[Openid-specs-ab] Few more connect comments.
Chuck Mortimore
cmortimore at salesforce.com
Tue Jul 19 05:42:32 UTC 2011
Few more comments:
http-redirect: Can you only get an id_token with the request method?
session 3.2.3: We should consider how this relates to the token revocation draft, given both Google and Salesforce will be shipping
client-registration 4.1: would like to see PEM encoded x509 as an option for clients that can't host a jwk
client-registration: I believe we need to protect the service itself with oauth - almost all of us have applications owned by a developer account, and hence we need some authentication to perform the binding to that account
-cmort
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110718/afb55717/attachment.html>
More information about the Openid-specs-ab
mailing list