This could be bound up in the client registration process since oauth clients don't authorize for random "targets".
Phil @independentid www.independentid.com phil.h...@oracle.com On 2013-08-21, at 9:30 AM, "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofe...@nsn.com> wrote: > Hi Sergey, > > The idea of the audience was to provide a way for the client to indicate the > resource server it wants to talk to explicitly rather than overloading the > scope field. We certainly need that capability for the MAC token work. > > The audience information is provided when the client interacts with the AS. > > Ciao > Hannes > > >> -----Original Message----- >> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf >> Of ext Sergey Beryozkin >> Sent: Sunday, August 18, 2013 6:32 PM >> To: <oauth@ietf.org> >> Subject: [OAUTH-WG] Audience parameter in authorization flow >> >> Hi Hannes, All, >> >> Regarding [1], where would you expect an audience parameter be provided >> during the authorization flow ? >> >> It appears to me it should be provided during the initial redirect >> (similarly to a parameter like redirect_uri). >> >> Also, would it make sense to support pre-registered audience values, >> example, a client registers and specifies an audience during the >> registration ? >> >> Thanks, Sergey >> >> [1] http://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
