[Openid-specs-ab] Few more connect comments.
Chuck Mortimore
cmortimore at salesforce.com
Tue Jul 19 06:00:15 UTC 2011
On 7/18/11 11:57 PM, "Nat Sakimura" <sakimura at gmail.com> wrote:
On Tue, Jul 19, 2011 at 2:42 PM, Chuck Mortimore <cmortimore at salesforce.com> wrote:
Few more comments:
http-redirect: Can you only get an id_token with the request method?
You should be able to get even in query string method.
session 3.2.3: We should consider how this relates to the token revocation draft, given both Google and Salesforce will be shipping
Good point. Could you point me to the relevant doc/section?
http://tools.ietf.org/html/draft-lodderstedt-oauth-revocation-02
Google and ourselves both have added jsonp support as well.
client-registration 4.1: would like to see PEM encoded x509 as an option for clients that can't host a jwk
Good. I wanted that as well. Actually, it went missing among editing, I guess. I remember it was there at some point and there were no decisions to remove it.
client-registration: I believe we need to protect the service itself with oauth - almost all of us have applications owned by a developer account, and hence we need some authentication to perform the binding to that account
I think the authn should be optional. To be truly dynamic, we should not require pre-registration of the developer account.
Agreed, but it's not covered at all at the moment. None of the current providers would know how to server an admin interface for the resulting clients.
-cmort
-cmort
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110718/dbb8b2cd/attachment.html>
More information about the Openid-specs-ab
mailing list