[Openid-specs-ab] Spec call notes 27-Sep-12
Roland Hedberg
roland.hedberg at adm.umu.se
Sat Sep 29 16:32:11 UTC 2012
27 sep 2012 kl. 11:31 skrev Roland Hedberg <roland.hedberg at adm.umu.se>:
>
> 27 sep 2012 kl. 17:15 skrev Mike Jones <Michael.Jones at microsoft.com>:
>
>> Mike would like to see a mobile phone application being tested
>> Nat will try to find someone to work on this
>> Roland said that you have to catch and handle the redirect
>> Roland said that you have to manage cookies as well
>> There may be different cookies between the OP and RP versus the OP and the browser
>> Nat and George said that it would be better to not use cookies in this case and just use the ID Token
>
> Just to be clear this is not a choice the mobile phone app makes, it's a decision made by the OP implementor.
Oh, and by the way the problem with a client in a non-web application environment is not the handling of redirects and/or cookies.
It is the authentication of the user.
The same problem applies to SAML ECP where the present solution seems to be HTTP basic auth with the users uid/password or personal certificate.
-- Roland
------------------------------------------------------
Roland Hedberg
IT Architect/Senior Researcher
ICT Services and System Development (ITS)
Umeå University
SE-901 87 Umeå, Sweden
Phone +46 90 786 68 44
Mobile +46 70 696 68 44
www.its.umu.se
More information about the Openid-specs-ab
mailing list