- edited description
CIBA: Terminology - "authentication result"
The phrase "authentication result" is used many times in the document.
I'm not sure if its the best phrase, as many times CIBA will be used more for authZ purposes.
Even if we keep the phrase I think it would be good to define it as I believe we are talking about the following things (using OIDC terminology):
- Authentication Error Response or
- Successful Token Response or
- Token Error Response
Comments (4)
-
reporter -
reporter Authentication Result was agreed to be a good term - we need to make sure the draft is consistent in its usage and that it is clear on the difference between "Authentication Result" and any particular responses.
-
reporter There are quite a few editorial fixes needed in this area. I suggest that we have a section with Authentication Result where it can be defined.
I think we may have to define clearly the three different error responses:
- Authentication Error Response - returned from the backchannel authentication endpoint (if there is invalid data in the request, or the client is not authorised, or if the user has blanked denied these class of requests / or the OP has on the users behalf)
- Token Error Response returned from the token endpoint (if there is a problem with client auth, or with data in the request or auth not happened or auth denied)
- Notification Error Callback posted to the client notification endpoint when client is in push mode (should only happen in the event that the user didn't give consent)
-
reporter - changed status to resolved
This has been resolved by editorial changes made in recent PRs
- Log in to comment