Regarding the question of AS to RS communication, I think capturing it
is a reasonable task but not one essential to this activity.
So my view would be to exclude it from consideration in this groups
activity. We have many use-cases where support for confirmation that goes
beyond the currently supported bearer model would be valuable. In these
cases, the AS and RS belong to the same administrative domain.
- prateek
Hi Prateek,
thanks for your questions.
On Feb 13, 2013, at 6:13 PM, Prateek Mishra wrote:
Hannes,
1) Its not clear to me that we need to specify exchanges between the AS and
the RS as part of this work. The core specification leaves this
unspecified. There could be many different ways that the AS and RS collaborate
to validate signatures in messages received from the client.
It depends what the group wants to accomplish. So far, I thought that the goal
was to offer the ability to provide a sufficient description in our
specifications so that the authorization server and the resource server can be
provided by different vendors and that they still interoperate.
The group may have changed their mind in the meanwhile.
What is your view?
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
