Am 15.07.2010 16:27, schrieb Christian Stübner:
Torsten,
I came across your I-D when looking for a way to distinguish between
different protected resources.
Just some remarks and questions:
o In 3.1. I suppose your example request is missing the service_id, right?
Yepp.
o 3.4. Replace server_id by service_id and you comply with the rest of the
document.
ok.
After all, your approach seems feasible but overly complicated to me. I
wouldn't want different 'modes' in the protocol and think we should go the
whole way by only offering the 'multiple tokens mode'. In single service
environments one could simply define one single service but still use
mechanisms capable of supporting multiple service. Don't you think?
I intended to not change the API for single server environments. That's
why it happend to become more complicated for multi-server environments.
From the thread about "resource server id needed?" I see consensus that
scopes should be used for representing resource server ids instead of a
dedicated parameter. This would help to simplify the I-D, given we can
find consensus on a scope syntax.
However I'm much in favor of the idea to support multiple PRs. If the
others decide your I-D is the way to go - I'm fine with it.
thank you for your feedback and the ideas.
regards,
Torsten.
Regard,
Christian
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
