[Openid-specs-ab] Connect Question: Variable "signed" in the response
Breno de Medeiros
breno at google.com
Wed Jan 5 18:15:37 UTC 2011
+1
Everything about the response content should be signed. It just makes things
simpler to process.
On Wed, Jan 5, 2011 at 02:40, Nat Sakimura <sakimura at gmail.com> wrote:
> Hi.
>
> The current openidconnect.com page has a variable "signed" in the
> response.
> It is a new variable which is not present in the current OAuth draft.
> The "signed" includes access_token and user_id among other things. It
> probably should be a JWT.
>
> Should we continue to use "signed" or other variable name?
>
> The reason why I am asking this are:
>
> 1. It looks a lot like a structured "code" or "access_token". Perhaps
> should we call it "access_token" (or "code") instead?
> 2. If we are to introduce a new variable, "signed" seem to be a little too
> generic. Is there a better name for it? (Perhaps "openid"?)
>
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
--
--Breno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110105/00cd1714/attachment.html>
More information about the Openid-specs-ab
mailing list