[Openid-specs-ab] Lite Draft 8

John Bradley ve7jtb at ve7jtb.com
Tue Aug 16 23:40:46 UTC 2011


From a privacy point of view giving all of the information in the user-info endpoint all the time with only a single scope is not ideal.  
Mike wanted to do that but have additional negative scope so that you could say you don't want things, but have the default be the common case.  
This still requires defining multiple scopes.

We could just make openid the scope for the id_token.  However that makes interoperability for the user-info endpoint worse than AX if that is possible.

I wouldn't want to get rid of nonce or state for security reasons.  We could make those required for the profile and ditch prompt and display.

Other opinions?

On 2011-08-16, at 7:03 PM, Anthony Nadalin wrote:

> 1.       3.1 Why is there any scope beyond “openid”, is this spec going to be continually updated whenever a new scope is added/changed, seems like a bad idea to have additional scopes in the spec
> 2.       3.2.1 Why have optional parameters, this should be basic (code and go)
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110816/66016c0a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110816/66016c0a/attachment.p7s>


More information about the Openid-specs-ab mailing list