openid / connect / issues / #897 - New Core - 2. Authentication - Add new text

Comments (3)

Nat Sakimura reporter

In the F2F @ IETF88, it was accepted in principle.

Modified paragraphs in principle are:

Authentication is typically performed to log in the End-User or to determine that the End-User is already logged in. OpenID Connect carries the result of the Authentication performed by the Server to the Client in a secure manner so that the Client can rely on it. For this reason, the Client in this case is called Relying Party (RP).

The Authentication result is conveyed via ID Token. It has Claims expressing such information as the issuer, the subject identifier, the timing when the authentication was performed etc. of the security token. Refer to section 2.1.3.6 and 2.2.2.10 for more details.

Authentication Requests can follow one of three paths: the Authorization Code Grant (response_type=code) the Implicit Grant (response_type=token id_token or id_token) the Hybrid Grant (other response types defined in [Multi-Response]) Following is a non-normative table expressing some guidance on which grant to chose among the above three.

2013-11-04T21:06:47+00:00

Vladimir Dzhuvinov

Excellent write up !

2013-11-05T15:03:27+00:00

Michael Jones

changed status to resolved

Fixed ~~#897~~ - New Core - 2. Authentication - Add new text Fixed ~~#893~~ - New Core - 2. Authentication Table bugs

→ <<cset dceaf1cdfda1>>

2013-11-05T19:21:44+00:00

Nat Sakimura reporter
In the F2F @ IETF88, it was accepted in principle.

Modified paragraphs in principle are:

Authentication is typically performed to log in the End-User or to determine that the End-User is already logged in. OpenID Connect carries the result of the Authentication performed by the Server to the Client in a secure manner so that the Client can rely on it. For this reason, the Client in this case is called Relying Party (RP).

The Authentication result is conveyed via ID Token. It has Claims expressing such information as the issuer, the subject identifier, the timing when the authentication was performed etc. of the security token. Refer to section 2.1.3.6 and 2.2.2.10 for more details.

Authentication Requests can follow one of three paths: the Authorization Code Grant (response_type=code) the Implicit Grant (response_type=token id_token or id_token) the Hybrid Grant (other response types defined in [Multi-Response]) Following is a non-normative table expressing some guidance on which grant to chose among the above three.
- 2013-11-04T21:06:47+00:00
Vladimir Dzhuvinov
Excellent write up !
- 2013-11-05T15:03:27+00:00
Michael Jones
- changed status to resolved
Fixed ~~#897~~ - New Core - 2. Authentication - Add new text Fixed ~~#893~~ - New Core - 2. Authentication Table bugs

→ <<cset dceaf1cdfda1>>
- 2013-11-05T19:21:44+00:00
Log in to comment