[Openid-specs-ab] Native SSO for Mobile Apps - draft 7 published
Vladimir Dzhuvinov / Connect2id
vladimir at connect2id.com
Thu Jan 23 07:31:17 UTC 2025
Thanks George for publishing draft 07.
My preference would be to revisit the spec, in view of removing the ID
token dependency in the token exchange. This will have the useful side
effect of "freeing up" one of the token exchange slots, which is
currently taken up the ID token. But let's give that some time and have
some rest now, and simply enjoy the progress that was made :)
Thanks,
Vladimir
On 21/01/2025 21:00, George Fletcher via Openid-specs-ab wrote:
> Hi,
>
> We've published draft 7 of the Native SSO for Mobile Apps
> specification. This closes all open issues. You can find the
> latest version here:
>
> https://openid.net/specs/openid-connect-native-sso-1_0.html
>
> Feedback greatly appreciated!
>
> Finally, in some of our working group calls, there have been concerns
> raised regarding this specification's use of id_tokens as well as
> other feedback that the id_token isn't really necessary.
>
> I see two options to move forward:
> 1. We vote the current specification as final and say it's good enough
> 2. We look to revisit the specification and make significant breaking
> changes to remove the dependency on the id_token as well as update the
> draft to take advantage of other security measures formulated since
> this specification was first introduced.
>
> I'd appreciate feedback on which direction you think we should take.
>
> Thanks,
> George
>
> ------------------------------------------------------------------------
>
>
> The information contained in this e-mail may be confidential and/or
> proprietary to Capital One and/or its affiliates and may only be used
> solely in performance of work or services for Capital One. The
> information transmitted herewith is intended only for use by the
> individual or entity to which it is addressed. If the reader of this
> message is not the intended recipient, you are hereby notified that
> any review, retransmission, dissemination, distribution, copying or
> other use of, or taking of any action in reliance upon this
> information is strictly prohibited. If you have received this
> communication in error, please contact the sender and delete the
> material from your computer.
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250123/3aa510a9/attachment.htm>
More information about the Openid-specs-ab
mailing list