[Openid-specs-ab] MTI: Basic Client Profile sufficient for closed systems?

Nat Sakimura sakimura at gmail.com
Sun Jul 28 19:21:15 UTC 2013

I suppose it would be reasonable given that for a closed system, the client
has to be configured by hand.


2013/7/29 Torsten Lodderstedt <torsten at lodderstedt.net>

> Hi all,
> in the OpenID Connect Workshop at IETF-87, we today discussed the
> "mandatory to implement" requirements (Message/Section 8). One topic was
> the different profiles a client may use to integrate with an OpenID Connect
> OP (Basic Client Profile and Implicit Client Profile).
> I think requiring every OP to support both Basic as well as Implicit
> Client Profile unnecessarily increases the cost and complexity of an OP
> implementation. Based on our implementation experiences and feedback from
> our partners I would argue the Basic Client Profile is sufficient for all
> standard use cases and simple to implement. On the other hand, implementing
> the Implicit Client Profile requires not only to implement the implicit
> grant but also nonce, at_hash, RSA signatures and so on, which considerably
> increases implementation complexity.
> In the course of the discussion, reasonable arguments were made for
> supporting both profiles in open scenarios, where clients bind to
> previously unknown servers at runtime. Therefore, I would like to suggest
> to make only functions required by the Basic Client Profile mandatory for
> closed systems (section 8.1) and add compliance to the Implicit Client
> Profile to the requirements for open systems (section 8.2).
> What do you think?
> regards,
> Torsten.
> ______________________________**_________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.**net <Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/**mailman/listinfo/openid-specs-**ab<http://lists.openid.net/mailman/listinfo/openid-specs-ab>

Nat Sakimura (=nat)
Chairman, OpenID Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130729/82f9ed3a/attachment.html>

More information about the Openid-specs-ab mailing list