[Openid-specs-ab] Issue #846: Standard - 1. Introduction - the text is rather poor (openid/connect)

Nat Sakimura issues-reply at bitbucket.org
Sun Jun 2 03:07:26 UTC 2013


New issue 846: Standard - 1. Introduction - the text is rather poor
https://bitbucket.org/openid/connect/issue/846/standard-1-introduction-the-text-is-rather

Nat Sakimura:

It looks like just a stub text. 

Currently: 

This specification describes the binding of the HTTP protocol with the endpoints described in OpenID Connect Messages 1.0 [OpenID.Messages].

Proposal: 

The OAuth 2.0 Authorization Framework [RFC6749] provides a general framework for a third-party application to obtain limited access to an HTTP service. As such, it provides the mechanism to provide tokens to the services but it does not provide a standardized method to provide identity information. Notably, without profiling it, it is incapable of provide information around authentication event of an entity. 

This specification binds the standardized identity messages that includes authentication event information defined in OpenID Connect Messages 1.0 [OpenID.Messages] to RFC6749 and RFC6750 to allow the services to exchange the identity information: i.e., builds an identity layer on top of OAuth 2.0. With this specification, developers are enabled to build authentication and attributes sharing system on top of OAuth 2.0 based system. 




More information about the Openid-specs-ab mailing list