[Openid-specs-ab] Lite Draft 8

Allen Tom allentomdude at gmail.com
Tue Aug 16 19:55:01 UTC 2011


Based on my feedback, and also from what I read from George and Johnny, it
sounds like the id_token should either be removed from the Lite spec (is it
really required for a Lite implementation? It appears to be an optimization)
or perhaps if it needs to stay in the spec, then it should be definitely
better documented.

The id_token definition in Section 2 says that it's opaque in the Lite
profile, which at least to me, means that implementors can ignore it.  I've
heard that other OAuth2 based APIs have equivalents of the id_token. Can
someone point me at some public documentation from other implementations?

Thanks
Allen


On Fri, Aug 12, 2011 at 1:29 PM, George Fletcher <gffletch at aol.com> wrote:

>  I've attached a pdf of with my comments on Lite draft 8. It appears that
> some of these were discussed on the call yesterday. Please ignore those if a
> resolution has been reached.
>
> Thanks,
> George
>
> On 8/11/11 2:57 PM, John Bradley wrote:
>
> Updated lite.
>
> The introspection endpoint is renamed to be consistent with session management.  I think the name is clearer for the function.
>
> Per my discussion with Breno I made it clear that it is a OAuth 2 protected resource per the spec and not something special.
>
> That required removing the text about it being possible to overload it on the token endpoint.  That probably is not a good idea as they now have different security.
>
> I referenced session management and the full spec to redirect people to there for a fuller explanation.
>
> PPID is only mentioned in security considerations.
> We should discuss if it should be in the lite spec.
> Some IdP will use PPID by default.  I think a discussion of how that should be calculated needs to be included otherwise RP will be surprised if they change something and all the user_id change.
>
> I may only make the first part of the call.  I have a 6:20 flight.
>
> John B.
>
>
>
> _______________________________________________
> Openid-specs-ab mailing listOpenid-specs-ab at lists.openid.nethttp://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
> --
> Chief Architect                   AIM:  gffletch
> Identity Services Engineering     Work: george.fletcher at teamaol.com
> AOL Inc.                          Home: gffletch at aol.com
> Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com
> Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110816/5aee4433/attachment-0001.html>


More information about the Openid-specs-ab mailing list