[Openid-specs-ab] [board-private] OpenID Connect Launch Commencement

David Recordon recordond at gmail.com
Sun Jul 17 18:47:55 UTC 2011


Hey Eric, a few questions.

On http://oauthssodemo.appspot.com/step/1 it seems like the scopes are
custom Google URLs for userinfo.email and userinfo.profile. Shouldn't
we have a common set of scopes for the core profile data given how
much of an issue it's been so far with providers all offerring
different amounts of data? Also thought that "openid" was one of the
required scopes?

Shouldn't the backend request of
http://oauthssodemo.appspot.com/step/2 be over SSL? Right now it looks
like the user's browser is sending the access token down to the server
in the clear. Or this is the code and token flow being discussed on
the OAuth list where the browser passes a code down to the server in
the clear versus the access token since the code requires the app
secret in order for it to be turned into an access token.

Why is a backend request to the server required to validate the access
token and determine who the user is in step 3? Step 4 is then a second
backend request to the userinfo API. Given the example code I'm
effectively making three requests from when the JS gets the token to
when I have enough data to log the user in. :-\

Thanks,
--David


On Sun, Jul 17, 2011 at 8:58 AM, Eric Sachs <esachs at google.com> wrote:
>>> Contacting friendly developers to begin implementations and feedback
>>> based upon their implementation work
> Google's OpenIDConnect endpoint is now live in production, and we have a
> sample RP that shows the code required to use it at:
>
> http://oauthssodemo.appspot.com/step/1
>
> We have sent the config details for our endpoint to a few developers/vendors
> to let them start integrating with it, though we are not trying to formally
> announce it's availability at this time.
> We will show it at the workshops Google is running Monday & Tuesday
> afternoon.  The presenters at the Tuesday OIDF summit can use it as well if
> it helps.
>
> On Thu, Jul 7, 2011 at 11:11 PM, Mike Jones <Michael.Jones at microsoft.com>
> wrote:
>>
>> At this point we are ready to begin the OpenID Connect launch.  Don,
>> should we have a planning call among the launch owners in the next few days
>> to plan the rollout steps?
>>
>>
>>
>> Steps we’re already taking:
>>
>> ·        Contacting friendly developers to begin implementations and
>> feedback based upon their implementation work
>>
>> ·        Write a one-page overview of the OpenID Connect specs.  (Pamela
>> Dingle has volunteered to write this by tomorrow/Friday.)
>>
>> Steps we should take soon:
>>
>> ·        Add links to Connect specs from
>> http://openid.net/developers/specs/.  (Mike to investigate.)
>>
>> ·        Update content on openidconnect.com to refer to the actual OpenID
>> Connect specs, archiving the previous proposal.  (John Bradley already owns
>> this.)
>>
>> ·        Send a note like the one below to specs at openid.net and
>> board at openid.net and posted on OpenID blog announcing this milestone.
>> (Allen, do you want to be the one to do this?  I assume we should wait for
>> the overview document to be posted before doing this?)
>>
>>
>>
>> Any other thoughts or suggestions?
>>
>>
>>
>>                                                             -- Mike
>>
>>
>>
>> From: Mike Jones
>> Sent: Thursday, July 07, 2011 2:12 PM
>> To: openid-specs-ab at lists.openid.net; board-private at openid.net
>> Subject: Functionally complete set of OpenID Connect specs
>>
>>
>>
>> I’m pleased to announce the release of a functionally complete set of
>> OpenID Connect specifications.  Remaining edits should consist of
>> corrections, clarifications, and reorganization, rather than additions of
>> significant new functionality.  As such, these should now be ready for early
>> feedback from and implementation by friendly developers.  The specs are:
>>
>>
>>
>> OpenID Connect Core:  http://openid.net/specs/openid-connect-core-1_0.html
>>
>> OpenID Connect UserInfo:
>> http://openid.net/specs/openid-connect-userinfo-1_0.html
>>
>> OpenID Connect HTTP Redirect Binding:
>> http://openid.net/specs/openid-connect-http-redirect-1_0.html
>>
>> OpenID Connect Discovery:
>> http://openid.net/specs/openid-connect-discovery-1_0.html
>>
>> OpenID Connect Dynamic Client Registration:
>> http://openid.net/specs/openid-connect-registration-1_0.html
>>
>> OpenID Connect Session Management:
>> http://openid.net/specs/openid-connect-session-1_0.html
>>
>> OpenID Connect Framework:
>>  http://openid.net/specs/openid-connect-framework-1_0.html
>>
>>
>>
>> All are in SubVersion at
>> http://svn.openid.net/repos/specifications/connect/1.0/.
>>
>>
>>
>>                                                                 -- Mike
>>
>>
>
>
> --
> Eric Sachs | Senior Product Manager | esachs at google.com
>
> _______________________________________________
> board-private mailing list
> board-private at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-board-private
>
>


More information about the Openid-specs-ab mailing list