[Openid-specs-ab] Connect Question: Variable "signed" in the response
Nat Sakimura
sakimura at gmail.com
Fri Jan 7 07:50:03 UTC 2011
In fact, the difference between code and access_token seems to be as
follows:
code:
applicable endpoint: One Predefined Endpoint Only (token endpoint)
cardinality of the use: Only Once.
access_token:
applicable endpoint: Potentially Many Endpoints
cardinality of the use: Many.
So, "code" in fact is a restricted form of access_token.
=nat
On Thu, Jan 6, 2011 at 4:55 PM, hideki nara <hdknr at ic-tact.co.jp> wrote:
> access_token is enough.
> If the other token format than JWT can be allowed, we need some way
> to negotiate.
>
> "code" looks like an artifact. But if tokens are forced to be in
> self-describing forms, "code" seems to be ok.
> ---
> hdknr
>
> 2011/1/6 Breno de Medeiros <breno at google.com>:
> > +1
> > Everything about the response content should be signed. It just makes
> things
> > simpler to process.
> >
> > On Wed, Jan 5, 2011 at 02:40, Nat Sakimura <sakimura at gmail.com> wrote:
> >>
> >> Hi.
> >> The current openidconnect.com page has a variable "signed" in the
> >> response.
> >> It is a new variable which is not present in the current OAuth draft.
> >> The "signed" includes access_token and user_id among other things. It
> >> probably should be a JWT.
> >> Should we continue to use "signed" or other variable name?
> >> The reason why I am asking this are:
> >> 1. It looks a lot like a structured "code" or "access_token". Perhaps
> >> should we call it "access_token" (or "code") instead?
> >> 2. If we are to introduce a new variable, "signed" seem to be a little
> too
> >> generic. Is there a better name for it? (Perhaps "openid"?)
> >>
> >> --
> >> Nat Sakimura (=nat)
> >> http://www.sakimura.org/en/
> >> http://twitter.com/_nat_en
> >>
> >> _______________________________________________
> >> Openid-specs-ab mailing list
> >> Openid-specs-ab at lists.openid.net
> >> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> >>
> >
> >
> >
> > --
> > --Breno
> >
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
> >
> >
>
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110107/148a201f/attachment.html>
More information about the Openid-specs-ab
mailing list