[Openid-specs-igov] igov spec updated
John Bradley
ve7jtb at ve7jtb.com
Mon Aug 22 19:55:30 UTC 2016
+1
> On Aug 22, 2016, at 4:46 PM, Justin Richer via Openid-specs-igov <openid-specs-igov at lists.openid.net> wrote:
>
> +1 to this. The idea is that you want clients to know what to expect from a system. Being able to count on a user info endpoint to get *something* allows a simplification of code paths.
>
> — Justin
>
>> On Aug 22, 2016, at 3:36 PM, Mike Varley via Openid-specs-igov <openid-specs-igov at lists.openid.net> wrote:
>>
>> Hi Phil - on a call back on July 26th we discussed the UserInfo endpoint requirement:
>> basically we err'd on the side of - Make it a MUST, and privacy conscious ecosystems can just return a 'sub' field with the pairwise anonymous identifier from the id_token (and no other fields - so no new information is actually returned in the UserInfo call).
>>
>> Also, we couldn't (at the time) think of scenarios where it would be a SHALL NOT. But we didn't think long on it :)
>>
>> If there are such scenarios, it's easy to change, we should just include the words to guide implementors on when they shall/should and shall not/should not.
>>
>> MV
>>
>>
>>
>>
>> On 2016-08-22, 2:42 PM, "Phil Hunt (IDM)" <phil.hunt at oracle.com> wrote:
>>
>>> What is the reasoning for making UserInfo a MUST? I can see arguments for making it unavailable. For one many gov scenarios want to make sure tracking is not possible. So there may be scenarios that are SHALL NOT.
>>>
>>> Phil
>>>
>>>> On Aug 22, 2016, at 11:09 AM, Mike Varley via Openid-specs-igov <openid-specs-igov at lists.openid.net> wrote:
>>>>
>>>> Hello all - I have updated the igov-profile spec on bitbucket with the following:
>>>>
>>>> - removed authMode parameter
>>>> - UserInfo endpoint support is now a MUST
>>>> - client_secret_jwt authentication mode added
>>>>
>>>> And some "scopes" that should help governments in defining profiles for their users, while allowing for cross-jurisdictional introp. And ID. This section will need a lot of discussion I hope - I was deliberately brief.
>>>>
>>>> Attached is an HTML version.
>>>>
>>>> Talk to you tomorrow,
>>>>
>>>> MV
>>>>
>>>> <openid-igov-profile-08-22.html>
>>>> _______________________________________________
>>>> Openid-specs-igov mailing list
>>>> Openid-specs-igov at lists.openid.net
>>>> http://lists.openid.net/mailman/listinfo/openid-specs-igov
>>>
>> _______________________________________________
>> Openid-specs-igov mailing list
>> Openid-specs-igov at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-igov
>
> _______________________________________________
> Openid-specs-igov mailing list
> Openid-specs-igov at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-igov
More information about the Openid-specs-igov
mailing list