[Openid-specs-ab] OpenID Connect Messages - what is a message?
Johnny Bufu
jbufu at janrain.com
Tue Sep 6 23:58:43 UTC 2011
The topic of the OpenID Messages document is "Messages". It would be
nice to have this term formally defined, to clarify what is and what is
not a "Message".
Looking at the introduction of the "Messages" section there is no
explicit definition for a message. The only reasonable assumption a
reader can make is that all requests addressed to and responses received
from the defined endpoints constitute "messages".
This becomes quite confusing given the statement made in section 2
Overview that "each message may be signed and encrypted" (and similarly
in section 6 Verification). All except the "check session" endpoint are
defined as OAuth 2.0 endpoints, which to my knowledge do not deal with
signed requests or responses. The tokens may be, but then are the tokens
the "messages" this document is talking about?
Johnny
More information about the Openid-specs-ab
mailing list