<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="Arial">Hi Nat, the current AZA model does not preclude
an access token being formatted as an id_token.<br>
<br>
I believe Torsten was conjecturing that there was potential value
in an id_token being delivered to a native app in addition to an
access token (whether formatted as id_token or not)<br>
<br>
Regards<br>
<br>
paul<br>
</font><br>
<div class="moz-cite-prefix">On 7/2/13 10:53 AM, Nat Sakimura wrote:<br>
</div>
<blockquote
cite="mid:CABzCy2CDWuCJ6sfr-L4=LveRo9Jx7gKftXv=RvjbgK6SSd2fnw@mail.gmail.com"
type="cite">
<div dir="ltr">I actually do see some utility in the access token
in the format of ID Token.
<div style="">It can give appropriate audience restriction etc. </div>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">
2013/7/2 Paul Madsen <span dir="ltr"><<a
moz-do-not-send="true" href="mailto:paulmadsen@rogers.com"
target="_blank">paulmadsen@rogers.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <font face="Arial">Hi
Torsten, the current model is that the Authorization
Agent (AZA) may itself obtain an id_token and use it to
obtain an access token, but that only access tokens
would be 'handed over' by the AZA to its constituent
native apps.<br>
<br>
Are you proposing that there may be value in allowing
the AZA to also hand over id_tokens (suitably targeted)
as well?<br>
<br>
paul<br>
<br>
</font>
<div>
<div class="h5">
<div>On 7/1/13 1:38 PM, Torsten Lodderstedt wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div class="h5"> Hi John,<br>
<br>
I interpreted the text of the charter the other way
around, so a client would be able to use an(y)
id_token (as a credential) to obtain an access
token. I'm fine if the mechanism is intended to
support id_token issuance.<br>
<br>
regards,<br>
Torsten.<br>
<br>
Am 01.07.2013 15:06, schrieb John Bradley:<br>
<blockquote type="cite"> Hi Torsten,
<div><br>
</div>
<div>In point 3 the charter talks about using
id_tokens to get access tokens.</div>
<div><br>
</div>
<div>So it is imagined that the mechanism would
issue id_tokens likely along the lines that
Google is doing for the play store by having a
3rd party as an audience and using "azp" to
indicate the client the token was issued to.
We don't want to be too specific on the solution
in the charter.</div>
<div><br>
</div>
<div>If you think something needs to be added let
me know.</div>
<div><br>
</div>
<div>John B.</div>
<div><br>
</div>
<div>
<div>
<div>On 2013-07-01, at 2:17 AM, Torsten
Lodderstedt <<a moz-do-not-send="true"
href="mailto:torsten@lodderstedt.net"
target="_blank">torsten@lodderstedt.net</a>>
wrote:</div>
<br>
<blockquote type="cite">Hi,<br>
<br>
it would be great to have such a mechanism
across platforms!<br>
<br>
I'm wondering whether the mechanism should
issue id tokens as well. Right now it seems
to focus on access tokens.<br>
<br>
Regards,<br>
Torsten.<br>
<br>
<div class="gmail_quote"><br>
<br>
John Bradley <<a moz-do-not-send="true"
href="mailto:ve7jtb@ve7jtb.com"
target="_blank">ve7jtb@ve7jtb.com</a>>
schrieb:
<blockquote class="gmail_quote"
style="margin:0pt 0pt 0pt
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<pre style="white-space:pre-wrap;word-wrap:break-word;font-family:sans-serif;margin-top:0px">The enclosed Work Group Charter is being sent to the Specs Council for review in anticipation of chartering the Group.
It is best have this activity under the foundation IPR as soon as possible.
Regards
John B.
</pre>
<div
style="margin-top:2.5em;margin-bottom:1em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(0,0,0)"><br>
</div>
<pre style="white-space:pre-wrap;word-wrap:break-word;font-family:sans-serif;margin-top:0px"><hr>
specs mailing list
<a moz-do-not-send="true" href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a>
<a moz-do-not-send="true" href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a>
</pre>
</blockquote>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
specs mailing list
<a moz-do-not-send="true" href="mailto:specs@lists.openid.net" target="_blank">specs@lists.openid.net</a>
<a moz-do-not-send="true" href="http://lists.openid.net/mailman/listinfo/openid-specs" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a>
</pre>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
specs mailing list<br>
<a moz-do-not-send="true"
href="mailto:specs@lists.openid.net">specs@lists.openid.net</a><br>
<a moz-do-not-send="true"
href="http://lists.openid.net/mailman/listinfo/openid-specs"
target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs</a><br>
<br>
</blockquote>
</div>
<br>
<br clear="all">
<div><br>
</div>
-- <br>
Nat Sakimura (=nat)
<div>Chairman, OpenID Foundation<br>
<a moz-do-not-send="true" href="http://nat.sakimura.org/"
target="_blank">http://nat.sakimura.org/</a><br>
@_nat_en</div>
</div>
</blockquote>
<br>
</body>
</html>