[Openid-specs-ab] scopes

hideki nara hdknr at ic-tact.co.jp
Fri Aug 19 01:31:49 UTC 2011


John,

For simplicity in Lite, I think  RP should passively accept claims in
the standard profile only the  end user has permitted.

If there is no claim what RP expected in the UserInfo,
 1)  RP ask  the end user  to permit the claim at the OP and restart
OpenID Connect Lite.
or
 2)  RP starts new OpenID Connect Standard session with a Request Object.

Current scope things are bit difficult for me to implement.
----
hdknr

2011/8/2 John Bradley <ve7jtb at ve7jtb.com>:
> There are basically two options for scopes.
>
> Option 1
> openid          id_token
> user-info       default user info less email and address
> email           email
> address         address
>
> So to get just email & id_token you ask for "openid email"
>
>
> Option 2
> openid          id_token & user-info less email & address
> email           email
> address         address
> no-default-information  This in conjunction with openid would only give you the id_token info
>
> So to get just email & id_token you ask for "openid email no-default-information"
>
> Talking to Breno not asking for a access token doesn't look like a good option.
>
> We need to support asking for nothing or just email for some applications.
>
> John
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>


More information about the Openid-specs-ab mailing list