[Openid-specs-ab] OpenID Connect FAQ?

Allen Tom allentomdude at gmail.com
Sat Aug 20 03:18:33 UTC 2011


Hi Nat,

I gave you edit permissions to the doc, so go ahead and chime in!

Regarding extending scopes - what I meant was that IdPs may define
additional IdP-specific scopes which clients can specify in the
Authorization request. So for instance, an IdP could offer a
"post_to_my_wall" scope which clients could specify in addition to the
openid scope. Presumably, the Access Token that's returned could be used at
both the UserInfo endpoint, and the post_to_my_wall endpoint. Does that make
sense?

Also, regarding the UserInfo endpoint - I thought IdPs were free to add
additional key/values to the response? At least, that's what I remember from
David Recordon's original proposal. If this is still the case, then can IdPs
add new key/values without risking conflicts?

Since XRIs are just another URI, I'll remove it from the FAQ.

Thanks,
Allen


On Fri, Aug 19, 2011 at 6:24 PM, Nat Sakimura <sakimura at gmail.com> wrote:

> Thanks a lot!
>
> I may want to chime in as well, like claims.
> Extending scopes are not recommended by the connect, as it would cause
> interoperability problems. Preferred way is to use the claims syntax.
>
> Also, I am not sure if we need to spell out "OpenID Connect does not
> support XRI" as it is just another URI and thus the statement is not
> entirely correct.
>
> =nat via iPad
>
> On 2011/08/20, at 7:49, Allen Tom <allentomdude at gmail.com> wrote:
>
> OK, here's what I typed up this afternoon. It is only meant to be an
> informative easy to read summary of commonly asked questions regarding
> OpenID Connect.
>
>
> <https://docs.google.com/document/pub?id=16uH73S0VqouiDbfKJxxOUlgU9AZFu_ZRXVPJXwPCE6A>
> https://docs.google.com/document/pub?id=16uH73S0VqouiDbfKJxxOUlgU9AZFu_ZRXVPJXwPCE6A
>
> Anyone else want to pitch in?
>
> Allen
>
>
> On Fri, Aug 19, 2011 at 2:40 PM, Pam Dingle < <pdingle at pingidentity.com>
> pdingle at pingidentity.com> wrote:
>
>> Not everyone we want to inform will be an implementer.  A FAQ creates an
>> easy set of quotable definitions for press, bloggers, and other folks who
>> may want to talk about the spec without digging into it.
>>
>>
>> On Fri, Aug 19, 2011 at 2:24 PM, Johnny Bufu < <jbufu at janrain.com>
>> jbufu at janrain.com> wrote:
>>
>>> I think these should be covered in the spec, rather than an external,
>>> non-authoritative document. An implementer would need answers for all of
>>> them (except the first one), the spec really should provide them.
>>>
>>> Johnny
>>>
>>>
>>> On 11-08-19 12:15 PM, Allen Tom wrote:
>>>
>>>> Would it be useful to have an OpenID Connect technical FAQ? Is there one
>>>> already? If not, I can help set it up as a separate wiki/living
>>>> document.
>>>>
>>>> Off the top of my head, some questions and answers that should be listed
>>>> are:
>>>>
>>>> - What's OpenID Connect, and how is it different than OpenID 2.0?
>>>> - How is OpenID Connect different than OAuth 2.0?
>>>> - What is the id_token?
>>>> - What's the UserInfo endpoint?
>>>> - What's the CheckSession endpoint?
>>>> - When should clients use the Implicit vs Code flows?
>>>> - What's the identifier for the user?
>>>> - How do I extend OpenID Connect?
>>>>
>>>> Allen
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ______________________________**_________________
>>>> Openid-specs-ab mailing list
>>>>  <Openid-specs-ab at lists.openid.net>Openid-specs-ab at lists.openid.**net
>>>>  <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
>>>> http://lists.openid.net/**mailman/listinfo/openid-specs-**ab
>>>>
>>> ______________________________**_________________
>>> Openid-specs-ab mailing list
>>>  <Openid-specs-ab at lists.openid.net>Openid-specs-ab at lists.openid.**net
>>>  <http://lists.openid.net/mailman/listinfo/openid-specs-ab>
>>> http://lists.openid.net/**mailman/listinfo/openid-specs-**ab
>>>
>>
>>
>>
>> --
>> *Pamela Dingle*  |  Sr. Technical Architect
>> *Ping**Identity*  |   <http://www.pingidentity.com>www.pingidentity.com
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> - - -
>> *O:* 303-999-5890   *M:* 303-999-5890
>> *Email:*  <pdingle at pingidentity.com>pdingle at pingidentity.com
>> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> - - -
>> *Connect with Ping*
>> Twitter: @pingidentity
>> LinkedIn Group: Ping's Identity Cloud
>> Facebook.com/pingidentitypage
>> *Connect with me*
>> Twitter: @pamelarosiedee
>>
>>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110819/0d0c50e5/attachment.html>


More information about the Openid-specs-ab mailing list