+1 Phil
> On Nov 3, 2014, at 16:07, Bill Mills <wmills_92...@yahoo.com> wrote: > > We need to think about this, and whatever we build in this space should work > for POP tokens as well. I'd love to hear the concrete use cases and problems > to be solved. > > > > POP tokens (like OAuth 1.0a) are likely not to be proxyable, so the edge > servers really should have a way to get a new credential for accessing other > services on behalf of the user. > > > > Another major consideration is that auth servers are frequently not scaled to > handle the full edge transaction load, that's part of the point of issuing a > longer lived credential by a server that's already done all the expensive > policy and DB checks. > > > > I'm not a big fan of a token exchange through the auth server for that > reason, as well as the added cost incurred for the network round trips that's > being built in. > > > > -bill > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
