Identity Layer 4 OAuth 2 and Multi-Protocol Support Discussion (4A)

From IIW

Session Topic: Identity Layer for OAUTH2 (TU4A)

Convener: Phil Hunt

Notes-taker(s): Phil Hunt

Tags for the session - technology discussed/ideas considered:


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


George Fletcher and I as well as others went through this at some length. Our conclusion was that downstream OAuth clients shouldn't need access to user information. Rather OpenID Connect is directed at standardizing a resource API for Identity resources.