[Openid-specs-ab] Lite Draft 8
John Bradley
ve7jtb at ve7jtb.com
Tue Aug 16 23:44:23 UTC 2011
Perhaps just not calling it out as opaque. We don't say that about the user-info access token, because it is assumed in OAuth.
I am leaning towards describing it as the access token for the Check Session endpoint.
I asked in another email if id_token is perhaps a bad name? Perhaps session?
John B.
On 2011-08-16, at 7:32 PM, Johnny Bufu wrote:
> To me it means that a lite client doesn't have to understand its contents, parse or extract data from it. Just store, compare or pass it along as required by the protocol.
>
> I still think that the term "opaque" should be targeted at one or more parties that handle the token, not at a document.
>
> Johnny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110816/00e55fb1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110816/00e55fb1/attachment.p7s>
More information about the Openid-specs-ab
mailing list