Native application SSO Working Group

Nat Sakimura sakimura at gmail.com
Tue Jul 2 14:53:14 UTC 2013


I actually do see some utility in the access token in the format of ID
Token.
It can give appropriate audience restriction etc.


2013/7/2 Paul Madsen <paulmadsen at rogers.com>

>  Hi Torsten, the current model is that the Authorization Agent (AZA) may
> itself obtain an id_token and use it to obtain an access token, but that
> only access tokens would be 'handed over' by the AZA to its constituent
> native apps.
>
> Are you proposing that there may be value in allowing the AZA to also hand
> over id_tokens (suitably targeted) as well?
>
> paul
>
>  On 7/1/13 1:38 PM, Torsten Lodderstedt wrote:
>
> Hi John,
>
> I interpreted the text of the charter the other way around, so a client
> would be able to use an(y) id_token (as a credential) to obtain an access
> token. I'm fine if the mechanism is intended to support id_token issuance.
>
> regards,
> Torsten.
>
>  Am 01.07.2013 15:06, schrieb John Bradley:
>
> Hi Torsten,
>
>  In point 3 the charter talks about using id_tokens to get access tokens.
>
>  So it is imagined that the mechanism would issue id_tokens likely along
> the lines that Google is doing for the play store by having a 3rd party as
> an audience and using "azp" to indicate the client the token was issued to.
>   We don't want to be too specific on the solution in the charter.
>
>  If you think something needs to be added let me know.
>
>  John B.
>
>   On 2013-07-01, at 2:17 AM, Torsten Lodderstedt <torsten at lodderstedt.net>
> wrote:
>
> Hi,
>
> it would be great to have such a mechanism across platforms!
>
> I'm wondering whether the mechanism should issue id tokens as well. Right
> now it seems to focus on access tokens.
>
> Regards,
> Torsten.
>
>
>
> John Bradley <ve7jtb at ve7jtb.com> schrieb:
>>
>> The enclosed Work Group Charter is being sent to the Specs Council for review in anticipation of chartering the Group.
>>
>> It is best have this activity under the foundation IPR as soon as possible.
>>
>> Regards
>> John B.
>>
>>
>>
>>
>>  ------------------------------
>>
>> specs mailing listspecs at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs
>>
>>
>
>
>
> _______________________________________________
> specs mailing listspecs at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs
>
>
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
>


-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20130702/f9120033/attachment.html>


More information about the specs mailing list