[Openid-specs-native-apps] Minutes - April 16
Paul Madsen
paul.madsen at gmail.com
Tue Apr 22 09:27:45 UTC 2014
Attending - Paul, John, Nat
Discussion
We reviewed the recent consent model thread
Consent models can be characterized by
1) where consent is collected - AS1 or AS2 (or TA?)
2) when consent is collected - initial authz or subsequent (for up-scoping)
Agreed that consent should be collected at the AS appropriate to a given
RS, ie no federated consent
If consent is collected at AS2, the first AS1 can deliver the user's
browser to the AS2 authz endpoint in an 'authenticated state'
The above mechanism would also enable SSO into web apps
Discussion of, once consent collected by AS2, best mechanism to deliver
access token to TA
1) AS2 returns code, to be exchanged for AT
2) AS2 returns nothing, TA uses id_token obtained from AS1 to get AT
from AS2
John will update spec to reflect
1) consent model
2) using id_token in JWT Assertion profile
Discussion about a NAPPS F2F at IIW
paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140422/c17363ae/attachment.html>
More information about the Openid-specs-native-apps
mailing list