Just looking at your subject line, and I may have this wrong but are you not asking about chaining? In server to server you need a way for the second server to accept a token from the first to propagate the authorization correct?
Phil > On Sep 24, 2013, at 5:08, Antonio Sanso <asa...@adobe.com> wrote: > > Hi *, > > apologis to be back to this argument :). > > Let me try to better explain one use case that IMHO would be really good to > have in the OAuth specification family :) > > At the moment the only "OAuth standard" way I know to do OAuth server to > server is to use [0] namely Resource Owner Password Credentials Grant. > > Let me tell I am not a big fun of this particular flow :) (but this is > another story). > > An arguable better way to solve this scenario is to user (and why not to > standardise :S?) the method used by Google (or a variant of it) see [1]. > > Couple of more things: > > - I do not know if Google would be interested to put some effort to > standardise it (is anybody from Google lurking :) e.g.Tim Bray :D ) > - I am not too familiar with IETF process. Would the OAuth WG take in > consideration such proposal draft?? > > Thanks and regards > > Antonio > > [0] http://tools.ietf.org/html/rfc6749#section-4.3 > [1] https://developers.google.com/accounts/docs/OAuth2ServiceAccount > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
