[Openid-specs-native-apps] Minutes - April 16

Paul Madsen paul.madsen at gmail.com
Tue Apr 22 09:27:45 UTC 2014


Attending - Paul, John, Nat

Discussion

We reviewed the recent consent model thread

Consent models can be characterized by

1) where consent is collected - AS1 or AS2 (or TA?)
2) when consent is collected - initial authz or subsequent (for up-scoping)

Agreed that consent should be collected at the AS appropriate to a given 
RS, ie no federated consent

If consent is collected at AS2, the first AS1 can deliver the user's 
browser to the AS2 authz endpoint in an 'authenticated state'

The above mechanism would also enable SSO into web apps

Discussion of, once consent collected by AS2, best mechanism to deliver 
access token to TA

1) AS2 returns code, to be exchanged for AT
2) AS2 returns nothing, TA uses id_token obtained from AS1 to get AT 
from AS2

John will update spec to reflect

1) consent model
2) using id_token in JWT Assertion profile

Discussion about a NAPPS F2F at IIW

paul

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20140422/c17363ae/attachment.html>


More information about the Openid-specs-native-apps mailing list