[Openid-specs-ab] Lite Draft 8

John Bradley ve7jtb at ve7jtb.com
Tue Aug 16 23:44:23 UTC 2011


Perhaps just not calling it out as opaque.  We don't say that about the user-info access token, because it is assumed in OAuth.

I am leaning towards describing it as the access token for the Check Session endpoint.

I asked in another email if id_token is perhaps a bad name?  Perhaps session?

John B.
On 2011-08-16, at 7:32 PM, Johnny Bufu wrote:

> To me it means that a lite client doesn't have to understand its contents, parse or extract data from it. Just store, compare or pass it along as required by the protocol.
> 
> I still think that the term "opaque" should be targeted at one or more parties that handle the token, not at a document.
> 
> Johnny

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110816/00e55fb1/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110816/00e55fb1/attachment-0001.p7s>


More information about the Openid-specs-ab mailing list