There seemed to be interest in this problem area from a number of people. While the other referenced drafts solve aspects of the problem, the Distributed OAuth ID is a full solution to a class problems, but may be overly prescriptive in aspects. Here is how I see the different aspects of the problem:
How does the resource prove its identity? How does the resource signal it's authorization server? How does the client signal which resource it wants access to? How is the identity of the resource represented in the access token? Am I framing the problem in a way that makes sense to the others of the other specs? On Tue, Jan 16, 2018 at 8:07 AM, Rifaat Shekh-Yusef <[email protected]> wrote: > Dick presented the attached Distributed OAuth slides, which is the same > slides he presented > during the IETF meeting in Singapore. > > Eve presented the attached UMA slides, which seems to have a wider scope > that covers > Federation of AS servers, but shares some of what is in the Distributed > OAuth draft. > > > The team then discussed the scope of the authorization: *host level* vs > *granular*. > > It seems that there is a disagreement on the proper authorization scope, > and that > there are few other documents that discuss this same idea that need to be > taken > into considerations: > > * OAuth Response Metadata > https://tools.ietf.org/html/draft-sakimura-oauth-meta-08 > * Resource Indicators for OAuth 2.0 > https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02 > * OAuth 2.0: Audience Information > https://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 > > > The decision is to continue the discussion on the mailing list, and take > into considerations the > UMA solution and the above drafts. > > We might schedule another interim meeting to continue that discussion to > try to come to a decision on the way forward before London. > > Regards, > Rifaat > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
