[Openid-specs-ab] Front channel and back channel

Brian Campbell bcampbell at pingidentity.com
Tue Nov 19 21:34:38 UTC 2013


Colloquially "front channel" is used to describe when a token or
message is sent though the user agent via a redirect or similar. And
"back channel" is used when a token or message is sent directly
between the client and server.  Exchanges involving the authorization
endpoint are typically going to be front channel while those involving
the token endpoint are back channel.

On Tue, Nov 19, 2013 at 11:54 AM, Mike Jones
<Michael.Jones at microsoft.com> wrote:
> We use the terms “front channel” and “back channel” in the Security
> Considerations but never define them.  Does anyone have a definition?
>
>
>
>                                                             -- Mike
>
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>


More information about the Openid-specs-ab mailing list