[Openid-specs-ab] Submission: Native SSO for Mobile Apps (txt and xml)

Nat Sakimura sakimura at gmail.com
Sat Mar 9 15:43:25 UTC 2019


A little bit off topic, but I finally uploaded the file as
https://bitbucket.org/openid/connect/src/default/draft-oidf-connect-nativesso.xml
so that you guys can start filling the issues and firing up a
pull-requests.

Cheers,

Nat

On Sat, Mar 9, 2019 at 11:58 PM Torsten Lodderstedt via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> Hi George,
>
> I read your proposal and I (believe to) understand that the device secret
> is introduced as kind of a device identifier (+ some additional data)
> grouping tokens issued to different apps residing on the same device.
>
> A question popped up: Why do you use an id token and the token exchange to
> obtain fresh access tokens? Wouldn't it be sufficient to share the refresh
> token among those apps? Even if the refresh token is rotated, the legit
> apps are supposed to share some state on the device, so any of those apps
> could use the currently valid refresh token to perform the flow (again).
>
> best regards,
> Torsten.
>
>
> > Am 08.01.2019 um 00:22 schrieb George Fletcher via Openid-specs-ab <
> openid-specs-ab at lists.openid.net>:
> >
> > Per the working group call today, bumping to the top of the list.
> >
> >
> > -------- Forwarded Message --------
> > Return-Path:  <openid-specs-ab-bounces at lists.openid.net>
> > Received:     from silver.osuosl.org (
> mpq410.aol.prodcr.mail.ne1.yahoo.com [140.211.166.136]) (using TLSv1 with
> cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate
> requested) by mtaiw-mbd02.mx.aol.com (Internet Inbound) with ESMTPS id
> 15F89700000B2 for <gffletch at aol.com>; Fri, 22 Jun 2018 13:30:26 -0400
> (EDT)
> > X-Apparently-To:      gffletch at aol.com; Fri, 22 Jun 2018 17:30:25 +0000
> > Date:         Fri, 22 Jun 2018 13:30:08 -0400
> > User-Agent:   Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0)
> Gecko/20100101 Thunderbird/52.8.0
> > Subject:      [Openid-specs-ab] Submission: Native SSO for Mobile Apps
> (txt and xml)
> > From:         George Fletcher via Openid-specs-ab <
> openid-specs-ab at lists.openid.net>
> > Reply-To:     George Fletcher <gffletch at aol.com>
> > Sender:       "Openid-specs-ab" <
> openid-specs-ab-bounces at lists.openid.net>
> >
> >
> >
> > Per the notes from Thursday's OpenID Connect working group call, here
> are text and xml formatted version of the Native SSO for Mobile apps spec.
> >
> > Please note, the core text is here but this is no where near final. Note
> that the text for additions for dynamic client registration and other IANA
> registrations are text from the "front channel logout" spec. I left the
> sections there as they will likely be needed.
> >
> > The purpose here is to get the core text in the proper format.
> >
> > Thanks,
> > George
> >
> >
> >
> > --
> > Identity Standards Architect
> > Verizon Media                     Work: george.fletcher at oath.com
> > Mobile: +1-703-462-3494           Twitter: http://twitter.com/gffletch
> > Office: +1-703-265-2544           Photos:
> http://georgefletcher.photography
> >
> >
> <openid-connect-native-sso-1_0.txt><openid-connect-native-sso-1_0.xml><Attached
> Message Part.txt>_______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190310/48e10839/attachment.html>


More information about the Openid-specs-ab mailing list