<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">The text does not say that ID Token is
a part of the request. <br>
It is talking about the expected result / aim. <br>
<br>
(2013/11/05 11:34), Mike Jones wrote:<br>
</div>
<blockquote
cite="mid:4E1F6AAD24975D4BA5B168042967394377E3C987@TK5EX14MBXC288.redmond.corp.microsoft.com"
type="cite">
<meta http-equiv="Context-Type" content="text/html;
charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered
medium)">
<div class="WordSection1">
<p class="MsoNormal"><span>The ID Token part is not part of the
Authentication Request. It’s contained in a response which
is either an Authorization Response or Token Response,
depending upon the flow used. Therefore, I didn’t say
anything about the ID Token in the Authentication Request
definition.</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>We’re now talking about the ID Token
in lots of introductory text, so I don’t think not saying
anything about it in this definition a problem.</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><span>
-- Mike</span></p>
<p class="MsoNormal"><span> </span></p>
<p class="MsoNormal"><b><span>From:</span></b><span> Nat
Sakimura [<a class="moz-txt-link-freetext" href="mailto:sakimura@gmail.com">mailto:sakimura@gmail.com</a>]
<br>
<b>Sent:</b> Tuesday, November 05, 2013 1:36 AM<br>
<b>To:</b> Mike Jones<br>
<b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
<b>Subject:</b> Re: [Openid-specs-ab] Issue #898: New Core -
1.2 Terminology - Authentication Request, Authorization
Request (openid/connect)</span></p>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">What about:</p>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><span>**Authentication Request**<br>
Authorization Request used to obtain the result of
authentication performed by the server as ID Token
through the use of OpenID Connect extension parameters
and profiled scopes</span></p>
</div>
<div>
<p class="MsoNormal"> </p>
</div>
<div>
<p class="MsoNormal"><span>What is important about it is
that the authentication is performed at the server and
the result is transferred from the server to the client
through ID Token. </span></p>
</div>
</div>
<div>
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal">2013/11/5 Mike Jones <<a
moz-do-not-send="true"
href="mailto:Michael.Jones@microsoft.com"
target="_blank">Michael.Jones@microsoft.com</a>></p>
<p class="MsoNormal">I'm fine with adding the "Authorization
Request" definition. As for the Authentication Request
definition, I have some quibbles with Nat's proposed
language, because I find it to be less clear and somewhat
circular. Saying "to obtain the Authentication Result"
doesn't add anything, and in fact, would just cause us to
have to define "Authentication Result" as well.<br>
<br>
How about something closer to this?<br>
<br>
**Authentication Request**<br>
An OAuth 2.0 Authorization Request using extension
parameters and scopes defined by OpenID Connect to request
that the End-User be authenticated by the Authorization
Server, which is an OpenID Connect Provider.<br>
<span><br>
<span class="hoenzb"> --
Mike</span></span></p>
<div>
<div>
<p class="MsoNormal"><br>
-----Original Message-----<br>
From: <a moz-do-not-send="true"
href="mailto:openid-specs-ab-bounces@lists.openid.net">openid-specs-ab-bounces@lists.openid.net</a>
[mailto:<a moz-do-not-send="true"
href="mailto:openid-specs-ab-bounces@lists.openid.net">openid-specs-ab-bounces@lists.openid.net</a>]
On Behalf Of Nat Sakimura<br>
Sent: Monday, November 04, 2013 11:13 PM<br>
To: <a moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net">openid-specs-ab@lists.openid.net</a><br>
Subject: [Openid-specs-ab] Issue #898: New Core - 1.2
Terminology - Authentication Request, Authorization
Request (openid/connect)<br>
<br>
New issue 898: New Core - 1.2 Terminology -
Authentication Request, Authorization Request
<a moz-do-not-send="true"
href="https://bitbucket.org/openid/connect/issue/898/new-core-12-terminology-authentication"
target="_blank">
https://bitbucket.org/openid/connect/issue/898/new-core-12-terminology-authentication</a><br>
<br>
Nat Sakimura:<br>
<br>
Capturing Breno's request on Nov. 4 that says: "I
think we should have an explicit entry to
Authorization Request that says: "An OAuth2
Authorization Request as defined in RFC 6749"<br>
And then "Authentication Request" --> With a
language more similar to the one proposed by Nat in
this thread."<br>
<br>
**Currently**:<br>
<br>
**Authentication Request**<br>
An OAuth 2.0 Authorization Request that requests that
the End-User be authenticated by the Authorization
Server.<br>
<br>
**Proposed**:<br>
<br>
**Authentication Request**<br>
Authorization Request used to obtain the
Authentication Result through the use of OpenID
Connect extension parameters and profiled scopes<br>
<br>
**Authorization Request**<br>
OAuth 2 authorization request as defined in RFC 6749<br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a></p>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<div>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal">-- <br>
Nat Sakimura (=nat)</p>
<div>
<p class="MsoNormal">Chairman, OpenID Foundation<br>
<a moz-do-not-send="true" href="http://nat.sakimura.org/"
target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en</p>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Nat Sakimura (<a class="moz-txt-link-abbreviated" href="mailto:n-sakimura@nri.co.jp">n-sakimura@nri.co.jp</a>)
Nomura Research Institute, Ltd.
<a class="moz-txt-link-freetext" href="Tel:+81-3-6274-1412">Tel:+81-3-6274-1412</a> Fax:+81-3-6274-1547
本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ござӓ
6;|
14;せんが、送信者までお知らせいただき、受信されたメールを削除していただきますようお願い致します。
PLEASE READ:
The information contained in this e-mail is confidential and intended for the named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.
</pre>
</body>
</html>