Hi,
Can you please explain what is the difference between On-Behalf-Of
semantics described in the draft-ietf-oauth-token-exchange-01 and the
implicit On-Behalf-Of semantics a client OAuth2 token possesses ?
For example, draft-ietf-oauth-token-exchange-01 mentions:
"Whereas, with on-behalf-of semantics, principal A still has its own
identity separate from B and it is explicitly understood that while B
may have delegated its rights to A, any actions taken are being taken by
A and not B. In a sense, A is an agent for B."
This is a typical case with the authorization code flow where a client
application acts on-behalf-of the user who authorized this application ?
Sorry if I'm missing something
Cheers, Sergey
On 25/06/15 22:28, Mike Jones wrote:
That’s what
https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-01 is about.
Cheers,
-- Mike
*From:*OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Vivek Biswas
-T (vibiswas - XORIANT CORPORATION at Cisco)
*Sent:* Thursday, June 25, 2015 2:20 PM
*To:* OAuth@ietf.org
*Subject:* [OAUTH-WG] JWT Token on-behalf of Use case
Hi All,
I am looking to solve a use-case similar to WS-Security On-Behalf-Of
<http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/errata01/os/ws-trust-1.4-errata01-os-complete.html#_Toc325658980>
with OAuth JWT Token.
Is there a standard claim which we can define within the OAuth JWT
which denote the On-behalf-of User.
For e.g., a Customer Representative trying to create token on behalf of
a customer and trying to execute services specific for that specific
customer.
Regards,
Vivek Biswas,
CISSP
*Cisco Systems, Inc <http://www.cisco.com/>*
*Bldg. J, San Jose, USA,*
*Phone: +1 408 527 9176*
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
