[Openid-specs-ab] Issue #898: New Core - 1.2 Terminology - Authentication Request, Authorization Request (openid/connect)

n-sakimura n-sakimura at nri.co.jp
Wed Nov 6 00:53:09 UTC 2013


The text does not say that ID Token is a part of the request.
It is talking about the expected result / aim.

(2013/11/05 11:34), Mike Jones wrote:
>
> The ID Token part is not part of the Authentication Request.  It's 
> contained in a response which is either an Authorization Response or 
> Token Response, depending upon the flow used.  Therefore, I didn't say 
> anything about the ID Token in the Authentication Request definition.
>
> We're now talking about the ID Token in lots of introductory text, so 
> I don't think not saying anything about it in this definition a problem.
>
> -- Mike
>
> *From:*Nat Sakimura [mailto:sakimura at gmail.com]
> *Sent:* Tuesday, November 05, 2013 1:36 AM
> *To:* Mike Jones
> *Cc:* openid-specs-ab at lists.openid.net
> *Subject:* Re: [Openid-specs-ab] Issue #898: New Core - 1.2 
> Terminology - Authentication Request, Authorization Request 
> (openid/connect)
>
> What about:
>
> **Authentication Request**
> Authorization Request used to obtain the result of authentication 
> performed by the server as ID Token through the use of OpenID Connect 
> extension parameters and profiled scopes
>
> What is important about it is that the authentication is performed at 
> the server and the result is transferred from the server to the client 
> through ID Token.
>
> 2013/11/5 Mike Jones <Michael.Jones at microsoft.com 
> <mailto:Michael.Jones at microsoft.com>>
>
> I'm fine with adding the "Authorization Request" definition.  As for 
> the Authentication Request definition, I have some quibbles with Nat's 
> proposed language, because I find it to be less clear and somewhat 
> circular.  Saying "to obtain the Authentication Result" doesn't add 
> anything, and in fact, would just cause us to have to define 
> "Authentication Result" as well.
>
> How about something closer to this?
>
> **Authentication Request**
> An OAuth 2.0 Authorization Request using extension parameters and 
> scopes defined by OpenID Connect to request that the End-User be 
> authenticated by the Authorization Server, which is an OpenID Connect 
> Provider.
>
>                                 -- Mike
>
>
> -----Original Message-----
> From: openid-specs-ab-bounces at lists.openid.net 
> <mailto:openid-specs-ab-bounces at lists.openid.net> 
> [mailto:openid-specs-ab-bounces at lists.openid.net 
> <mailto:openid-specs-ab-bounces at lists.openid.net>] On Behalf Of Nat 
> Sakimura
> Sent: Monday, November 04, 2013 11:13 PM
> To: openid-specs-ab at lists.openid.net 
> <mailto:openid-specs-ab at lists.openid.net>
> Subject: [Openid-specs-ab] Issue #898: New Core - 1.2 Terminology - 
> Authentication Request, Authorization Request (openid/connect)
>
> New issue 898: New Core - 1.2 Terminology - Authentication Request, 
> Authorization Request 
> https://bitbucket.org/openid/connect/issue/898/new-core-12-terminology-authentication
>
> Nat Sakimura:
>
> Capturing Breno's request on Nov. 4 that says: "I think we should have 
> an explicit entry to Authorization Request that says: "An OAuth2 
> Authorization Request as defined in RFC 6749"
> And then "Authentication Request" --> With a language more similar to 
> the one proposed by Nat in this thread."
>
> **Currently**:
>
> **Authentication Request**
> An OAuth 2.0 Authorization Request that requests that the End-User be 
> authenticated by the Authorization Server.
>
> **Proposed**:
>
> **Authentication Request**
> Authorization Request used to obtain the Authentication Result through 
> the use of OpenID Connect extension parameters and profiled scopes
>
> **Authorization Request**
> OAuth 2 authorization request as defined in RFC 6749
>
>
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net <mailto:Openid-specs-ab at lists.openid.net>
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
> -- 
> Nat Sakimura (=nat)
>
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab


-- 
Nat Sakimura (n-sakimura at nri.co.jp)
Nomura Research Institute, Ltd.
Tel:+81-3-6274-1412 Fax:+81-3-6274-1547

????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
PLEASE READ:
The information contained in this e-mail is confidential and intended for the named recipient(s) only.
If you are not an intended recipient of this e-mail, you are hereby notified that any review, dissemination, distribution or duplication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete your copy from your system.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131105/cf9619c7/attachment.html>


More information about the Openid-specs-ab mailing list