[Openid-specs-ab] Updated Core
Chuck Mortimore
cmortimore at salesforce.com
Sun May 1 23:23:19 UTC 2011
On Sun, May 1, 2011 at 2:32 PM, Nat Sakimura <sakimura at gmail.com> wrote:
> Hi.
>
> I have just updated the core.
>
> HTML: http://openid4.us/specs/ab/openid-connect-core-1_0.html
>
> Main diff is that I have moved the "openid" structure from the access token
> response to UserInfo response.
> The id_token response is still treated as extension. It should probably be
> incorporated in the core in the next rev.
>
> One discussion point. When we are using JWS, "signed" actually contains
> everything in the original response. Is it not redundant to return both?
> Just returning "signed" as "access_token" should suffice?
>
> One question: maybe better to send this to OAuth list but... why does not
> the user-agent flow use "code"?
> If it does, the entire spec will be even more simple.
> User-agent getting "access_token" directly instead of "code" and using that
> "access_token" repeatedly on the resource seem to be a small amount of
> optimization (one round-trip) with a lot of spec complication.
>
It's for clients that can't secure secrets, and/or have difficulty making
cross domain calls, such as javascript based clients.
-cmort
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
> http://twitter.com/_nat_en
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110501/09558182/attachment.html>
More information about the Openid-specs-ab
mailing list