I am pretty familiar with the WS-* and SOAP Web Services world. At the moment I'm trying to understand which features are available in the OAuth 2.0 world.
1) SAML tokens: This access token in OAuth 2.0 - is it similar to what SAML tokens are for? 2) STS: Is an OAuth 2.0 Authorization Server the equivalent to a STS? 3) PDP (Policy Decision Point): Is this also handled by the OAuth 2.0 Authorization Server? Or does the Resource Server, based on the access token, have to make the decision whether or not grant access to a resource?
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
