[Openid-specs-ab] OpenID Connect Federations

Andreas Åkre Solberg andreas.solberg at uninett.no
Fri Aug 24 11:21:37 UTC 2012


Hi,

again, I'm considering the possibility of building Identity Federations with OpenID Connect.

I sketched my idea here:

	https://github.com/andreassolberg/documents/blob/master/openidconnect/draft-solberg-connect-federations.md

The idea is basically to define a chain of JSON documents that lists trusted providers with the combination of issuer, jwt, UI info and possibly restrictions.

I've done an attempt to get updated on the latest work on the 1.0 spec. A few comments wrt federations.

I think it important to not rule out the possibility of implicit authorization. It is not obvious in Identity Federations to apply user consent /authorization at all.
	OIC Standard 2.3.4
	http://openid.net/specs/openid-connect-standard-1_0.html#anchor7

Another thing is the discovery protocol. OIC Discovery 3.2 says response MUST be a plain JSON. I believe there will be several use cases for signing the response as a self-signed JWT.

Andreas




More information about the Openid-specs-ab mailing list