<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 23, 2015 at 4:50 AM, Vladimir Dzhuvinov <span dir="ltr"><<a href="mailto:vladimir@connect2id.com" target="_blank">vladimir@connect2id.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi William,<br>
<br>
I really like the improved user experience of FastIDV, bravo!<br>
<br>
Can the OP reliably detect that a given OIDC request is intended for
FastIDV, and not just a request that happens to have a login_hint
that matches the user's email or phone number? Or is this
irrelevant?<br></div></blockquote><div><br></div><div>I think they can reliably classify it for further processing. This is a little complicated, but that's why I tried to split the login into two sections:</div><div><br></div><div>4.1 – qualification (does the request meet the static requirements of the spec for FastIDV processing)</div><div>4.2.1 – validation (is the request actually valid for the currently signed-in user)</div><div><br></div><div>Keen to here any thoughts on the readability & understandability, especially of those sections.</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
Second, OIDC defines 5 response_type values, is there a reason why
only 'code, 'id_token' and 'code id_token' are allowed?<br></div></blockquote><div><br></div><div>In our implementation we won't issue an access token for FastIDV. Perhaps that is overly restrictive?</div><div><br></div><div>There just doesn't seem to be much value in querying userinfo, given the premise of this technique is that we are just asserting back information that the RP already knows (i.e. 'email' field in the ID Token).</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">Finally, could we post minor issues to the Bitbucket repo? The issue
tracker appears to be hidden or disabled.<br></div></blockquote><div><br></div><div>+1 :)</div><div><br></div><div>I've opened up my repo for issue tracking in the interim.</div><div> </div><div>Thanks for your comments!</div><div><br></div><div>Best,</div><div>William</div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span class="">
<br>
<div>On 21.09.2015 10:30, William Denniss
wrote:<br>
</div>
</span><blockquote type="cite">
<pre>Hi All,
You may have heard us talking about FastEV and/or FastIDV in the past,
perhaps in conversations about AccountChooser.net, as it's a technique we
employ there.
I'm hoping we can standardize this technique into something a little more
formal which others may be interested in adopting. To that end, I've
published a draft spec <a href="https://wdenniss.com/fastidv" target="_blank"><https://wdenniss.com/fastidv></a> (version control
<a href="https://bitbucket.org/wdenniss/fastidv/" target="_blank"><https://bitbucket.org/wdenniss/fastidv/></a>).
If you have any comments, I'm keen to hear them. I'll also be joining
Monday's AB call.
Best,
William
</pre>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
Openid-specs-ab mailing list
<a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank">Openid-specs-ab@lists.openid.net</a>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre cols="72">--
Vladimir Dzhuvinov :: <a href="mailto:vladimir@connect2id.com" target="_blank">vladimir@connect2id.com</a></pre>
</font></span></div>
<br>_______________________________________________<br>
Openid-specs-ab mailing list<br>
<a href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-ab" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br>
<br></blockquote></div><br></div></div>