[Openid-specs-ab] MTI: Basic Client Profile sufficient for closed systems?

Tim Bray tbray at textuality.com
Sun Jul 28 20:33:13 UTC 2013


I had not heard this idea before, but it sounds sane to me. -T


On Sun, Jul 28, 2013 at 11:44 AM, Torsten Lodderstedt <
torsten at lodderstedt.net> wrote:

> Hi all,
>
> in the OpenID Connect Workshop at IETF-87, we today discussed the
> "mandatory to implement" requirements (Message/Section 8). One topic was
> the different profiles a client may use to integrate with an OpenID Connect
> OP (Basic Client Profile and Implicit Client Profile).
>
> I think requiring every OP to support both Basic as well as Implicit
> Client Profile unnecessarily increases the cost and complexity of an OP
> implementation. Based on our implementation experiences and feedback from
> our partners I would argue the Basic Client Profile is sufficient for all
> standard use cases and simple to implement. On the other hand, implementing
> the Implicit Client Profile requires not only to implement the implicit
> grant but also nonce, at_hash, RSA signatures and so on, which considerably
> increases implementation complexity.
>
> In the course of the discussion, reasonable arguments were made for
> supporting both profiles in open scenarios, where clients bind to
> previously unknown servers at runtime. Therefore, I would like to suggest
> to make only functions required by the Basic Client Profile mandatory for
> closed systems (section 8.1) and add compliance to the Implicit Client
> Profile to the requirements for open systems (section 8.2).
>
> What do you think?
>
> regards,
> Torsten.
> ______________________________**_________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.**net <Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/**mailman/listinfo/openid-specs-**ab<http://lists.openid.net/mailman/listinfo/openid-specs-ab>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130728/8d270bb3/attachment.html>


More information about the Openid-specs-ab mailing list