[Openid-specs-ab] Identity impersonation?

Mike Jones Michael.Jones at microsoft.com
Mon Nov 24 16:03:39 UTC 2014


There is no OpenID spec for impersonation at present.  There is an OAuth spec https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-00 that describes an impersonation mechanism.

				-- Mike

-----Original Message-----
From: Openid-specs-ab [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Vladimir Dzhuvinov / NimbusDS
Sent: Monday, November 24, 2014 7:23 AM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] Identity impersonation?

Hi guys,

We have a customer who asked whether OIDC supports impersonation, i.e.
the ability to login as somebody else and receive an id_token for the impersonated user.

My understanding is that id_tokens should always be linked to a true identity, and that impersonation should happen by means of an access token only (here I assume that the OP is also an OAuth server). Am I correct on this?

Thanks,

Vladimir

--
Vladimir Dzhuvinov
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs-ab


More information about the Openid-specs-ab mailing list