[Openid-specs-ab] Authorization Request or Authentication Request?

Breno de Medeiros breno at google.com
Mon Nov 4 19:14:32 UTC 2013


On Sun, Nov 3, 2013 at 9:37 PM, Mike Jones <Michael.Jones at microsoft.com>wrote:

>  Authentication Request is already in the terminology section at
> http://openid.bitbucket.org/openid-connect-core-1_0.html#Terminology.
> Authorization Request is defined by RFC 6749.
>

I think we should have an explicit entry to Authorization Request that
says: "An OAuth2 Authorization Request as defined in RFC 6749"
And then "Authentication Request" --> With a language more similar to the
one proposed by Nat in this thread.


>
>
> BTW, the terminology change from Authorization Request to Authentication
> Request is already in
> http://openid.bitbucket.org/openid-connect-core-1_0.html.  People are
> encourage to read all the uses of the terms “Authorization Request” and
> “Authentication Request” in the specs to make sure they’re consistent.
>
>
>
>                                                             -- Mike
>
>
>
> *From:* openid-specs-ab-bounces at lists.openid.net [mailto:
> openid-specs-ab-bounces at lists.openid.net] *On Behalf Of *Breno de Medeiros
> *Sent:* Sunday, November 03, 2013 7:27 PM
> *To:* Richer, Justin P.
> *Cc:* <openid-specs-ab at lists.openid.net>
> *Subject:* Re: [Openid-specs-ab] Authorization Request or Authentication
> Request?
>
>
>
> Could we explicitly add the definitions of the terms "Authentication
> Request" and "Authorization Request" to the Terminology section, using
> language proposed by Nat?
>
>
>
> On Sun, Nov 3, 2013 at 9:47 AM, Richer, Justin P. <jricher at mitre.org>
> wrote:
>
> +1
>
>
>
> On Nov 3, 2013, at 9:48 AM, Torsten Lodderstedt <torsten at lodderstedt.net>
>
>  wrote:
>
>
>
>  +1
>
>
>
> Brian Campbell <bcampbell at pingidentity.com> schrieb:
>
> Having Connect define and use the term “Authentication Request” provides a
> nice semantic distinction of what's going on beyond a plain old OAuth
> "Authorization Request" and, I think, makes it easier to talk about and
> explain.
>
> So yes, Authentication Request is section headers and in content where
> appropriate is what I'd prefer.
>
>
>
> On Wed, Oct 30, 2013 at 8:26 PM, n-sakimura <n-sakimura at nri.co.jp> wrote:
>
> My suggestion was affected by one of the earlier reviewer. I thought that
> was quite reasonable.
> To me, the definition of the each terms are as follows now:
>
> Authorization Request
> OAuth 2.0 Authroization Request
>
> Authentication Request
> Authorization Request used to obtain the Authentication Result through the
> use of OpenID Connect extension parameters and profiled scopes
>
> As a section header, I believe Authentication Request is more appropriate.
>
> Nat
>
>
>
> (2013/10/31 12:01), Mike Jones wrote:
>
>   We define an Authentication Request as an OAuth 2.0 Authorization
> Request that requests that the End-User be authenticated by the
> Authorization Server.  And we use the term Authentication Request in a few
> places.  However, we use the term “Authorization Request” in the section
> headings, because it’s the OAuth message used.
>
>
>
> More than one reviewer has suggested that we change these section headings
> from “Authorization Request” to “Authentication Request”.  I agree that
> that’s a better semantic description.  We’d just have to be careful to
> continue to say “Authentication Request” when referring to the OAuth
> message.
>
>
>
> What do people prefer?
>
>
>
>                                                             -- Mike
>
>
>
>
>
> _______________________________________________
>
> Openid-specs-ab mailing list
>
> Openid-specs-ab at lists.openid.net
>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
>
>  --
>
> Nat Sakimura (n-sakimura at nri.co.jp)
>
> Nomura Research Institute, Ltd.
>
> Tel:+81-3-6274-1412 <+81-3-6274-1412> Fax:+81-3-6274-1547
>
>
>
> 本メールに含まれる情報は機密情報であり、宛先に記載されている方のみに送信することを意図しております。意図された受取人以外の方によるこれらの情報の開示、複製、再配布や転送など一切の利用が禁止されています。誤って本メールを受信された場合は、申し訳ござ&#1235
>
>  6;&#124
>
> 14;せんが、送信者までお知らせいただき、受信されたメールを削除していただきますようお願い致します。
>
> PLEASE READ:
>
> The information contained in this e-mail is confidential and intended for the named recipient(s) only.
>
> If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
>
>
> ------------------------------
>
>
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>   _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
>
>
> --
> --Breno
>



-- 
--Breno
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131104/a004730c/attachment.html>


More information about the Openid-specs-ab mailing list