[Openid-specs-ab] Simplifying preferred_locales and max_age

Mike Jones Michael.Jones at microsoft.com
Fri Feb 1 18:15:54 UTC 2013


Currently "preferred_locales" and "max_age" are specified as occurring under the "userinfo" and "id_token" elements of the request object.  I would propose moving them up to being top-level elements of the request object, and possibly also allowing them to be used directly as request parameters.  My reasoning is that it makes no practical sense to use different locales for UserInfo claim values versus ID Token claim values.  Likewise, while "max_age" does apply logically to the ID Token, it would cause no confusion to have it apply to the whole request and it could be useful to allow specifying "max_age" as a query parameter.

One consequence of allowing "preferred_locales" to also be specified as a query parameter is that its syntax would change from a JSON array to a space-separated list of strings.

If we did this change, it would both simplify the parsing for the MTI Fallback Position described in my previous message (one would just ignore "userinfo" and "id_token" rather than ignoring the "claims" members of "userinfo" and "id_token") and would enable more important functionality to be used without using the request object, which I think would make many developers happy.

Thoughts?

                                                            -- Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130201/f5ac1414/attachment.html>


More information about the Openid-specs-ab mailing list