*Attendees*:Dick Hardt, Aaron Parecki, Brian Campbell, Dave Tonge, Eve Maler, John Bradley, Justin Richer, Nat Sakimura, Samuel Erdtman, Tim, Cappalli, Denis Pinkas, Bjorn Hjelm, Hannes Tschofenig, and Rifaat Shekh-Yusef.
Dick presented the attached Mutual OAuth slides, which is the same slides he presented during the IETF meeting in Singapore. Brian: Token Exchanged was mentioned as a potential alternative solution to this, but it does not seem to be a proper solution for the use case of this document. Justin: the solution make sense to me Eve: the solution is different from the UMA solution. Justin: UMA solution is unidirectional, which does not help simplifying the flow. Dave: the scope is agreed out of band, which means that the scope is limited. Also, the second flow should be clarified. Hannes: are there others that have a similar use case? Samuel: Spotify has a similar use case with Google Home. The solution has one approval for both flows Hannes: for privacy reason it is better to have to approvals. Brian: the name of the document should be change to avoid any confusion with the existing mutual oauth document. Suggested names: Reciprocal or Bilateral. Brian: grant_type should be a URI Eve: not clear on the exact flow; will a RS be calling a RS? John: there are ways to optimize the flow that should be discussed Hannes poll the group on their support for adopting this document: there were about 5 or 6 people in favor, 0 against. The chairs will discuss this with the AD and later continue the adoption process on the mailing list. Regards, Rifaat
slides-100-oauth-sessa-mutual-oauth-00.pdf
Description: Adobe PDF document
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
