[Openid-specs-ab] Spec call notes 08-Aug-11
Johnny Bufu
jbufu at janrain.com
Wed Aug 10 17:51:57 UTC 2011
Why are two tokens needed (access_token and id_token)? I don't see in
the spec any reason that would prevent the use of just one token with
both introspection and userinfo endpoints.
Johnny
On 11-08-08 05:15 PM, Edmund Jay wrote:
>
> Spec call notes 08-Aug-11
>
> Pam Dingle
> John Bradley
> Nat Sakimura
> Johnny Bufu
> George Fletcher
> Edmund Jay
>
>
>
> John made some changes to the OpenID Lite spec
> * changed the Introspection endpoint from GET request to POST request
> due to the fact the
> the ID Token may be intercepted by referral URLs/Logs, and other methods.
> Breno said in chat with Nat that GET and JSONP may be needed
> John to contact Breno offline for further discussions
> * made other non-controversial changes from feedback
>
> John will work on first draft of OpenID 2.0 compatibility/migration
> spec. Maybe available tomorrow.
>
> Edmund will post first draft of OpendID Connect Messages spec to the
> mailing list.
>
>
> Discussion of JWT and long header names:
> * most preferred longer names
> * most feel that it's too late to make major changes to spec
> * longer or shorter names can be implemented by defining long constant
> values by developers vice versa
> * perhaps better documentation in specs for short names
>
> Pam has written a OpenID Connect landing page which will be posted to
> the list for feedback
>
> WG to setup new support mailing list not encumbered by IPR agreements
> for general and support questions and feedback.
>
>
>
>
>
> <http://openid.net/specs/openid-connect-framework-1_0.html>
>
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
More information about the Openid-specs-ab
mailing list