Standard - 1. Introduction - the text is rather poor

Issue #846 resolved
Nat Sakimura created an issue

It looks like just a stub text.

Currently:

This specification describes the binding of the HTTP protocol with the endpoints described in OpenID Connect Messages 1.0 [OpenID.Messages].

Proposal:

The OAuth 2.0 Authorization Framework [RFC6749] provides a general framework for a third-party application to obtain limited access to an HTTP service. As such, it provides the mechanism to provide tokens to the services but it does not provide a standardized method to provide identity information. Notably, without profiling it, it is incapable of provide information around authentication event of an entity.

This specification binds the standardized identity messages that includes authentication event information defined in OpenID Connect Messages 1.0 [OpenID.Messages] to RFC6749 and RFC6750 to allow the services to exchange the identity information: i.e., builds an identity layer on top of OAuth 2.0. With this specification, developers are enabled to build authentication and attributes sharing system on top of OAuth 2.0 based system.

Comments (6)

  1. Michael Jones

    OK, after applying a few minor grammar tweaks... I agree with the intent of the text, and that it's an improvement.

  2. Log in to comment