[Openid-specs-ab] Spec call notes 08-Aug-11
Breno de Medeiros
breno at google.com
Wed Aug 10 18:01:45 UTC 2011
On Wed, Aug 10, 2011 at 11:00, Johnny Bufu <jbufu at janrain.com> wrote:
>
> On 11-08-10 10:55 AM, Breno de Medeiros wrote:
>>
>> On Wed, Aug 10, 2011 at 10:51, Johnny Bufu<jbufu at janrain.com> wrote:
>>>
>>> Why are two tokens needed (access_token and id_token)? I don't see in the
>>> spec any reason that would prevent the use of just one token with both
>>> introspection and userinfo endpoints.
>>
>> id_token is a transparent token that enables static validation and
>> therefore avoids the RPCs altogether.
>
> Both the Lite and Messages specs define it as opaque, not transparent.
The Lite spec doesn't deal with advanced optimizations. The Messages
spec should have specified this.
>
> Johnny
>
--
--Breno
More information about the Openid-specs-ab
mailing list