[Openid-specs-ab] LoginId hint
George Fletcher
gffletch at aol.com
Fri Aug 31 16:36:27 UTC 2012
+1
On 8/30/12 8:39 PM, Breno de Medeiros wrote:
>
> +1
>
> On Aug 30, 2012 4:54 PM, "Nat Sakimura" <sakimura at gmail.com
> <mailto:sakimura at gmail.com>> wrote:
>
> I think we had similar discussion before and the result then was
> to signify that it is a hint through the parameter name. I support
> login_hint.
>
> =nat via iPhone
>
> On Aug 31, 2012, at 7:50 AM, Pam Dingle <pdingle at pingidentity.com
> <mailto:pdingle at pingidentity.com>> wrote:
>
>> I am worried that the name of "login_id" might be misinterpreted
>> to be authoritative rather than tentative.
>>
>> Could we change the parameter name to strongly indicate that this
>> is just a suggestion rather than an instruction? Something like
>> suggested_user or login_hint or chosen_id?
>>
>> Cheers,
>>
>> Pamela
>>
>> On Thu, Aug 30, 2012 at 11:01 AM, Breno de Medeiros
>> <breno at google.com <mailto:breno at google.com>> wrote:
>>
>>
>>
>>
>> On Thu, Aug 30, 2012 at 11:00 AM, Richer, Justin P.
>> <jricher at mitre.org <mailto:jricher at mitre.org>> wrote:
>>
>> As far as the spec is concerned, that's up to the IdP. A
>> "Smart" IdP might prompt the user with something like:
>>
>> "You are logging in to site X who thinks you're Bob, but
>> you're logged in as Alice. Click here to log in as Bob
>> instead."
>>
>>
>> Well, it might be useful to give RPs some expectations. For
>> instance, RPs should be expecting the case where they supply
>> a login_id but receive a session authenticated to a different
>> user.
>>
>>
>> -- Justin
>>
>> On Aug 30, 2012, at 1:52 PM, Breno de Medeiros wrote:
>>
>>> Consider the case where partners share a computer, or a
>>> user has a personal account and a professional account
>>> with the same IDP. If the currently logged-in user is
>>> different from the suggested user via login_id, what are
>>> the expectations?
>>>
>>>
>>> On Thu, Aug 30, 2012 at 7:55 AM, Justin Richer
>>> <jricher at mitre.org <mailto:jricher at mitre.org>> wrote:
>>>
>>> Ryo,
>>>
>>> We talked about this on the call this morning. Right
>>> now, we're saying that it's RECOMMENDED that they
>>> have the same value, but it's not required. Since
>>> there are currently two discovery setups (SWD and
>>> Webfinger/XRD) that use different parameter names,
>>> it might be a moot point to try and match those.
>>>
>>> -- Justin
>>>
>>>
>>> On 08/30/2012 01:28 AM, Ryo Ito wrote:
>>>> Do the principal parameter at discovery request and
>>>> login_id parameter have same value?
>>>> If it is Yes, the unification of the parameter name
>>>> or reference will help developers.
>>>>
>>>> Thanks,
>>>> Ryo
>>>>
>>>> 2012/8/30 George Fletcher <gffletch at aol.com
>>>> <mailto:gffletch at aol.com>>
>>>>
>>>> How about adding the following to section 2.1.2
>>>> of Messages... after the id_token parameter
>>>>
>>>> login_id
>>>> OPTIONAL. A hint to the authorization
>>>> service as to the login_id the user may use to
>>>> authenticate (if necessary). This hint can be
>>>> used by an RP if it first asks the user for
>>>> their email address (or other identifier) and
>>>> then wants to pass that value as a hint to the
>>>> discovered authorization service.
>>>>
>>>> Thanks,
>>>> George
>>>>
>>>> On 8/29/12 2:00 PM, Nat Sakimura wrote:
>>>>> Hey, now I am getting the support!
>>>>>
>>>>> Could one of you provide the actual text
>>>>> proposal for it?
>>>>>
>>>>> =nat via iPhone
>>>>>
>>>>> On Aug 30, 2012, at 1:40 AM, Chuck Mortimore
>>>>> <cmortimore at salesforce.com
>>>>> <mailto:cmortimore at salesforce.com>> wrote:
>>>>>
>>>>>> +1
>>>>>>
>>>>>> - cmort
>>>>>>
>>>>>> On Aug 29, 2012, at 9:26 AM, "Pam Dingle"
>>>>>> <pdingle at pingidentity.com
>>>>>> <mailto:pdingle at pingidentity.com>> wrote:
>>>>>>
>>>>>>> +1 from me too - need this for account
>>>>>>> chooser, among other things.
>>>>>>>
>>>>>>> On Wed, Aug 29, 2012 at 8:39 AM, Richer,
>>>>>>> Justin P. <jricher at mitre.org
>>>>>>> <mailto:jricher at mitre.org>> wrote:
>>>>>>>
>>>>>>> +1, I've asked for this feature too.
>>>>>>>
>>>>>>> -- Justin
>>>>>>>
>>>>>>> On Aug 29, 2012, at 11:27 AM, George
>>>>>>> Fletcher wrote:
>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> We've run into a case where it would be
>>>>>>>> nice to be able to pass into the
>>>>>>>> /authorize endpoint a value to pre-fill
>>>>>>>> the loginid field on the authentication
>>>>>>>> UI. We allow for an id_token to be
>>>>>>>> passed as a hint of the desired user,
>>>>>>>> but this only works for an "already
>>>>>>>> authenticated" use case.
