[Openid-specs-ab] Updates to the UserInfo Endpoint spec

Nat Sakimura sakimura at gmail.com
Tue Jul 5 18:51:36 UTC 2011 

Yes! And I am going to bed for couple of hours of sleep today [?]

=nat

On Wed, Jul 6, 2011 at 3:45 AM, Mike Jones <Michael.Jones at microsoft.com>wrote:

>  John has promised us updated discovery and dynamic client registration
> specs by the 3:00 Pacific call today, so no worries. J****
>
> ** **
>
> *From:* openid-specs-ab-bounces at lists.openid.net [mailto:
> openid-specs-ab-bounces at lists.openid.net] *On Behalf Of *George Fletcher
> *Sent:* Tuesday, July 05, 2011 11:20 AM
> *To:* Justin Richer
>
> *Cc:* openid-specs-ab at lists.openid.net
> *Subject:* Re: [Openid-specs-ab] Updates to the UserInfo Endpoint spec****
>
>  ** **
>
> I'm fine not requiring a fixed path... however, with no convention,
> discovery becomes that much more critical. I don't see discovery being
> introduced for OAuth2 any time soon... which means we are stuck with coding
> config tables of provider and endpoints. Not my favorite solution:)
>
> Thanks,
> George
>
> On 7/5/11 9:10 AM, Justin Richer wrote: ****
>
> +1 for showing an example endpoint but not requiring a specific path, if****
>
> for no other reason that not everybody can control their directory root.****
>
> Frameworks of all kinds have base routing that they add to things (like****
>
> Elgg's /pg/ prefix), and just like OAuth2 I'd want this to work in such****
>
> an environment. It's not just existing frameworks, though: I've even****
>
> tried to get a normal XRD endpoint on our server, and it's mired in all****
>
> kinds of red tape around who gets to put things on the root www server. ****
>
> ** **
>
>  -- Justin****
>
> ** **
>
> On Sun, 2011-07-03 at 10:44 -0400, Nat Sakimura wrote:****
>
>  +1 ****
>
> ** **
>
> On Sun, Jul 3, 2011 at 11:52 AM, Mike Jones****
>
> <Michael.Jones at microsoft.com> <Michael.Jones at microsoft.com> wrote:****
>
>         OAuth doesn’t define any fixed paths.  I don’t think we should****
>
>         either, other than the discovery root(s).****
>
>         ****
>
>          ****
>
>         ****
>
>                                                                     --****
>
>         Mike****
>
>         ****
>
>          ****
>
>         ****
>
>         From: openid-specs-ab-bounces at lists.openid.net****
>
>         [mailto:openid-specs-ab-bounces at lists.openid.net <openid-specs-ab-bounces at lists.openid.net>] On Behalf Of****
>
>         Nat Sakimura****
>
>         Sent: Friday, July 01, 2011 11:06 PM****
>
>         To: George Fletcher****
>
>         Cc: openid-specs-ab at lists.openid.net****
>
>         Subject: Re: [Openid-specs-ab] Updates to the UserInfo****
>
>         Endpoint spec****
>
>         ****
>
>         ****
>
>          ****
>
>         ****
>
>         Does OAuth 2 define the fixed path? I was thinking /authorize****
>
>         was just an example...****
>
>         ****
>
>          ****
>
>         ****
>
>         ****
>
>         =nat****
>
>         ****
>
>         On Sat, Jul 2, 2011 at 9:21 AM, George Fletcher****
>
>         <gffletch at aol.com> <gffletch at aol.com> wrote:****
>
>         ****
>
>         Hi John,****
>
>         ****
>
>         I'm fine with the discovery spec defining the endpoints.. I****
>
>         was thinking specifically of something like /userinfo, like****
>
>         the OAuth2 spec defines /authorize and /token path portions of****
>
>         the endpoint. Do we want that part variable on an****
>
>         implementation by implementation basis?****
>
>         ****
>
>         Thanks,****
>
>         George****
>
>         ****
>
>         ****
>
>         On 7/1/11 6:39 PM, John Bradley wrote: ****
>
>         ****
>
>         I think it is better to leave the path to the IdP.   The****
>
>         discovery document for the IdP will list the endpoint URL. ****
>
>         ****
>
>          ****
>
>         ****
>
>         ****
>
>         I would not assume that the host is necessarily the same as****
>
>         the token or other endpoints.****
>
>         ****
>
>         ****
>
>          ****
>
>         ****
>
>         ****
>
>         John B.****
>
>         ****
>
>         On 2011-07-01, at 6:28 PM, George Fletcher wrote:****
>
>         ****
>
>         ****
>
>         ****
>
>         ****
>
>         Hi,****
>
>         ****
>
>         I updated the text regarding the UserInfo request to say that****
>
>         it is an OAuth2 protected resource supporting the Bearer Token****
>
>         spec. I also changed the SHOULD to a MUST in the response text****
>
>         requiring the JSON object to compile with the specified schema****
>
>         if the schema parameter requests "openid". Also did some clean****
>
>         ups in the referenced specs information.****
>
>         ****
>
>         One thing I just noticed is that we don't specify the path of****
>
>         the UserInfo endpoint. Do we want to do so?****
>
>         ****
>
>         Thanks,****
>
>         George ****
>
>         ****
>
>         ****
>
>         <openid-connect-userinfo-1_0.html>_______________________________________________****
>
>         Openid-specs-ab mailing list****
>
>         Openid-specs-ab at lists.openid.net****
>
>         http://lists.openid.net/mailman/listinfo/openid-specs-ab****
>
>         ****
>
>         ****
>
>          ****
>
>         ****
>
>         ****
>
>          ****
>
>         ****
>
>         ****
>
>         -- ****
>
>         Chief Architect                   AIM:  gffletch****
>
>         Identity Services Engineering     Work: george.fletcher at teamaol.com****
>
>         AOL Inc.                          Home: gffletch at aol.com****
>
>         Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com****
>
>         Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch****
>
>         ****
>
>         _______________________________________________****
>
>         Openid-specs-ab mailing list****
>
>         Openid-specs-ab at lists.openid.net****
>
>         http://lists.openid.net/mailman/listinfo/openid-specs-ab****
>
>         ****
>
>         ****
>
>         ****
>
>         ****
>
>         ****
>
>         -- ****
>
>         Nat Sakimura (=nat)****
>
>         http://www.sakimura.org/en/****
>
>         http://twitter.com/_nat_en****
>
>         ****
>
>         ****
>
> ** **
>
> ** **
>
> ** **
>
> -- ****
>
> Nat Sakimura (=nat)****
>
> http://www.sakimura.org/en/****
>
> http://twitter.com/_nat_en****
>
>  ** **
>
> ** **
>
> _______________________________________________****
>
> Openid-specs-ab mailing list****
>
> Openid-specs-ab at lists.openid.net****
>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab****
>
> ** **
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110706/917ad216/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: B60.gif
Type: image/gif
Size: 642 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110706/917ad216/attachment.gif>

More information about the Openid-specs-ab mailing list