Thanks Zachary, > -----Original Message----- > From: Zeltsan, Zachary (Zachary) [mailto:zachary.zelt...@alcatel- > lucent.com] > Sent: Tuesday, September 14, 2010 6:24 AM > To: Thomas Hardjono; Faynberg, Igor (Igor) > Cc: oauth > Subject: RE: [OAUTH-WG] Delegation -- RE: SAML profile > comments/questions from the SAML people > > Thomas, > > The draft does not specify a limit on the number of delegations from > Client#N to Client#(N+1).
ok, great. > > The draft's revision would require a substantial work because the draft > relies on the community version of OAuth, which differs significantly > from the current OAuth v.2. I am talking with our developers to > determine if there is sufficient support for this work. Hmm, I guess it is always a good thing to have code as close as possible to spec :) /thomas/ > > Zachary > -----Original Message----- > From: Thomas Hardjono [mailto:hardj...@mit.edu] > Sent: Thursday, September 09, 2010 11:13 AM > To: Zeltsan, Zachary (Zachary); Faynberg, Igor (Igor) > Cc: oauth > Subject: RE: [OAUTH-WG] Delegation -- RE: SAML profile > comments/questions from the SAML people > > > Thanks Igor and Zachary, > > Are there any plans to renew this expired draft? Also, is there a > limitation to the number of "swaps" that can be supported? > > Thanks. > > /thomas/ > > __________________________________________ > > > -----Original Message----- > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On > Behalf > > Of Zeltsan, Zachary (Zachary) > > Sent: Tuesday, September 07, 2010 5:15 PM > > To: Faynberg, Igor (Igor); Thomas Hardjono > > Cc: oauth > > Subject: Re: [OAUTH-WG] Delegation -- RE: SAML profile > > comments/questions from the SAML people > > > > Igor, > > > > The intention of the draft draft-vrancken-oauth-redelegation was to > > specify a mechanism for doing exactly what Thomas has described: > > > ... User#1/Client#1 asks for > > > an access token (to a given resource) with the intention of later > > > handing over the access-token to a different User#2/Client#2 > > The mechanism is design to support also the situation where > > > User#2/Client#2 asks the Auth Server to "swap" (re-issue) this > token > > > for a different client_id (User#3/Client#3) > > > > The difference is that the mechanism of the draft-vrancken-oauth- > > redelegation relies on the "temporary credentials" and "token > > credentials", which were used in OAuth 1.0, and not on the access > > tokens. > > > > Zachary > > -----Original Message----- > > From: Igor Faynberg [mailto:igor.faynb...@alcatel-lucent.com] > > Sent: Tuesday, September 07, 2010 4:36 PM > > To: Thomas Hardjono; Zeltsan, Zachary (Zachary) > > Cc: Brian Campbell; oauth > > Subject: Re: [OAUTH-WG] Delegation -- RE: SAML profile > > comments/questions from the SAML people > > > > Thomas, > > > > It looks to me like the intention in this use case is similar to that > > of the "multilegged OAuth" (later renamed to the politically-correct > > "recursive delegation"). This use case has been published in Bart's > and > > Zachary's draft. which has expired now. This case has moved into the > > overall use case compilation document. > > > > Zachary, maybe you could shed some light here? > > > > Igor > > > > Thomas Hardjono wrote: > > > __________________________________________ > > > > > > > > >> -... > > > > > > What I meant to say is that User#1/Client#1 asks for an access > token > > > (to a given resource) with the intention of later handing over the > > > access-token to a different User#2/Client#2. > > > > > > Ideally, this model could be extensible where > > > User#2/Client#2 asks the Auth Server to "swap" (re-issue) this > token > > > for a different client_id (User#3/Client#3). > > > > > > However, this bring us into space of role based access control and > > > permissions, which would somewhat complicate the Oauth 2.0 > > > authorization model :) > > > > > > /thomas/ > > > > > > > > > > > > > > > _______________________________________________ > > > OAuth mailing list > > > OAuth@ietf.org > > > https://www.ietf.org/mailman/listinfo/oauth > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
