[Openid-specs-ab] A few queries about OpenID Connect
glenn at welcomer.me
Wed Jul 23 04:55:07 UTC 2014
Hopefully this is the right place to ask this, was directed here by Thomas
I have a couple of queries that weren't clear to me after reading through
the specs and I was wondering if someone here might be able to help me out.
* Can a single OpenID Provider (OP) manage separate contexts (eg. different
unrelated/loosely related websites)?
- This would imply to me yes: "OpenID Connect supports multiple Issuers
per Host and Port combination." ?
* Is it possible to externalise the userinfo endpoint from the OP core?
- This is probably an implementation detail more than a spec thing, but I
assume some of you would be familiar with the MITREid implementation.
* The spec makes reference to a 'Claim Provider', but doesn't really detail
what is required to be one. Is it possible/how would one go about
implementing a 3rd party claim provider, and how would you authorise to it
(would it have to be an RP, or is it possible to implement arbitrary auth
methods that it requires; eg to turn a non OpenID connect API into a Claim
* If a single OP has 2 unique identities (on seperate issuers) for user A,
(A1 & A2), is there a way to make an aggregated claim with details from
both, and how/where would you obtain/store the authorisations to do so? (or
would it be a better concept to implement a separate scope for each
'seperate endpoint' (eg. 2 businesses running on the same OP))
Hopefully those questions make sense (they're a little bit of a brain dump)
Thanks so much!
- Glenn / devalias
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab