Packaging RP Best Practices: Google Identity Toolkit
Session topic: Packaging RP Best Practices Google Identity Toolkit (W2A)
Convener: Youlin, Evie
Notes-taker(s): Eric Sachs
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
Preso at
https://docs.google.com/a/google.com/present/edit?id=d9dd5k9_28w47kk2d4&authkey=CKWxjewN
Raw discussion notes below
Red parts are not sure.
- Any means for RP to not call google apis directly?
Yes, use js widget.
- What states are maintained by google in the GIT server?
GIT 1.0: no state. 1.5: store user account mappings etc.
- Target RPs are those with email users and not plain usernames?
yes
- what attributes are supported?
Depends on IDP, basically email/name/languge/ etc.
- Does GIT server store IDP matrixs?
GIT 1.5: yes
- does GIT track user activities in its server?
Most IDPs do. End uses don't see google log.
- does GIT support openid providers?
Only email providers. Hotmail is oauthwrap.
- Timeline for GIT release?
Plan is 2-3 months.
- Any integration for cms?
Yes, we already some work on Drupal.
- what is the server of GIT?
It is the same as google openid login server.
- will GIT 1.5 pass all attributes of non-email IDPs (like finance attributes)?
yes.
- If a google apps fires a user, and idp denies a user, RP should reject the user?
yes