Sounds appropriate

From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell
Sent: Monday, June 20, 2016 10:16 AM
To: oauth <oauth@ietf.org>
Subject: [OAUTH-WG] closing an open issue about supplementary info in the Token 
Exchange request

A good while back in an off list conversation about Token Exchange, Chuck 
Mortimore mentioned that they "had a use-case for custom claims in where they 
essentially wanted to carry along metadata about a client or device for 
association to objects in our cloud." As a result of that conversation I added 
the bullet item to the Open Issues section that says, "Provide a way to include 
supplementary claims or information in the request that would/could potentially 
be included in the issued token.", which has just been kinda sitting there ever 
since with no action being taken on it.
I recently had the opportunity to see Chuck present about some work that they 
are doing for IoT, which utilizes a number of items from this WG including 
Token Exchange. It turns out that they were able to accommodate that use-case 
of expressing metadata about a client or device by using the actor_token.  
There's a paper about the work at 
https://www.salesforceidentity.info/Using_Asset_Tokens.pdf<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.salesforceidentity.info%2fUsing_Asset_Tokens.pdf&data=01%7c01%7ctonynad%40microsoft.com%7c6b8d0a1f4249428a48e708d3992eb0ea%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=1KZS1qmuOhSACGBqn0KTIYm1KYIrqDZIlYuIW1sS52o%3d>
 if anyone is interested in more details.
Because the use-case behind that open issue is met by the existing constructs 
of the document, I'm proposing that no new parameters or tokens be introduced 
and that the open issue be removed and considered done in the next revision of 
the Token Exchange draft. Please speak up soon, if you believe this is a 
mistake.

Thanks,
Brian



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to