Hi Sergey, that's a good question. After this document was published the functionality had been integrated into the PoP solution document. Recently, I got feedback that the functionality should be more generic and it is independent of the PoP work.
So, I guess it is a good time to discuss the needed functionality and where it should be included. Ciao Hannes On 01/20/2016 11:25 AM, Sergey Beryozkin wrote: > Hi > > Given that the draft-tschofenig-oauth-audience [1] has expired, I'm > wondering if it is still relevant. > > I know the token introspection response can provide the audience > value(s), but the question is really how a client is associated with a a > given audience in the first place. As such [1] may still make sense, for > example, I can think of two options: > 1. the client audiences are set out of band during the client > registration time and all the tokens issued to that client will be > restricted accordingly > 2. the client is requesting a specific audience during the grant to > token exchange as per [1] > > I guess 1. is how it is done in practice or is 2. is also a valid option ? > > > Thanks, Sergey > > > [1] https://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
