Hi Vittorio, The text you quoted is copied form the abstract of the draft itself.
*Authors,* Should the draft be updated to cover the logical identifier case? Regards, Rifaat On Thu, Jan 17, 2019 at 8:19 AM Vittorio Bertocci <vitto...@auth0.com> wrote: > Hi Rifaat, > one detail. The tech summary says > > An extension to the OAuth 2.0 Authorization Framework defining request > parameters that enable a client to explicitly signal to an authorization > server > about the *location* of the protected resource(s) to which it is requesting > access. > > But at least in the Microsoft implementation, the resource identifier > doesn't *have* to be a network addressable URL (and if it is, it doesn't > strictly need to match the actual resource location). It can be a logical > identifier, tho using the actual resource location there has benefits > (domain ownership check, prevention of token forwarding etc). > Same for Auth0, the audience parameter is a logical identifier rather than > a location. > > > > On Wed, Jan 16, 2019 at 6:32 PM Rifaat Shekh-Yusef <rifaat.i...@gmail.com> > wrote: > >> All, >> >> The following is the first shepherd write-up for >> the draft-ietf-oauth-resource-indicators-01 document. >> >> https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/shepherdwriteup/ >> >> Please, take a look and let me know if I missed anything. >> >> Regards, >> Rifaat >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
