[Openid-specs-ab] Simplifying preferred_locales and max_age

Justin Richer jricher at mitre.org
Fri Feb 1 18:21:34 UTC 2013

While I'm hesitant to add more specialized parameters to the auth 
endpoint, I can see the logic here. Thus, at first instinct, I could 
take it or leave it.

  -- Justin

On 02/01/2013 01:15 PM, Mike Jones wrote:
> Currently "preferred_locales" and "max_age" are specified as occurring 
> under the "userinfo" and "id_token" elements of the request object.  I 
> would propose moving them up to being top-level elements of the 
> request object, and possibly also allowing them to be used directly as 
> request parameters.  My reasoning is that it makes no practical sense 
> to use different locales for UserInfo claim values versus ID Token 
> claim values.  Likewise, while "max_age" does apply logically to the 
> ID Token, it would cause no confusion to have it apply to the whole 
> request and it could be useful to allow specifying "max_age" as a 
> query parameter.
> One consequence of allowing "preferred_locales" to also be specified 
> as a query parameter is that its syntax would change from a JSON array 
> to a space-separated list of strings.
> If we did this change, it would both simplify the parsing for the MTI 
> Fallback Position described in my previous message (one would just 
> ignore "userinfo" and "id_token" rather than ignoring the "claims" 
> members of "userinfo" and "id_token") and would enable more important 
> functionality to be used without using the request object, which I 
> think would make many developers happy.
> Thoughts?
> -- Mike
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130201/37bea9d0/attachment.html>

More information about the Openid-specs-ab mailing list