[Openid-specs-ab] Few more connect comments.
Nat Sakimura
sakimura at gmail.com
Tue Jul 19 05:57:20 UTC 2011
On Tue, Jul 19, 2011 at 2:42 PM, Chuck Mortimore
<cmortimore at salesforce.com>wrote:
> Few more comments:
>
> http-redirect: Can you only get an id_token with the request method?
>
You should be able to get even in query string method.
>
> session 3.2.3: We should consider how this relates to the token revocation
> draft, given both Google and Salesforce will be shipping
>
Good point. Could you point me to the relevant doc/section?
>
> client-registration 4.1: would like to see PEM encoded x509 as an option
> for clients that can't host a jwk
>
Good. I wanted that as well. Actually, it went missing among editing, I
guess. I remember it was there at some point and there were no decisions to
remove it.
>
> client-registration: I believe we need to protect the service itself with
> oauth - almost all of us have applications owned by a developer account, and
> hence we need some authentication to perform the binding to that account
>
I think the authn should be optional. To be truly dynamic, we should not
require pre-registration of the developer account.
> -cmort
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110719/16bfcdcd/attachment.html>
More information about the Openid-specs-ab
mailing list