Hi John,
I interpreted the text of the charter the other way around, so a client
would be able to use an(y) id_token (as a credential) to obtain an
access token. I'm fine if the mechanism is intended to support id_token
issuance.
regards,
Torsten.
Am 01.07.2013 15:06, schrieb John Bradley:
Hi Torsten,
In point 3 the charter talks about using id_tokens to get access tokens.
So it is imagined that the mechanism would issue id_tokens likely
along the lines that Google is doing for the play store by having a
3rd party as an audience and using "azp" to indicate the client the
token was issued to. We don't want to be too specific on the
solution in the charter.
If you think something needs to be added let me know.
John B.
On 2013-07-01, at 2:17 AM, Torsten Lodderstedt
<[email protected] <mailto:[email protected]>> wrote:
Hi,
it would be great to have such a mechanism across platforms!
I'm wondering whether the mechanism should issue id tokens as well.
Right now it seems to focus on access tokens.
Regards,
Torsten.
John Bradley <[email protected] <mailto:[email protected]>> schrieb:
The enclosed Work Group Charter is being sent to the Specs Council for
review in anticipation of chartering the Group.
It is best have this activity under the foundation IPR as soon as possible.
Regards
John B.
------------------------------------------------------------------------
specs mailing list
[email protected] <mailto:[email protected]>
http://lists.openid.net/mailman/listinfo/openid-specs
_______________________________________________
specs mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-specs
