[Openid-specs-ab] Messages - 3.1.2 additional display parameter options

George Fletcher gffletch at aol.com
Wed Oct 19 20:04:31 UTC 2011


So I think we have to different use cases here...

1. The capabilities of the device/how the UI is being displayed. I agree 
with Marius that 'embedded' is another designation that is useful. I'm 
fine with additional values being defined in profiles, but we have some 
that we know are in use today and I think we should just go ahead and 
include them. I suppose it is possible that a device could have no UI 
capability and hence would need an option of 'none'. However, I think 
that is a different flow from what is currently described (at least the 
way I read it).

2. The OpenID checkid_immediate flow. I think we should support this 
case as well. This is where the RP doesn't want any user interaction. 
For this semantic I think it makes more sense to designate this as a 
value for the 'prompt' parameter. We can use 'none' here, but it would 
probably be best to have different values.

Marius, did you mean 'embedded' to imply that the device has no UI? or a 
limited kind of UI capability,

Thanks,
George

On 10/19/11 3:40 PM, Anthony Nadalin wrote:
>
> Seems these might be device specific and best left to profiles to define
>
> *From:*openid-specs-ab-bounces at lists.openid.net 
> [mailto:openid-specs-ab-bounces at lists.openid.net] *On Behalf Of 
> *George Fletcher
> *Sent:* Wednesday, October 19, 2011 12:01 PM
> *To:* openid-specs-ab at lists.openid.net
> *Subject:* [Openid-specs-ab] Messages - 3.1.2 additional display 
> parameter options
>
> Per my action item Monday from ... here is a possible write up for 
> additional options for the display parameter. Currently OpenID Connect 
> defines one value 'none' which means that the request MUST be handled 
> without showing any UI to the user.  Facebook defines (page, iframe, 
> popup, touch, wap) some of which are also in the OpenID UI Extension. 
> I'm not sure we want to support iframe so I didn't include it in the 
> list below.
>
> page
>     The Authorization Server SHOULD display authentication and consent 
> UI consistent with a full browser page view. If the display parameter 
> is not specified this is the default display mode.
>
> popup
>     The Authorization Server SHOULD display authentication and consent 
> UI consistent with a popup browser window. The popup browser window 
> SHOULD conform to N x N pixels.
>
> touch
>     The Authorization Server SHOULD display authentication and consent 
> UI consistent with a device that leverages a touch interface. The 
> Authorization Server MAY attempt to detect the device touch and 
> further customize the interface.
>
> wap
>     The Authorization Server SHOULD display authentication and consent 
> UI consistent with a "feature phone" type display.
>
>
> Note that the semantics are slightly different as these values are 
> more hints from the client where as 'none' is a "command". Would it 
> make sense to move the 'none' feature of display to the 'prompt' 
> parameter? It seems to me that the semantics fit better. The main 
> point of 'none' is that we don't want to ask the user any questions. 
> The fact that no UI is displayed is a side effect of not asking the 
> user for any input.
>
> Thanks,
> George
>

-- 
Chief Architect                   AIM:  gffletch
Identity Services Engineering     Work: george.fletcher at teamaol.com
AOL Inc.                          Home: gffletch at aol.com
Mobile: +1-703-462-3494           Blog: http://practicalid.blogspot.com
Office: +1-703-265-2544           Twitter: http://twitter.com/gffletch

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20111019/cf580932/attachment-0001.html>


More information about the Openid-specs-ab mailing list