>>>>>>>>
>>>>>>>> If we consider the Account Chooser case
>>>>>>>> where what is stored is the user's
>>>>>>>> email address, it would be nice to be
>>>>>>>> able to start the identity federation
>>>>>>>> flow passing that email address along
>>>>>>>> to the IdP.
>>>>>>>>
>>>>>>>> Did I just miss support for this in the
>>>>>>>> specs?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> George
>>>>>>>> --
>>>>>>>> Chief Architect AIM: gffletch
>>>>>>>> Identity Services Engineering Work:george.fletcher at teamaol.com <mailto:george.fletcher at teamaol.com>
>>>>>>>> AOL Inc. Home:gffletch at aol.com <mailto:gffletch at aol.com>
>>>>>>>> Mobile:+1-703-462-3494 <tel:%2B1-703-462-3494> Blog:http://practicalid.blogspot.com <http://practicalid.blogspot.com/>
>>>>>>>> Office:+1-703-265-2544 <tel:%2B1-703-265-2544> Twitter:http://twitter.com/gffletch
>>>>>>>> _______________________________________________
>>>>>>>> Openid-specs-ab mailing list
>>>>>>>> Openid-specs-ab at lists.openid.net
>>>>>>>> <mailto:Openid-specs-ab at lists.openid.net>
>>>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Openid-specs-ab mailing list
>>>>>>> Openid-specs-ab at lists.openid.net
>>>>>>> <mailto:Openid-specs-ab at lists.openid.net>
>>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> *Pamela Dingle* | Sr. Technical Architect
>>>>>>> *Ping**Identity* | www.pingidentity.com
>>>>>>> <http://www.pingidentity.com/>
>>>>>>> - - - - - - - - - - - - - - - - - - - - - -
>>>>>>> - - - - - - - - - - - - - - - - - -
>>>>>>> *O:* 303-999-5890 <tel:303-999-5890> *M:*
>>>>>>> 303-999-5890 <tel:303-999-5890>
>>>>>>> *Email:* pdingle at pingidentity.com
>>>>>>> <mailto:pdingle at pingidentity.com>
>>>>>>> - - - - - - - - - - - - - - - - - - - - - -
>>>>>>> - - - - - - - - - - - - - - - - - -
>>>>>>> *Connect with Ping*
>>>>>>> Twitter: @pingidentity
>>>>>>> LinkedIn Group: Ping's Identity Cloud
>>>>>>> Facebook.com/pingidentitypage
>>>>>>> <http://Facebook.com/pingidentitypage>
>>>>>>>
>>>>>>> *Connect with me*
>>>>>>> Twitter: @pamelarosiedee
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Openid-specs-ab mailing list
>>>>>>> Openid-specs-ab at lists.openid.net
>>>>>>> <mailto:Openid-specs-ab at lists.openid.net>
>>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>> _______________________________________________
>>>>>> Openid-specs-ab mailing list
>>>>>> Openid-specs-ab at lists.openid.net
>>>>>> <mailto:Openid-specs-ab at lists.openid.net>
>>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Openid-specs-ab mailing list
>>>>> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
>>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>
>>>>
>>>> _______________________________________________
>>>> Openid-specs-ab mailing list
>>>> Openid-specs-ab at lists.openid.net
>>>> <mailto:Openid-specs-ab at lists.openid.net>
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> ====================
>>>> Ryo Ito
>>>> Email : ritou.06 at gmail.com <mailto:ritou.06 at gmail.com>
>>>> ====================
>>>>
>>>>
>>>> _______________________________________________
>>>> Openid-specs-ab mailing list
>>>> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>> _______________________________________________
>>> Openid-specs-ab mailing list
>>> Openid-specs-ab at lists.openid.net
>>> <mailto:Openid-specs-ab at lists.openid.net>
>>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>>
>>>
>>>
>>>
>>> --
>>> --Breno
>>>
>>
>>
>>
>>
>> --
>> --Breno
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> <mailto:Openid-specs-ab at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>>
>>
>>
>>
>> --
>> *Pamela Dingle* | Sr. Technical Architect
>> *Ping**Identity* | www.pingidentity.com
>> <http://www.pingidentity.com>
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> - - - - - - -
>> *O:* 303-999-5890 <tel:303-999-5890> *M:* 303-999-5890
>> <tel:303-999-5890>
>> *Email:* pdingle at pingidentity.com <mailto:pdingle at pingidentity.com>
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> - - - - - - -
>> *Connect with Ping*
>> Twitter: @pingidentity
>> LinkedIn Group: Ping's Identity Cloud
>> Facebook.com/pingidentitypage <http://Facebook.com/pingidentitypage>
>>
>> *Connect with me*
>> Twitter: @pamelarosiedee
>>
>>
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> <mailto:Openid-specs-ab at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
--
Chief Architect AIM: gffletch
Identity Services Engineering Work: george.fletcher at teamaol.com
AOL Inc. Home: gffletch at aol.com
Mobile: +1-703-462-3494 Blog: http://practicalid.blogspot.com
Office: +1-703-265-2544 Twitter: http://twitter.com/gffletch
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120831/b1374325/attachment.html>
More information about the Openid-specs-ab
mailing list