<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I'm actually OK with dropping "schema" entirely here. If you're
going to do a SCIM setup, it's more than just a schema difference,
it's effectively a different endpoint.<br>
<br>
I also don't understand the "id" parameter restriction -- there was
probably a good reason at the time, but I don't see it recorded. I
would guess that it's to prevent people from trying to query for
different users other than "the current user"?<br>
<br>
-- Justin<br>
<br>
<div class="moz-cite-prefix">On 03/06/2013 09:03 AM, Brian Campbell
wrote:<br>
</div>
<blockquote
cite="mid:CA+k3eCQiPhGmVcfNDFSp9j9zmr_Hin4dJV4076oR8q++9xVFKA@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<div dir="ltr">
<div>
<div>
<div>
<div>That raises some different questions than I had in
mind.<br>
<br>
</div>
I'd say if the OP needs something on the endpoint like
that, whatever it might be, then yes they include it all
and let the client discover and use it. That probably
suggests that language is needed for the endpoint saying
that it may include a query component which must be
retained (similar to what RFC 6749 has in a few places in
the endpoints section). <br>
<br>
</div>
The questions I was getting at are if an extensibility point
is needed for the schema of the UserInfo Endpoint at all? If
so, both client and OP need to understand it, which suggests
maybe supported schema types need to be advertized in
discovery. And maybe included in registration. And if you do
that, the need for a parameter on the UIEP maybe goes away
The more I think about it, the more it seems this
extensibility point isn't fully baked. <br>
<br>
</div>
But I digress. What I was originally asking for was to not
make schema required and let openid be the default value when
it's not specified. It's award to have only one possible value
for a parameter but require that everyone send exactly that
value all the time.<br>
<br>
</div>
<div>I'm also still confused about why there's this reserved id
parameter there. What's the point? Wouldn't saying something
general about ignoring other parameters be more appropriate?
If anything needs to be said at all.<br>
</div>
<div><br>
</div>
<br>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Tue, Mar 5, 2013 at 5:34 PM, Mike
Jones <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:Michael.Jones@microsoft.com" target="_blank">Michael.Jones@microsoft.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p>To be completely clear, if we keep the present
semantics I believe we need to add this language:</p>
<p> </p>
<p style="margin-left:.5in">The Client MUST add
"schema=openid" as a request parameter when making a
request to the UserInfo Endpoint.</p>
<p> </p>
<p>Is that want we really want? Or should we make it
the responsibility of the OP to add this parameter
when needed, and let the Client discover a UserInfo
Endpoint address that may include a “?schema=openid”
query parameter, when the OP needs it to be present
(slightly simplifying the client)?<span class="HOEnZb"></span></p>
<span class="HOEnZb"><font color="#888888">
<p> </p>
<p>
-- Mike</p>
</font></span>
<div>
<div class="h5">
<p> </p>
<p>-----Original Message-----<br>
From: <a moz-do-not-send="true"
href="mailto:openid-specs-ab-bounces@lists.openid.net"
target="_blank">openid-specs-ab-bounces@lists.openid.net</a>
[mailto:<a moz-do-not-send="true"
href="mailto:openid-specs-ab-bounces@lists.openid.net"
target="_blank">openid-specs-ab-bounces@lists.openid.net</a>]
On Behalf Of Mike Jones<br>
Sent: Tuesday, March 05, 2013 2:58 PM<br>
To: Nat Sakimura; Vladimir Dzhuvinov / NimbusDS<br>
Cc: <a moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank">openid-specs-ab@lists.openid.net</a><br>
Subject: Re: [Openid-specs-ab] Couple questions on
the UserInfo Request</p>
<p> </p>
<p>Having read §2.3.1 (UserInfo Request), first I
think something like these words are missing
before the list "The following request parameters
are used with the UserInfo endpoint:". I can add
those.</p>
<p> </p>
<p>However, looking at this again, I believe there's
an ambiguity whether the client adds the
"schema=openid" parameter or not. Making this
concrete, I believe that the URL of Google's
UserInfo Endpoint is:</p>
<p> <a moz-do-not-send="true"
href="https://www.googleapis.com/oauth2/v3/userinfo?schema=openid"
target="_blank">
<span
style="color:windowtext;text-decoration:none">https://www.googleapis.com/oauth2/v3/userinfo?schema=openid</span></a></p>
<p>They've already added the parameter to their
endpoint address.</p>
<p> </p>
<p>Should they actually be advertising this UserInfo
endpoint address instead:</p>
<p> <a moz-do-not-send="true"
href="https://www.googleapis.com/oauth2/v3/userinfo"
target="_blank">
<span
style="color:windowtext;text-decoration:none">https://www.googleapis.com/oauth2/v3/userinfo</span></a></p>
<p>with the expectation that the Client will add the
"schema=openid" parameter?</p>
<p> </p>
<p>I think we may need to be clearer on this.</p>
<p> </p>
<p>
-- Mike</p>
<p> </p>
<p>-----Original Message-----</p>
<p>From: <a moz-do-not-send="true"
href="mailto:openid-specs-ab-bounces@lists.openid.net"
target="_blank">
<span
style="color:windowtext;text-decoration:none">openid-specs-ab-bounces@lists.openid.net</span></a>
[<a moz-do-not-send="true"
href="mailto:openid-specs-ab-bounces@lists.openid.net"
target="_blank"><span
