While I won't profess to be proficient at SAML, I can say that there
have been a couple tries at defining a "chained delegation" grant extension:
http://tools.ietf.org/html/draft-richer-oauth-chain-00
http://tools.ietf.org/html/draft-hunt-oauth-chain-01
We've deployed the first one with a couple projects here and it works
pretty well, especially with structured tokens and token introspection.
It might not be a drop-in replacement, but many times looking at a SAML
problem with OAuth requires rethinking and reframing the problem a bit,
just like JSON isn't going to be a drop-in replacement for XML.
-- Justin
On 07/19/2013 06:15 AM, Manfred Steyer wrote:
Hi,
are there plans for supporting delegation-styles like ActAs or
OnBehalfOf in SAML?
If this was possible, a resource server could delegate a subset of the
delegated rights to another resource server. This could be a very
important thing, when one wants to use OAuth 2 within an
enterprise-environment.
I know, that OAuth 2 has been created for web-scenarios, but it's a
fact that OAuth 2 is used as a "REST-friedly" alternative to WS-* in
the area of service-security.
Would it be the right way, to define an Extension Grants for such a
scenario?
Wishes,
Manfred
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
