Ah yes, good catch! If only someone would put up a webpage describing the difference between authorization and authentication and why people need to stop confusing the two.
Oh wait... On Oct 16, 2014, at 1:06 PM, Hans Zandbelt <hzandb...@pingidentity.com> wrote: > About the write-up: at the end of the metaphor section it says: > "These recipes each add a number of items, such as a common profile API, to > OAuth to create an authorization protocol." > > whereas I believe that should read "to create an authentication protocol" > > Hans. > > On 10/16/14, 6:54 PM, Hannes Tschofenig wrote: >> Participants: >> >> * Brian Campbell >> * John Bradley >> * Derek Atkins >> * Phil Hunt >> * William Kim >> * Josh Mandel >> * Hannes Tschofenig >> >> >> Notes: >> >> Justin distributed a draft writeup and explained the reasoning behind >> it. The intended purpose is to put the write-up (after enough review) on >> oauth.net. See attachments. Justin solicited feedback from the >> conference call participants and from the working group. >> >> One discussion item was specifically related to the concept of audience >> restrictions, which comes in two flavours: (a) restriction of the access >> token regarding the resource server and (b) restriction of the id token >> regarding the client. Obviously, it is necessary to have both of these >> audience restrictions in place and to actually check them. >> >> The group then went into a discussion about the use of pseudonyms in >> authentication and the problems deployments ran into when they used >> pseudonyms together with a wide range of attributes that identified >> users nevertheless. Phil suggested to produce a write-up about this topic. >> >> Finally, the group started a discussion about potential actions for the >> OAuth working groups. Two activities were mentioned, namely to produce >> an IETF draft of the write-up Justin has prepared as a "formal" response >> to the problems with authentication using OAuth and, as a second topic, >> potential re-chartering of the OAuth working group to work on some >> solutions in this area. Hannes suggested to postpone these discussions >> and to first finish the write-up Justin had distributed. >> >> Ciao >> Hannes & Derek >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > -- > Hans Zandbelt | Sr. Technical Architect > hzandb...@pingidentity.com | Ping Identity > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
