Hi Manfred,
This is an area of interest to us and we have done some profiling in our
implementation.
Generally speaking, we work with the assertion profiles as a starting
point. They allow for WS-Trust
like token exchanges and (implicitly) support ActAs or OnBehalfOf. But
they do need additional profiling
to offer genuine interoperability in this area.
https://datatracker.ietf.org/doc/draft-ietf-oauth-assertions/
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/
https://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/
What use-cases do you have in mind? I am not sure I follow what you mean
by "a resource server could delegate a subset of the delegated rights to
another resource server".
- prateek
Hi,
are there plans for supporting delegation-styles like ActAs or
OnBehalfOf in SAML?
If this was possible, a resource server could delegate a subset of the
delegated rights to another resource server. This could be a very
important thing, when one wants to use OAuth 2 within an
enterprise-environment.
I know, that OAuth 2 has been created for web-scenarios, but it's a
fact that OAuth 2 is used as a "REST-friedly" alternative to WS-* in
the area of service-security.
Would it be the right way, to define an Extension Grants for such a
scenario?
Wishes,
Manfred
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
