[Openid-specs-ab] Updated Core
Nat Sakimura
sakimura at gmail.com
Sun May 1 21:32:07 UTC 2011
Hi.
I have just updated the core.
HTML: http://openid4.us/specs/ab/openid-connect-core-1_0.html
Main diff is that I have moved the "openid" structure from the access token
response to UserInfo response.
The id_token response is still treated as extension. It should probably be
incorporated in the core in the next rev.
One discussion point. When we are using JWS, "signed" actually contains
everything in the original response. Is it not redundant to return both?
Just returning "signed" as "access_token" should suffice?
One question: maybe better to send this to OAuth list but... why does not
the user-agent flow use "code"?
If it does, the entire spec will be even more simple.
User-agent getting "access_token" directly instead of "code" and using that
"access_token" repeatedly on the resource seem to be a small amount of
optimization (one round-trip) with a lot of spec complication.
--
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110502/5d35210a/attachment.html>
More information about the Openid-specs-ab
mailing list