Packaging RP Best Practices: Google Identity Toolkit

From IIW

Session topic: Packaging RP Best Practices Google Identity Toolkit (W2A)

Convener: Youlin, Evie

Notes-taker(s): Eric Sachs

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Preso at

Raw discussion notes below

Red parts are not sure.

- Any means for RP to not call google apis directly?

Yes, use js widget.

- What states are maintained by google in the GIT server?

GIT 1.0: no state. 1.5: store user account mappings etc.

- Target RPs are those with email users and not plain usernames?


- what attributes are supported?

Depends on IDP, basically email/name/languge/ etc.

- Does GIT server store IDP matrixs?

GIT 1.5: yes

- does GIT track user activities in its server?

Most IDPs do. End uses don't see google log.

- does GIT support openid providers?

Only email providers. Hotmail is oauthwrap.

- Timeline for GIT release?

Plan is 2-3 months.

- Any integration for cms?

Yes, we already some work on Drupal.

- what is the server of GIT?

It is the same as google openid login server.

- will GIT 1.5 pass all attributes of non-email IDPs (like finance attributes)?


- If a google apps fires a user, and idp denies a user, RP should reject the user?