Hi Luke, Inline:
On Wed, May 26, 2010 at 11:17 PM, Luke Shepard <[email protected]> wrote: > > On May 25, 2010, at 7:45 PM, Nat Sakimura wrote: > >> Hi Allen, >> >> Thanks for your response. >> >> That is right, and as I have indicated in the OAuth list, >> I was wishing the artifact flow to be included in the >> OAuth 2.0 as well, as it improves the mobile support as well >> as the security. >> >> For those of you who are not closely following as Allen, >> the difference is that in Artifact Binding, instead of sending >> all the parameters in the browser redirect, it only sends a URL >> from which the OAuth Authorization server can obtain >> all the parameters, including OpenID extension parameters. >> >> (David and Dick, can you just push this through? Or is there >> something that I have to do?) >> > > The great thing about OAuth 2.0 is that it allows for different Flows to > obtain an access token. Why don't you write a flow in the OAuth 2.0 style for > Artifact Binding? Actually, I did. See: http://www.sakimura.org/en/modules/wordpress/oauth-20-mobile-webapp-flow/ > >> Otherwise, it is almost the same: Another design decision I had to >> do was whether I should put all the assertion into the OAuth access token, >> or I should return the OpenID parameters along with OAuth access token. >> "Connect" opted for the former, while "AB" opted for the later. > > What do you mean by this? OpenID Connect returns attribute parameters (like > name, pic, etc) as extra parameters, not encapsulated within the opaque > access token. Oops, I was reading it wrong. It is "along with access token" and not "within access token". I somehow had an impression of the later (from the time I got pinged by David before Connect page went up.) So, AB and Connect is the same in this respect, resulting in 95% or so overlap rather than 90% ;-) -- Nat Sakimura (=nat) http://www.sakimura.org/en/ http://twitter.com/_nat_en _______________________________________________ board mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-board
