[Openid-specs-igov] igov spec updated

John Bradley ve7jtb at ve7jtb.com
Mon Aug 22 19:55:30 UTC 2016


+1
> On Aug 22, 2016, at 4:46 PM, Justin Richer via Openid-specs-igov <openid-specs-igov at lists.openid.net> wrote:
> 
> +1 to this. The idea is that you want clients to know what to expect from a system. Being able to count on a user info endpoint to get *something* allows a simplification of code paths.
> 
> — Justin
> 
>> On Aug 22, 2016, at 3:36 PM, Mike Varley via Openid-specs-igov <openid-specs-igov at lists.openid.net> wrote:
>> 
>> Hi Phil - on a call back on July 26th we discussed the UserInfo endpoint requirement:
>> basically we err'd on the side of - Make it a MUST, and privacy conscious ecosystems can just return a 'sub' field with the pairwise anonymous identifier from the id_token (and no other fields - so no new information is actually returned in the UserInfo call). 
>> 
>> Also, we couldn't (at the time) think of scenarios where it would be a SHALL NOT. But we didn't think long on it :)
>> 
>> If there are such scenarios, it's easy to change, we should just include the words to guide implementors on when they shall/should and shall not/should not.
>> 
>> MV
>> 
>> 
>> 
>> 
>> On 2016-08-22, 2:42 PM, "Phil Hunt (IDM)" <phil.hunt at oracle.com> wrote:
>> 
>>> What is the reasoning for making UserInfo a MUST? I can see arguments for making it unavailable. For one many gov scenarios want to make sure tracking is not possible. So there may be scenarios that are SHALL NOT. 
>>> 
>>> Phil
>>> 
>>>> On Aug 22, 2016, at 11:09 AM, Mike Varley via Openid-specs-igov <openid-specs-igov at lists.openid.net> wrote:
>>>> 
>>>> Hello all - I have updated the igov-profile spec on bitbucket with the following:
>>>> 
>>>> - removed authMode parameter
>>>> - UserInfo endpoint support is now a MUST
>>>> - client_secret_jwt authentication mode added
>>>> 
>>>> And some "scopes" that should help governments in defining profiles for their users, while allowing for cross-jurisdictional introp. And ID. This section will need a lot of discussion I hope - I was deliberately brief.
>>>> 
>>>> Attached is an HTML version.
>>>> 
>>>> Talk to you tomorrow,
>>>> 
>>>> MV
>>>> 
>>>> <openid-igov-profile-08-22.html>
>>>> _______________________________________________
>>>> Openid-specs-igov mailing list
>>>> Openid-specs-igov at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-igov
>>> 
>> _______________________________________________
>> Openid-specs-igov mailing list
>> Openid-specs-igov at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-igov
> 
> _______________________________________________
> Openid-specs-igov mailing list
> Openid-specs-igov at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-igov



More information about the Openid-specs-igov mailing list