Re: [OAUTH-WG] Fwd: New Version Notification for draft-richer-oauth-introspection-02.txt

Prabath Siriwardena Wed, 06 Feb 2013 19:47:13 -0800

Hi Justin,

I believe this is addressing one of the key missing part in OAuth 2.0...


One question - I guess this was discussed already...

In the spec - in the introspection response it has the attribute "valid" -
this is basically the validity of the token provided in the request.

Validation criteria depends on the token and well as token type ( Bearer,
MAC..).

In the spec it seems like it's coupled with Bearer token type... But I
guess, by adding "token_type" to the request we can remove this dependency.

WDYT..?

Thanks & regards,
-Prabath

On Thu, Feb 7, 2013 at 12:54 AM, Justin Richer <jric...@mitre.org> wrote:

>  Updated introspection draft based on recent comments. Changes include:
>
>  - "scope" return parameter now follows RFC6749 format instead of JSON
> array
>  - "subject" -> "sub", and "audience" -> "aud", to be parallel with JWT
> claims
>  - clarified what happens if the authentication is bad
>
>  -- Justin
>
>
> -------- Original Message --------  Subject: New Version Notification for
> draft-richer-oauth-introspection-02.txt  Date: Wed, 6 Feb 2013 11:24:20
> -0800  From: <internet-dra...@ietf.org> <internet-dra...@ietf.org>  To:
> <jric...@mitre.org> <jric...@mitre.org>
>
> A new version of I-D, draft-richer-oauth-introspection-02.txt
> has been successfully submitted by Justin Richer and posted to the
> IETF repository.
>
> Filename:      draft-richer-oauth-introspection
> Revision:      02
> Title:                 OAuth Token Introspection
> Creation date:         2013-02-06
> WG ID:                 Individual Submission
> Number of pages: 6
> URL:             
> http://www.ietf.org/internet-drafts/draft-richer-oauth-introspection-02.txt
> Status:          
> http://datatracker.ietf.org/doc/draft-richer-oauth-introspection
> Htmlized:        
> http://tools.ietf.org/html/draft-richer-oauth-introspection-02
> Diff:            
> http://www.ietf.org/rfcdiff?url2=draft-richer-oauth-introspection-02
>
> Abstract:
>    This specification defines a method for a client or protected
>    resource to query an OAuth authorization server to determine meta-
>    information about an OAuth token.
>
>
>
>
>
> The IETF Secretariat
>
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>


-- 
Thanks & Regards,
Prabath

Mobile : +94 71 809 6732

http://blog.facilelogin.com
http://RampartFAQ.com

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Fwd: New Version Notification for draft-richer-oauth-introspection-02.txt

Reply via email to