- edited description
Transaction Authorization
We reached consensus that the standard OpenID Connect flow for authentication is not suitable for transaction authorization, but a reasonable solution can be built within the OpenID framework.
The MODRNA WG will propose a reasonable mechanisms to perform transaction authorizations via OpenID. The idea is to define an additional OpenID Connect endpoint (like UserInfo) for this purpose. Access to this endpoint is protected using Access Tokens issued for a certain scope value. How the access token is obtained (client credentials, web flow, …) is out of scope. The RP uses this endpoint via server 2 server communication to initiate transaction authorization processes. Potentially, the user account to be asked for authorization must be identified via a dedicated parameter. Alternatively, it is implicitly defined by the access token. This mechanism might be interesting for other WGs/communities as well (e.g. new Financial WG).
Comments (6)
-
reporter -
reporter - changed title to Transaction Authorization
modified name in order to focus on the problem instead of a solution
-
reporter -
assigned issue to
-
assigned issue to
-
reporter - removed responsible
-
As discussed in the last Modrna call (2017/10/31), this issue can be closed. This functionality is covered by the UQ spec.
-
- changed status to closed
- edited description
As discussed in the last Modrna call (2017/10/31), this issue can be closed. This functionality is covered by the UQ spec.
- Log in to comment