[Openid-specs-ab] UserInfoEndpoint, ClaimsEndpoint, Discovery, and friends
Breno de Medeiros
breno at google.com
Fri Apr 22 21:03:35 UTC 2011
There was much discussion in the most recent call about where we fit
the UserInfoEndpoint, the ClaimsEndpoint, etc.
The current proposal is to have the UserInfoEndpoint return user
attributes as asserted by the Identity Provider/Server and have a
separate endpoint that can be queried about claims that the IDP has
aggregated. Chuck provided a concrete example in use by SalesForce,
and there are also some industry efforts to use address claims issued
by national entities in various countries.
If the claims and services are to be obtained through 4th parties
(i.e., not aggregated by the IDP but directly fetched from other
parties) then how do we discover where to find the services/claim
providers (and probably obtain a token for them at the same time)?
I am not sure yet that we have a proposal that is both simple enough
and flexible enough to satisfy known use cases. A possible topic of
discussion for next meeting?
More information about the Openid-specs-ab