<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Arial">Hi Torsten, the current model is that the
Authorization Agent (AZA) may itself obtain an id_token and use it
to obtain an access token, but that only access tokens would be
'handed over' by the AZA to its constituent native apps.<br>
<br>
Are you proposing that there may be value in allowing the AZA to
also hand over id_tokens (suitably targeted) as well?<br>
<br>
paul<br>
<br>
</font>
<div class="moz-cite-prefix">On 7/1/13 1:38 PM, Torsten Lodderstedt
wrote:<br>
</div>
<blockquote cite="mid:51D1BEA8.5010509@lodderstedt.net" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Hi John,<br>
<br>
I interpreted the text of the charter the other way around, so a
client would be able to use an(y) id_token (as a credential) to
obtain an access token. I'm fine if the mechanism is intended to
support id_token issuance.<br>
<br>
regards,<br>
Torsten.<br>
<br>
Am 01.07.2013 15:06, schrieb John Bradley:<br>
<blockquote
cite="mid:1D8C518E-51FF-431F-9066-78CDC94DC99E@ve7jtb.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
Hi Torsten,
<div><br>
</div>
<div>In point 3 the charter talks about using id_tokens to get
access tokens.</div>
<div><br>
</div>
<div>So it is imagined that the mechanism would issue id_tokens
likely along the lines that Google is doing for the play store
by having a 3rd party as an audience and using "azp" to
indicate the client the token was issued to. We don't want
to be too specific on the solution in the charter.</div>
<div><br>
</div>
<div>If you think something needs to be added let me know.</div>
<div><br>
</div>
<div>John B.</div>
<div><br>
</div>
<div>
<div>
<div>On 2013-07-01, at 2:17 AM, Torsten Lodderstedt <<a
moz-do-not-send="true"
href="mailto:torsten@lodderstedt.net">torsten@lodderstedt.net</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">Hi,<br>
<br>
it would be great to have such a mechanism across
platforms!<br>
<br>
I'm wondering whether the mechanism should issue id tokens
as well. Right now it seems to focus on access tokens.<br>
<br>
Regards,<br>
Torsten.<br>
<br>
<div class="gmail_quote"><br>
<br>
John Bradley <<a moz-do-not-send="true"
href="mailto:ve7jtb@ve7jtb.com">ve7jtb@ve7jtb.com</a>>
schrieb:
<blockquote class="gmail_quote" style="margin: 0pt 0pt
0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<pre style="white-space: pre-wrap; word-wrap:break-word; font-family: sans-serif; margin-top: 0px">The enclosed Work Group Charter is being sent to the Specs Council for review in anticipation of chartering the Group.
It is best have this activity under the foundation IPR as soon as possible.
Regards
John B.
</pre>
<div style="margin-top: 2.5em; margin-bottom: 1em;
border-bottom-width: 1px; border-bottom-style:
solid; border-bottom-color: rgb(0, 0, 0); "><br
class="webkit-block-placeholder">
</div>
<pre style="white-space: pre-wrap; word-wrap:break-word; font-family: sans-serif; margin-top: 0px"><hr>
specs mailing list
<a moz-do-not-send="true" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a>
<a moz-do-not-send="true" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a>
</pre>
</blockquote>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
specs mailing list
<a class="moz-txt-link-abbreviated" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a>
</pre>
</blockquote>
<br>
</body>
</html>