[Openid-specs-ab] Connect Question: Variable "signed" in the response
Nat Sakimura
sakimura at gmail.com
Wed Jan 5 10:40:39 UTC 2011
Hi.
The current openidconnect.com page has a variable "signed" in the response.
It is a new variable which is not present in the current OAuth draft.
The "signed" includes access_token and user_id among other things. It
probably should be a JWT.
Should we continue to use "signed" or other variable name?
The reason why I am asking this are:
1. It looks a lot like a structured "code" or "access_token". Perhaps should
we call it "access_token" (or "code") instead?
2. If we are to introduce a new variable, "signed" seem to be a little too
generic. Is there a better name for it? (Perhaps "openid"?)
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110105/5a3b03ec/attachment.html>
More information about the Openid-specs-ab
mailing list