[Openid-specs-ab] [board-private] OpenID Connect Launch Commencement

Eric Sachs esachs at google.com
Sun Jul 17 19:00:24 UTC 2011


Short answer is this is the most we could get working and documented before
tomorrow :-)

But as I mentioned, we don't plan to formally "launch" this feature set
because there are still many things to do, including the items you noted.

On Sun, Jul 17, 2011 at 11:47 AM, David Recordon <recordond at gmail.com>wrote:

> Hey Eric, a few questions.
>
> On http://oauthssodemo.appspot.com/step/1 it seems like the scopes are
> custom Google URLs for userinfo.email and userinfo.profile. Shouldn't
> we have a common set of scopes for the core profile data given how
> much of an issue it's been so far with providers all offerring
> different amounts of data? Also thought that "openid" was one of the
> required scopes?
>
> Shouldn't the backend request of
> http://oauthssodemo.appspot.com/step/2 be over SSL? Right now it looks
> like the user's browser is sending the access token down to the server
> in the clear. Or this is the code and token flow being discussed on
> the OAuth list where the browser passes a code down to the server in
> the clear versus the access token since the code requires the app
> secret in order for it to be turned into an access token.
>
> Why is a backend request to the server required to validate the access
> token and determine who the user is in step 3? Step 4 is then a second
> backend request to the userinfo API. Given the example code I'm
> effectively making three requests from when the JS gets the token to
> when I have enough data to log the user in. :-\
>
> Thanks,
> --David
>
>
> On Sun, Jul 17, 2011 at 8:58 AM, Eric Sachs <esachs at google.com> wrote:
> >>> Contacting friendly developers to begin implementations and feedback
> >>> based upon their implementation work
> > Google's OpenIDConnect endpoint is now live in production, and we have a
> > sample RP that shows the code required to use it at:
> >
> > http://oauthssodemo.appspot.com/step/1
> >
> > We have sent the config details for our endpoint to a few
> developers/vendors
> > to let them start integrating with it, though we are not trying to
> formally
> > announce it's availability at this time.
> > We will show it at the workshops Google is running Monday & Tuesday
> > afternoon.  The presenters at the Tuesday OIDF summit can use it as well
> if
> > it helps.
> >
> > On Thu, Jul 7, 2011 at 11:11 PM, Mike Jones <Michael.Jones at microsoft.com
> >
> > wrote:
> >>
> >> At this point we are ready to begin the OpenID Connect launch.  Don,
> >> should we have a planning call among the launch owners in the next few
> days
> >> to plan the rollout steps?
> >>
> >>
> >>
> >> Steps we’re already taking:
> >>
> >> ·        Contacting friendly developers to begin implementations and
> >> feedback based upon their implementation work
> >>
> >> ·        Write a one-page overview of the OpenID Connect specs.  (Pamela
> >> Dingle has volunteered to write this by tomorrow/Friday.)
> >>
> >> Steps we should take soon:
> >>
> >> ·        Add links to Connect specs from
> >> http://openid.net/developers/specs/.  (Mike to investigate.)
> >>
> >> ·        Update content on openidconnect.com to refer to the actual
> OpenID
> >> Connect specs, archiving the previous proposal.  (John Bradley already
> owns
> >> this.)
> >>
> >> ·        Send a note like the one below to specs at openid.net and
> >> board at openid.net and posted on OpenID blog announcing this milestone.
> >> (Allen, do you want to be the one to do this?  I assume we should wait
> for
> >> the overview document to be posted before doing this?)
> >>
> >>
> >>
> >> Any other thoughts or suggestions?
> >>
> >>
> >>
> >>                                                             -- Mike
> >>
> >>
> >>
> >> From: Mike Jones
> >> Sent: Thursday, July 07, 2011 2:12 PM
> >> To: openid-specs-ab at lists.openid.net; board-private at openid.net
> >> Subject: Functionally complete set of OpenID Connect specs
> >>
> >>
> >>
> >> I’m pleased to announce the release of a functionally complete set of
> >> OpenID Connect specifications.  Remaining edits should consist of
> >> corrections, clarifications, and reorganization, rather than additions
> of
> >> significant new functionality.  As such, these should now be ready for
> early
> >> feedback from and implementation by friendly developers.  The specs are:
> >>
> >>
> >>
> >> OpenID Connect Core:
> http://openid.net/specs/openid-connect-core-1_0.html
> >>
> >> OpenID Connect UserInfo:
> >> http://openid.net/specs/openid-connect-userinfo-1_0.html
> >>
> >> OpenID Connect HTTP Redirect Binding:
> >> http://openid.net/specs/openid-connect-http-redirect-1_0.html
> >>
> >> OpenID Connect Discovery:
> >> http://openid.net/specs/openid-connect-discovery-1_0.html
> >>
> >> OpenID Connect Dynamic Client Registration:
> >> http://openid.net/specs/openid-connect-registration-1_0.html
> >>
> >> OpenID Connect Session Management:
> >> http://openid.net/specs/openid-connect-session-1_0.html
> >>
> >> OpenID Connect Framework:
> >>  http://openid.net/specs/openid-connect-framework-1_0.html
> >>
> >>
> >>
> >> All are in SubVersion at
> >> http://svn.openid.net/repos/specifications/connect/1.0/.
> >>
> >>
> >>
> >>                                                                 -- Mike
> >>
> >>
> >
> >
> > --
> > Eric Sachs | Senior Product Manager | esachs at google.com
> >
> > _______________________________________________
> > board-private mailing list
> > board-private at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-board-private
> >
> >
>



-- 
Eric Sachs | Senior Product Manager | esachs at google.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110717/a889c2df/attachment-0001.html>


More information about the Openid-specs-ab mailing list