[Openid-specs-ab] OpenID Connect Metadata and Dynamic Registration

John Bradley ve7jtb at ve7jtb.com
Fri Nov 4 14:16:39 UTC 2011 

Andreas,

The meta-data in the discovery spec has expanded though it is still quite simply formatted.  As well as an expansion of the registration spec.
We should be releasing updated drafts shortly. 

For the identity providers meta-data should be relatively stable, and aggrigation by a trusted source for verification of entity attributes (LoA etc) seems like it would work.

I don't know that we have enough experience with clients yet to know how to best represent all of the information, given some may only be JS in the browser.

Certainly some will be traditional Relying Party and verifying some of there attributes would be a good thing.

One of the related questions is how to represent "verified" clients like a RP vs a iPhone or other app that can't protect secrets.

One thing that was discussed at IIW was providing a master developer key that could can be used in registration so that each client can create it's own client_id.

I will be at euroCamp in December if you are attending.  

Your thoughts are a good start.  Once we have the core protocol working the way we want, we will need to spend more time on this.

Regards
John B.


On 2011-08-23, at 5:31 PM, Andreas Åkre Solberg wrote:

> While I read through the spec I tried to write down the things I though would be useful to have in a metadata document.
> 
> Here is what I have so far on metadata content:
> 
> 	https://gist.github.com/1163089
> 
> I also wrote down some thoughts on how the metadata can be used in the the dynamic registration service, and how metadata can be automatically kept updated:
> 
> 	https://github.com/andreassolberg/documents/blob/master/openidconnect/draft-solberg-openidconnect-clientregistration.md
> 
> Have there been done much work on these aspects of openid connect, and is there any others that are interested in this?
> 
> Andreas
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111104/e74f31d6/attachment.p7s>

More information about the Openid-specs-ab mailing list