My assumption about the new token_type parameter is that it would be used to
communicate the data type of the token -- not the class of the token. I was
imagining token_type values like:
SWT
JWT
urn:oasis:names:tc:SAML:1.0:assertion
urn:oasis:names:tc:SAML:2.0:assertion
Or Eran, did you mean for the token_type to be more like the WS-Trust 1.3
wst:KeyType parameter, where values defined by that spec are:
http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey
http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
http://docs.oasis-open.org/ws-sx/wstrust/200512/Bearer
I hope you meant the former, as this information would be generally useful (and
something I know that our developers have asked for, based upon their
deployment experiences).
Thanks,
-- Mike
-----Original Message-----
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Thursday, December 02, 2010 12:23 PM
To: Marius Scurtescu; Mike Jones
Cc: oauth@ietf.org
Subject: RE: [OAUTH-WG] OAuth 2.0 Bearer Token specification draft -01
> -----Original Message-----
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Marius Scurtescu
> Sent: Thursday, December 02, 2010 12:19 PM
> To: Mike Jones
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token specification draft -01
>
> OAuth 2 Protocol Framework v11 introduces a new required parameter:
> token_type.
>
> Should the Bearer Token spec define the value for this parameter for
> bearer tokens?
Yes. 'bearer' seems sensible, but I don't really care. I am going to define
'mac' in my own extension.
> Are we blocked by the missing section 6.1. (Access Token Types) of the
> Framework spec?
No. It will simply describe the general flow and how to define (register) token
types and authentication methods for those types. IOW, all spec-talk. You can
decide how it works and implement and deal with the extension paperwork later.
EHL
> Marius
>
>
>
> On Wed, Dec 1, 2010 at 11:35 PM, Mike Jones
> <michael.jo...@microsoft.com> wrote:
> > Draft -01 of the OAuth 2.0 Bearer Token specification is now available.
> > This version is intended to accompany OAuth 2.0 draft -11. This
> > draft is based upon the September 3rd preliminary OAuth 2.0 draft by
> > Eran Hammer-Lahav, with input from David Recordon and several others.
> > It includes an extensive Security Considerations section, for which
> > Hannes Tschofenig gets significant credit.
> >
> >
> >
> > The draft is available at these locations:
> >
> > http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-01.tx
> > t
> >
> > http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-bearer-01.xm
> > l
> >
> > http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-01.html
> >
> > http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-01.txt
> >
> > http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-01.xml
> >
> > http://svn.openid.net/repos/specifications/oauth/2.0/ (Subversion
> > repository, with html, txt, and html versions available)
> >
> >
> >
> > If any of you believe that you should be added to the
> > Acknowledgments in Appendix A, please drop me a note and I'll be glad to
> > add you.
> >
> >
> >
> > -- Mike
> >
> >
> >
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> >
> >
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
