[Openid-specs-ab] Spec call notes 08-Aug-11
Johnny Bufu
jbufu at janrain.com
Wed Aug 10 18:08:24 UTC 2011
On 11-08-10 11:01 AM, Breno de Medeiros wrote:
> On Wed, Aug 10, 2011 at 11:00, Johnny Bufu<jbufu at janrain.com> wrote:
>>
>> On 11-08-10 10:55 AM, Breno de Medeiros wrote:
>>>
>>> On Wed, Aug 10, 2011 at 10:51, Johnny Bufu<jbufu at janrain.com> wrote:
>>>>
>>>> Why are two tokens needed (access_token and id_token)? I don't see in the
>>>> spec any reason that would prevent the use of just one token with both
>>>> introspection and userinfo endpoints.
>>>
>>> id_token is a transparent token that enables static validation and
>>> therefore avoids the RPCs altogether.
>>
>> Both the Lite and Messages specs define it as opaque, not transparent.
>
> The Lite spec doesn't deal with advanced optimizations. The Messages
> spec should have specified this.
The definition and usage of the ID token and introspection endpoint
appears in both documents, with nearly identical texts.
Are the advanced optimizations that you mention totally missing from the
Messages spec?
Johnny
More information about the Openid-specs-ab
mailing list