[Openid-specs-ab] [board-private] OpenID Connect Launch Commencement
Nat Sakimura
sakimura at gmail.com
Mon Jul 18 08:16:19 UTC 2011
So =ritou / @ritou / Ryo Ito has implemented a sample OpenID Connect RP for
the Google.
http://www8322u.sakura.ne.jp/oidconnect/
Thanks Ryo!
=nat via iPhone
On 2011/07/17, at 16:24, Eric Sachs <esachs at google.com> wrote:
Short answer is this is the most we could get working and documented before
tomorrow :-)
But as I mentioned, we don't plan to formally "launch" this feature set
because there are still many things to do, including the items you noted.
On Sun, Jul 17, 2011 at 11:47 AM, David Recordon <recordond at gmail.com>wrote:
> Hey Eric, a few questions.
>
> On http://oauthssodemo.appspot.com/step/1 it seems like the scopes are
> custom Google URLs for userinfo.email and userinfo.profile. Shouldn't
> we have a common set of scopes for the core profile data given how
> much of an issue it's been so far with providers all offerring
> different amounts of data? Also thought that "openid" was one of the
> required scopes?
>
> Shouldn't the backend request of
> http://oauthssodemo.appspot.com/step/2 be over SSL? Right now it looks
> like the user's browser is sending the access token down to the server
> in the clear. Or this is the code and token flow being discussed on
> the OAuth list where the browser passes a code down to the server in
> the clear versus the access token since the code requires the app
> secret in order for it to be turned into an access token.
>
> Why is a backend request to the server required to validate the access
> token and determine who the user is in step 3? Step 4 is then a second
> backend request to the userinfo API. Given the example code I'm
> effectively making three requests from when the JS gets the token to
> when I have enough data to log the user in. :-\
>
> Thanks,
> --David
>
>
> On Sun, Jul 17, 2011 at 8:58 AM, Eric Sachs <esachs at google.com> wrote:
> >>> Contacting friendly developers to begin implementations and feedback
> >>> based upon their implementation work
> > Google's OpenIDConnect endpoint is now live in production, and we have a
> > sample RP that shows the code required to use it at:
> >
> > http://oauthssodemo.appspot.com/step/1
> >
> > We have sent the config details for our endpoint to a few
> developers/vendors
> > to let them start integrating with it, though we are not trying to
> formally
> > announce it's availability at this time.
> > We will show it at the workshops Google is running Monday & Tuesday
> > afternoon. The presenters at the Tuesday OIDF summit can use it as well
> if
> > it helps.
> >
> > On Thu, Jul 7, 2011 at 11:11 PM, Mike Jones <Michael.Jones at microsoft.com
> >
> > wrote:
> >>
> >> At this point we are ready to begin the OpenID Connect launch. Don,
> >> should we have a planning call among the launch owners in the next few
> days
> >> to plan the rollout steps?
> >>
> >>
> >>
> >> Steps we’re already taking:
> >>
> >> · Contacting friendly developers to begin implementations and
> >> feedback based upon their implementation work
> >>
> >> · Write a one-page overview of the OpenID Connect specs. (Pamela
> >> Dingle has volunteered to write this by tomorrow/Friday.)
> >>
> >> Steps we should take soon:
> >>
> >> · Add links to Connect specs from
> >> http://openid.net/developers/specs/. (Mike to investigate.)
> >>
> >> · Update content on openidconnect.com to refer to the actual
> OpenID
> >> Connect specs, archiving the previous proposal. (John Bradley already
> owns
> >> this.)
> >>
> >> · Send a note like the one below to specs at openid.net and
> >> board at openid.net and posted on OpenID blog announcing this milestone.
> >> (Allen, do you want to be the one to do this? I assume we should wait
> for
> >> the overview document to be posted before doing this?)
> >>
> >>
> >>
> >> Any other thoughts or suggestions?
> >>
> >>
> >>
> >> -- Mike
> >>
> >>
> >>
> >> From: Mike Jones
> >> Sent: Thursday, July 07, 2011 2:12 PM
> >> To: openid-specs-ab at lists.openid.net; board-private at openid.net
> >> Subject: Functionally complete set of OpenID Connect specs
> >>
> >>
> >>
> >> I’m pleased to announce the release of a functionally complete set of
> >> OpenID Connect specifications. Remaining edits should consist of
> >> corrections, clarifications, and reorganization, rather than additions
> of
> >> significant new functionality. As such, these should now be ready for
> early
> >> feedback from and implementation by friendly developers. The specs are:
> >>
> >>
> >>
> >> OpenID Connect Core:
> http://openid.net/specs/openid-connect-core-1_0.html
> >>
> >> OpenID Connect UserInfo:
> >> http://openid.net/specs/openid-connect-userinfo-1_0.html
> >>
> >> OpenID Connect HTTP Redirect Binding:
> >> http://openid.net/specs/openid-connect-http-redirect-1_0.html
> >>
> >> OpenID Connect Discovery:
> >> http://openid.net/specs/openid-connect-discovery-1_0.html
> >>
> >> OpenID Connect Dynamic Client Registration:
> >> http://openid.net/specs/openid-connect-registration-1_0.html
> >>
> >> OpenID Connect Session Management:
> >> http://openid.net/specs/openid-connect-session-1_0.html
> >>
> >> OpenID Connect Framework:
> >> http://openid.net/specs/openid-connect-framework-1_0.html
> >>
> >>
> >>
> >> All are in SubVersion at
> >> http://svn.openid.net/repos/specifications/connect/1.0/.
> >>
> >>
> >>
> >> -- Mike
> >>
> >>
> >
> >
> > --
> > Eric Sachs | Senior Product Manager | esachs at google.com
> >
> > _______________________________________________
> > board-private mailing list
> > board-private at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-board-private
> >
> >
>
--
Eric Sachs | Senior Product Manager | esachs at google.com
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110718/b350c7b4/attachment.html>
More information about the Openid-specs-ab
mailing list