[Openid-specs-ab] UserInfo endpoint -- FB's suggestion
Mike Jones
Michael.Jones at microsoft.com
Thu Jun 2 22:27:14 UTC 2011
Thanks for having this discussion Breno and David! I agree that there are more commonalities than differences.
Comparing Edmund's write-up and Breno's, these schema elements are also missing from the Facebook proposal: phone number, address, and timezone. Presumably these can be added -- especially since we already have the policy that IdPs are free to not return some elements for privacy reasons.
I assume that the data formats for the values are intended to be those used by Facebook where there is a clear correspondence? Fine by me -- we'd just have to nail down the exact data representations for things like gender and locale.
Others thoughts?
-- Mike
-----Original Message-----
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Breno de Medeiros
Sent: Thursday, June 02, 2011 2:54 PM
To: Edmund Jay
Cc: openid-specs-ab at lists.openid.net; David Recordon
Subject: Re: [Openid-specs-ab] UserInfo endpoint -- FB's suggestion
An initial remark to get this started:
The specific format of request/response is less important than ensuring wide adoption and interop for what are very simple (but
valuable) attribute types.
Points of agreement in the proposals are more significant than the points of disagreement:
- OAuth2 protected resource as the interaction pattern with the endpoint
- attribute set (any differences are covered by the language that says IDPs are not required to provide all attributes)
- how to request specific attributes
- JSON representation
Disagreement:
- Parameter names
- Parameter values in the IIW proposal can be different than string
On Thu, Jun 2, 2011 at 14:45, Edmund Jay <ejay at mgi1.com> wrote:
>
> Sorry, I forgot to attach the draft.
>
> -- Edmund
>
> ________________________________
> From: "ejspm-openidab at yahoo.com" <ejspm-openidab at yahoo.com>
> To: Breno de Medeiros <breno at google.com>; "openid-specs-ab at lists.openid.net"
> <openid-specs-ab at lists.openid.net>
> Cc: David Recordon <dr at fb.com>
> Sent: Thu, June 2, 2011 2:34:15 PM
> Subject: Re: [Openid-specs-ab] UserInfo endpoint -- FB's suggestion
>
> Hi,
>
> I'm attaching a draft of the Userinfo endpoint schema that a couple of
> us worked on which reflects the consensus that was reached at IIW 2011.
>
> -- Edmund
>
>
> ________________________________
> From: Breno de Medeiros <breno at google.com>
> To: "openid-specs-ab at lists.openid.net"
> <openid-specs-ab at lists.openid.net>
> Cc: David Recordon <dr at fb.com>
> Sent: Thu, June 2, 2011 1:32:44 PM
> Subject: [Openid-specs-ab] UserInfo endpoint -- FB's suggestion
>
> Some Googlers went on a trek to Facebook HQ to talk about UserInfo
> endpoint schema. That's the counter-proposal that FB put forward for
> the UserInfo endpoint (FBers, please scream if I mis-represent).
>
> id - global user id
> name (name in a displayable form including all name parts in the order
> compatible with user's locale and preferences).
> given_name
> family_name
> profile - URL of profile
> picture - URL of picture
> email
> gender
> birthday (I think in yyyy-mm-dd format?) locale (xx-XX ??) verified
> (boolean indicating verification status of email)
>
> --
> --Breno
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
--
--Breno
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab
More information about the Openid-specs-ab
mailing list