[Openid-specs-ab] Agenda addition for today's call
John Bradley
ve7jtb at ve7jtb.com
Wed Jun 22 23:06:26 UTC 2011
Go ahead, send me the changes.
John B.
On 2011-06-22, at 7:04 PM, Mike Jones wrote:
> This is good enough as-is that I’m going to check it into SVN and put it on openid.net/specs after a few editorial changes to make it more like the other docs.
>
> Speak now if any of you want me to hold off for any reason…
>
> -- Mike
>
> From: John Bradley [mailto:ve7jtb at ve7jtb.com]
> Sent: Monday, June 20, 2011 2:52 PM
> To: Mike Jones
> Cc: Nat Sakimura; openid-specs-ab at lists.openid.net
> Subject: Re: [Openid-specs-ab] Agenda addition for today's call
>
> For discussion:
>
> Dynamic client registration and secret rotation.
>
> Thinking about it, It makes more sense to have the IdP configuration information as part of registration.
>
> One flow could be having a RP go to a web page and do a manual registration, then plug in their client_id, client_secret, return_to, and Idp client registration endpoint into their software and have it do a refresh to get the other parameters.
>
> I suspect that the Client Registration endpoint will need to also be the issuer_id. Without introducing a post authentication discovery step we need to map the signature on the session token back to a shared secret (or public key) If we allow the other endpoints to be on other domains potentially, that leaves the registration one as the likely choice.
>
> John B.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110622/dc70aa5b/attachment.html>
More information about the Openid-specs-ab
mailing list