>>>> Twitter: @pingidentity
>>>>>>>> LinkedIn Group: Ping's Identity Cloud    
>>>>>>>> Facebook.com/pingidentitypage	
>>>>>>>> Connect with me
>>>>>>>> Twitter: @pamelarosiedee
>>>>>>>> 
>>>>>>>> _______________________________________________
>>>>>>>> Openid-specs-ab mailing list
>>>>>>>> Openid-specs-ab at lists.openid.net
>>>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>>> _______________________________________________
>>>>>>> Openid-specs-ab mailing list
>>>>>>> Openid-specs-ab at lists.openid.net
>>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________
>>>>>> Openid-specs-ab mailing list
>>>>>> Openid-specs-ab at lists.openid.net
>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Openid-specs-ab mailing list
>>>>> Openid-specs-ab at lists.openid.net
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> -- 
>>>>> ====================
>>>>> Ryo Ito
>>>>> Email : ritou.06 at gmail.com
>>>>> ====================
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> Openid-specs-ab mailing list
>>>>> Openid-specs-ab at lists.openid.net
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>> 
>>>> 
>>>> _______________________________________________
>>>> Openid-specs-ab mailing list
>>>> Openid-specs-ab at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>> 
>>>> 
>>>> 
>>>> 
>>>> -- 
>>>> --Breno
>>>> 
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> --Breno
>>> 
>>> 
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>> 
>>> 
>>> 
>>> 
>>> -- 
>>> Pamela Dingle  |  Sr. Technical Architect
>>> PingIdentity  |   www.pingidentity.com
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> O: 303-999-5890   M: 303-999-5890
>>> Email: pdingle at pingidentity.com
>>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>>> Connect with Ping
>>> Twitter: @pingidentity
>>> LinkedIn Group: Ping's Identity Cloud    
>>> Facebook.com/pingidentitypage	
>>> Connect with me
>>> Twitter: @pamelarosiedee
>>> 
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>> 
>> 
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> 
> -- 
> Chief Architect                   AIM:  gffletch
> Identity Services Engineering     Work: george.fletcher at teamaol.com
> AOL Inc.                          Home: gffletch at aol.com
> Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com
> Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120831/fe4ef95b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4937 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120831/fe4ef95b/attachment-0001.p7s>


More information about the Openid-specs-ab mailing list