[Openid-specs-ab] Spec call notes 27-Sep-12

Axel.Nennker at telekom.de Axel.Nennker at telekom.de
Sat Sep 29 17:15:48 UTC 2012

I started to integrate this in a mobile wallet implementation but need an RP that uses the openid-scheme

Does somebody on this list operate such an RP?



Diagram from Nat's presentation:

[cid:image003.png at 01CD9E76.D53BAD80]

-----Original Message-----
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Roland Hedberg
Sent: Saturday, September 29, 2012 6:32 PM
To: openid-specs-ab at lists.openid.net Group
Subject: Re: [Openid-specs-ab] Spec call notes 27-Sep-12

27 sep 2012 kl. 11:31 skrev Roland Hedberg <roland.hedberg at adm.umu.se>:


> 27 sep 2012 kl. 17:15 skrev Mike Jones <Michael.Jones at microsoft.com>:


>>               Mike would like to see a mobile phone application being tested

>>                              Nat will try to find someone to work on this

>>                              Roland said that you have to catch and handle the redirect

>>                              Roland said that you have to manage cookies as well

>>                                             There may be different cookies between the OP and RP versus the OP and the browser

>>                                             Nat and George said that it would be better to not use cookies in this case and just use the ID Token


> Just to be clear this is not a choice the mobile phone app makes, it's a decision made by the OP implementor.

Oh, and by the way the problem with a client in a non-web application environment is not the handling of redirects and/or cookies.

It is the authentication of the user.

The same problem applies to SAML ECP where the present solution seems to be HTTP basic auth with the users uid/password or personal certificate.

-- Roland


Roland Hedberg

IT Architect/Senior Researcher

ICT Services and System Development (ITS)

Umeå University

SE-901 87 Umeå, Sweden

Phone +46 90 786 68 44

Mobile +46 70 696 68 44



Openid-specs-ab mailing list

Openid-specs-ab at lists.openid.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120929/afee2459/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 99874 bytes
Desc: image003.png
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120929/afee2459/attachment-0001.png>

More information about the Openid-specs-ab mailing list