[Openid-specs-igov] Assurance Profile for OAuth or OIDC

Phil Hunt phil.hunt at oracle.com
Thu Oct 5 18:34:50 UTC 2017


so…the intent is just to talk about OAuth correct?  That’s why I couldn’t recommend a change. 

Phil

Oracle Corporation, Identity Cloud Services Architect
@independentid
www.independentid.com <http://www.independentid.com/>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>
> On Oct 5, 2017, at 11:30 AM, Justin Richer <jricher at mit.edu> wrote:
> 
> The examples were pulled from a document that was originally focused on OIDC and run against an OIDC server. The scope of the document should not change — it’s an OAuth2 profile — but the examples can probably be cleaned up to be more specific. Feel free to submit edits to do just that!
> 
>  — Justin
> 
>> On Oct 4, 2017, at 6:27 PM, Phil Hunt via Openid-specs-igov <openid-specs-igov at lists.openid.net <mailto:openid-specs-igov at lists.openid.net>> wrote:
>> 
>> For the draft openid-igov-oauth2, I am finding it confusing because the examples are all OIDC based rather than OAuth2 as per the document title.  
>> 
>> For example, Section 2.1.1 talks about using the “state" parameter and then uses an OIDC example without a state parameter but with “nonce" instead.
>> 
>> Is the intent to cover OIDC and plain OAuth or both?  Or should the draft be entitled Profile for OIDC?
>> 
>> Perhaps some more explanatory text and/or examples for both types should be included?
>> 
>> Regards,
>> 
>> Phil
>> 
>> Oracle Corporation, Identity Cloud Services Architect
>> @independentid
>> www.independentid.com <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.independentid.com_&d=DwMFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=JBm5biRrKugCH0FkITSeGJxPEivzjWwlNKe4C_lLIGk&m=7M_NFWQgxbxmVkrRVPyPoqBayEvLaD3DwILv6NvrM4w&s=bPXSA0w766m_XqRuw0LPZ0pWw6JXGBmEHiJSNtKHcs4&e=>phil.hunt at oracle.com <mailto:phil.hunt at oracle.com>
>> _______________________________________________
>> Openid-specs-igov mailing list
>> Openid-specs-igov at lists.openid.net <mailto:Openid-specs-igov at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-igov
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-igov/attachments/20171005/6330819c/attachment.html>


More information about the Openid-specs-igov mailing list