[Openid-specs-ab] Should we put self-issued into the Messages or should we create a separate document?

Mike Jones Michael.Jones at microsoft.com
Fri May 18 16:28:59 UTC 2012


We'd talked about that as a fallback, but decided against it, for some of the very reasons that you cite.  All RPs need to know is to *not* try to discover or do registration to self-issued IdPs and instead to use the IdPs public key or information derived from it directly.  See http://hg.openid.net/connect/issue/566/messages-standard-define-self-issued-op.

                                                            -- Mike

From: Justin Richer [mailto:jricher at mitre.org]
Sent: Friday, May 18, 2012 9:19 AM
To: Mike Jones
Cc: openid-specs-ab at lists.openid.net
Subject: Re: [Openid-specs-ab] Should we put self-issued into the Messages or should we create a separate document?



Responding to Justin's point about static infrastructure, I believe that the way we're going to specify it will require no static infrastructure.  Actually, it make is the protocol *more* distributed, as it removes the dependence upon third party IdPs.
Doesn't it require selfissued.me to be there to answer for all of these self-issued pocket IdPs in terms of discovery? That's the functionality that I understood from the meeting at Yahoo.

 -- Justin

From:

 openid-specs-ab-bounces at lists.openid.net<mailto:openid-specs-ab-bounces at lists.openid.net> [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Justin Richer

Sent: Friday, May 18, 2012 8:17 AM
To: openid-specs-ab at lists.openid.net<mailto:openid-specs-ab at lists.openid.net>
Subject: Re: [Openid-specs-ab] Should we put self-issued into the Messages or should we create a separate document?

In my opinion, it's too much of a bolt-on bit of functionality to add it to the core spec. It also presumes a few pieces of static infrastructure to be in place in order to function, and I'm not comfortable with a distributed protocol doing that in the first place.

 -- Justin

On 05/17/2012 05:29 PM, Nat Sakimura wrote:
We have self-issued OP documented at https://bitbucket.org/openid/connect/issue/566/messages-standard-define-self-issued-op .
We have built the code that works.

We decided not to create Userinfo token, but decided to include them in the id_token.
Registration overlay still have not reached the consensus.

Having said that, we should now consider where we are going to put these in.
In Messages?
Or a separate spec?

Please discuss.

--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en






_______________________________________________

Openid-specs-ab mailing list

Openid-specs-ab at lists.openid.net<mailto:Openid-specs-ab at lists.openid.net>

http://lists.openid.net/mailman/listinfo/openid-specs-ab


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120518/853077b2/attachment-0001.html>


More information about the Openid-specs-ab mailing list