I actually do see some utility in the access token in the format of ID Token. It can give appropriate audience restriction etc.
2013/7/2 Paul Madsen <[email protected]> > Hi Torsten, the current model is that the Authorization Agent (AZA) may > itself obtain an id_token and use it to obtain an access token, but that > only access tokens would be 'handed over' by the AZA to its constituent > native apps. > > Are you proposing that there may be value in allowing the AZA to also hand > over id_tokens (suitably targeted) as well? > > paul > > On 7/1/13 1:38 PM, Torsten Lodderstedt wrote: > > Hi John, > > I interpreted the text of the charter the other way around, so a client > would be able to use an(y) id_token (as a credential) to obtain an access > token. I'm fine if the mechanism is intended to support id_token issuance. > > regards, > Torsten. > > Am 01.07.2013 15:06, schrieb John Bradley: > > Hi Torsten, > > In point 3 the charter talks about using id_tokens to get access tokens. > > So it is imagined that the mechanism would issue id_tokens likely along > the lines that Google is doing for the play store by having a 3rd party as > an audience and using "azp" to indicate the client the token was issued to. > We don't want to be too specific on the solution in the charter. > > If you think something needs to be added let me know. > > John B. > > On 2013-07-01, at 2:17 AM, Torsten Lodderstedt <[email protected]> > wrote: > > Hi, > > it would be great to have such a mechanism across platforms! > > I'm wondering whether the mechanism should issue id tokens as well. Right > now it seems to focus on access tokens. > > Regards, > Torsten. > > > > John Bradley <[email protected]> schrieb: >> >> The enclosed Work Group Charter is being sent to the Specs Council for >> review in anticipation of chartering the Group. >> >> It is best have this activity under the foundation IPR as soon as possible. >> >> Regards >> John B. >> >> >> >> >> ------------------------------ >> >> specs mailing >> [email protected]http://lists.openid.net/mailman/listinfo/openid-specs >> >> > > > > _______________________________________________ > specs mailing > [email protected]http://lists.openid.net/mailman/listinfo/openid-specs > > > > _______________________________________________ > specs mailing list > [email protected] > http://lists.openid.net/mailman/listinfo/openid-specs > > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
