Re: [OAUTH-WG] Audience parameter in authorization flow

Wed, 21 Aug 2013 09:41:45 -0700

That's certainly true although the referenced document did not talk about the registration phase but rather about the time when the client talks to the authorization server to obtain an access token. 

Maybe UMA has provided a story for this already...

On 08/21/2013 06:35 PM, Phil Hunt wrote:

This could be bound up in the client registration process since oauth clients don't 
authorize for random "targets".

Phil

@independentid
www.independentid.com
phil.h...@oracle.com







On 2013-08-21, at 9:30 AM, "Tschofenig, Hannes (NSN - FI/Espoo)" 
<hannes.tschofe...@nsn.com> wrote:


Hi Sergey,

The idea of the audience was to provide a way for the client to indicate the 
resource server it wants to talk to explicitly rather than overloading the 
scope field. We certainly need that capability for the MAC token work.

The audience information is provided when the client interacts with the AS.

Ciao
Hannes



-----Original Message-----
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of ext Sergey Beryozkin
Sent: Sunday, August 18, 2013 6:32 PM
To: <oauth@ietf.org>
Subject: [OAUTH-WG] Audience parameter in authorization flow

Hi Hannes, All,

Regarding [1], where would you expect an audience parameter be provided
during the authorization flow ?

It appears to me it should be provided during the initial redirect
(similarly to a parameter like redirect_uri).

Also, would it make sense to support pre-registered audience values,
example, a client registers and specifies an audience during the
registration ?

Thanks, Sergey

[1] http://tools.ietf.org/html/draft-tschofenig-oauth-audience-00
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to