Identity Layer 4 OAuth 2 and Multi-Protocol Support Discussion (4A)
From IIW
Session Topic: Identity Layer for OAUTH2 (TU4A)
Convener: Phil Hunt
Notes-taker(s): Phil Hunt
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
George Fletcher and I as well as others went through this at some length. Our conclusion was that downstream OAuth clients shouldn't need access to user information. Rather OpenID Connect is directed at standardizing a resource API for Identity resources.