[Openid-specs-ab] Openid connect discovery review

George Fletcher gffletch at aol.com
Sat Oct 26 14:51:11 UTC 2013


> See file attached to this message
> 
> File: OpenID Connect Discovery - draft 18 - flattened.pdf
> 
> Annotation summary:
> 
> --- Page 3 ---
> 
> Highlight (yellow), Oct 25, 2013, 9:28 AM, George Fletcher:
> Relying Party
> 
> Note (yellow), Oct 25, 2013, 9:28 AM, George Fletcher:
> Relying Party is capitalized but not defined. This probably doesn't matter, but just wanted to check given the earlier comment about "capitalized" terms being normative.
> 
> Highlight (yellow), Oct 25, 2013, 9:28 AM, George Fletcher:
> The Issuer MUST be returned in the response
> 
> Note (yellow), Oct 25, 2013, 9:28 AM, George Fletcher:
> I'm assuming this means... The Issuer MUST be returned as a result of the OP discovery flow. Webfinger allows for discovery endpoint redirection and requiring the Issuer in the response seems to preclude that option.
> 
> 
> --- Page 7 ---
> 
> Note (yellow), Oct 25, 2013, 9:28 AM, George Fletcher:
> What is account chooser doing in this case? Is it the IdPs responsibility to put the non-owned domaines loginID into Account Chooser?
> 
> 
> --- Page 8 ---
> 
> Note (yellow), Oct 25, 2013, 9:28 AM, George Fletcher:
> I'm not quite sure how to really comply with this as at AOL all the RS's define their own scopes. Keeping the AS up to date with all in use scopes has some operational issues. Also, some scopes we may wish to not publish. I realize that this item is just RECOMMENDED but that is still very strong. Curious how other Authorizations Servers are dealing with this.
> 
> Highlight (yellow), Oct 25, 2013, 9:28 AM, George Fletcher:
> scopes_supported
> 
> 
> (report generated by GoodReader)
> 
> 
> 
> 
> 
> 
> --
> George Fletcher
> Blog: http://practicalid.blogspot.com
> Photos: http://www.flickr.com/photos/gffphotos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenID Connect Discovery - draft 18 - flattened.pdf
Type: application/pdf
Size: 263050 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131026/746e8a99/attachment-0001.pdf>


More information about the Openid-specs-ab mailing list