Section 2 Overview

section 2 - Overview

I think this section should describe the overall idea of the service. As far as I understand there are the following pillars: (1) the interface is designed based on the OAuth flow. After having read this version, I'm not sure which endpoint will actually provide the discovery data to the client. Any new endpoint should be mentioned here as well. - Some rationale why the discovery service's design is based on the OAuth protocol flow is needed as well. As far there are the following aspects: -- RPs shall not get access to the user's MSISDN (or other personal data). This is basically the reason to use a redirect based protocol, which allows the discovery services to ask the user for such data directly. -- Countermeasures are needed in order to prevent open redirection. (2) there is the new concept of a login_hint_token, it should be introduced here. (3) in order to achieve the best possible user experience, the WG recommends to use the discovery service in conjunction with account chooser. This way the user's IDP data can be shared among RPs and there is no need to send her into the discovery process over and over again.