style="color:windowtext;text-decoration:none">mailto:openid-specs-ab-bounces@lists.openid.net</span></a>]
On Behalf Of Nat Sakimura</p>
<p>Sent: Tuesday, March 05, 2013 11:27 AM</p>
<p>To: Vladimir Dzhuvinov / NimbusDS</p>
<p>Cc: <a moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank"><span
style="color:windowtext;text-decoration:none">openid-specs-ab@lists.openid.net</span></a></p>
<p>Subject: Re: [Openid-specs-ab] Couple questions
on the UserInfo Request</p>
<p> </p>
<p>At around the time, we switched from SCIM schema
to the flat schema due to developer requests at
the time. However, we wanted to provide the
ability to specify other scheme name such as scim
to get the data in that format if the server
supports.</p>
<p> </p>
<p>Sent from iPad</p>
<p> </p>
<p>2013/03/06 4:10<span style="font-family:"MS
Mincho"">、</span>Vladimir Dzhuvinov /
NimbusDS <<a moz-do-not-send="true"
href="mailto:vladimir@nimbusds.com"
target="_blank"><span
style="color:windowtext;text-decoration:none">vladimir@nimbusds.com</span></a>>
<span style="font-family:"MS Mincho"">の
メッセージ</span>:</p>
<p> </p>
<p>> I was also wondering about that. It seems to
be an artefact from old
</p>
<p>> drafts 05 and 07, as the doc history
suggests:</p>
<p>> </p>
<p>> <a moz-do-not-send="true"
href="http://openid.net/specs/openid-connect-messages-1_0.html#rfc.section.C"
target="_blank">
<span
style="color:windowtext;text-decoration:none">http://openid.net/specs/openid-connect-messages-1_0.html#rfc.section.C</span></a></p>
<p>> </p>
<p>> Vladimir</p>
<p>> </p>
<p>> --</p>
<p>> Vladimir Dzhuvinov : <a
moz-do-not-send="true"
href="http://www.NimbusDS.com" target="_blank">
<span
style="color:windowtext;text-decoration:none">www.NimbusDS.com</span></a>
:
<a moz-do-not-send="true"
href="mailto:vladimir@nimbusds.com"
target="_blank"><span
style="color:windowtext;text-decoration:none">vladimir@nimbusds.com</span></a></p>
<p>> </p>
<p>> </p>
<p>> </p>
<p>> -------- Original Message --------</p>
<p>> Subject: [Openid-specs-ab] Couple questions
on the UserInfo Request</p>
<p>> From: Brian Campbell <<a
moz-do-not-send="true"
href="mailto:bcampbell@pingidentity.com"
target="_blank"><span
style="color:windowtext;text-decoration:none">bcampbell@pingidentity.com</span></a>></p>
<p>> Date: Tue, March 05, 2013 6:30 pm</p>
<p>> To: "<<a moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank"><span
style="color:windowtext;text-decoration:none">openid-specs-ab@lists.openid.net</span></a>>"</p>
<p>> <<a moz-do-not-send="true"
href="mailto:openid-specs-ab@lists.openid.net"
target="_blank"><span
style="color:windowtext;text-decoration:none">openid-specs-ab@lists.openid.net</span></a>></p>
<p>> </p>
<p>> In §2.3.1. UserInfo Request at</p>
<p>> <a moz-do-not-send="true"
href="http://openid.bitbucket.org/openid-connect-messages-1_0.html#UserInfoR"
target="_blank">
<span
style="color:windowtext;text-decoration:none">http://openid.bitbucket.org/openid-connect-messages-1_0.html#UserInfoR</span></a></p>
<p>> equest , if the only defined schema value is
openid, why make it
</p>
<p>> required rather than just defaulting to the
only current possible
</p>
<p>> value?</p>
<p>> </p>
<p>> And what is the id parameter for? It just
kind of sticks out as odd
</p>
<p>> there. I imagine there's some reason it's
there but the associated
</p>
<p>> text is kind of cryptic and doesn't explain
much.</p>
<p>> </p>
<p>>
_______________________________________________</p>
<p>> Openid-specs-ab mailing list</p>
<p>> <a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank"><span
style="color:windowtext;text-decoration:none">Openid-specs-ab@lists.openid.net</span></a></p>
<p>> <a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
target="_blank">
<span
style="color:windowtext;text-decoration:none">http://lists.openid.net/mailman/listinfo/openid-specs-ab</span></a></p>
<p>>
_______________________________________________</p>
<p>> Openid-specs-ab mailing list</p>
<p>> <a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank"><span
style="color:windowtext;text-decoration:none">Openid-specs-ab@lists.openid.net</span></a></p>
<p>> <a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
target="_blank">
<span
style="color:windowtext;text-decoration:none">http://lists.openid.net/mailman/listinfo/openid-specs-ab</span></a></p>
<p>_______________________________________________</p>
<p>Openid-specs-ab mailing list</p>
<p><a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank"><span
style="color:windowtext;text-decoration:none">Openid-specs-ab@lists.openid.net</span></a></p>
<p><a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
target="_blank"><span
style="color:windowtext;text-decoration:none">http://lists.openid.net/mailman/listinfo/openid-specs-ab</span></a></p>
<p>_______________________________________________</p>
<p>Openid-specs-ab mailing list</p>
<p><a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net"
target="_blank"><span
style="color:windowtext;text-decoration:none">Openid-specs-ab@lists.openid.net</span></a></p>
<p><a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
target="_blank"><span
style="color:windowtext;text-decoration:none">http://lists.openid.net/mailman/listinfo/openid-specs-ab</span></a></p>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a moz-do-not-send="true"
href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs-ab"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
</body>
</html>