[Openid-specs-ab] newbie must be confused at assertion
hideki nara
hdknr at ic-tact.co.jp
Wed Sep 7 19:08:29 UTC 2011
Hi all,
In draft 04 of Message(
http://openid.net/specs/openid-connect-messages-1_0.html),
"1. Terminology" generically says:
Assertion
A set of Claims about the End-User that are attested to by the
OpenID Provider and Resource Servers.
"3.2.1. Access Token Request" describes as a parameter such as a
"refresh token":
The client obtains an access token by authenticating with the
authorization server and presenting its access grant (in the form of
an authorization code, resource owner credentials, an assertion, or a
refresh token).
"3.2.2. Access Token Response" describes as a concrete entity as
"Positive Assertion" which includes "Access Token" :
After receiving and verifying a valid and authorized Access Token
Request from the client, the Authorization Server returns a Positive
Assertion that includes an Access Token and an ID Token.
I think newbies will confuse. Actually I can't tell my friend exactly
what Assertion in Connect means and how differ from OpenID 2.0
Assertion.
Or simply I must fail to catch the meaning of English word
"assertion" properly...
---
hdknr
More information about the Openid-specs-ab
mailing list