[Openid-specs-ab] Basic profile section 2.2.6.1

Pamela Dingle pdingle at pingidentity.com
Thu Jan 24 18:41:50 UTC 2013 

Hi all,

We talked about basic profile section 2.2.6.1 on the call this morning,
 and Mike agreed to add a bit more helpful text in there that echoes the
existing recommendation in RFC 6749 section 3.2 on using the authorization
header to authenticate the client vs. including client credentials in the
post body of the request sent to the endpoint.

On reading further, I think we could instead state that the possible ways
that the client can authenticate to the Access Token Endpoint are listed in
the Messages spec section 2.2.1, and that if a client is unsure which
client authentication methods are supported, they can refer to a given
openid provider's openid-configuration document, under the
token_endpoint_auth_methods_supported element (described in Discovery
section 3.2).    The nice thing about referring to the messages and
discovery specs rather than directly to the OAuth spec is that it
introduces our simple vocabulary for the different types of client
authentication, gives us a place to insert more guidance in the future, and
also ties in the relationship with the discovery doc, so that if a
developer wants to be more sophisticated they know where to look.

Mike, if you've got something in bitbucket for this change let me know and
I'll put this into the ticket rather than into email, I just wanted to get
this on the record before I forgot.

Cheers,

Pamela


-- 
*Pamela Dingle*  |  Sr. Technical Architect
*Ping**Identity*  |   www.pingidentity.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
*O:* 303-999-5890   *M:* 303-999-5890
*Email:* pdingle at pingidentity.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
*Connect with Ping*
Twitter: @pingidentity
LinkedIn Group: Ping's Identity Cloud
Facebook.com/pingidentitypage
*Connect with me*
Twitter: @pamelarosiedee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130124/752b5e79/attachment.html>

More information about the Openid-specs-ab mailing list