Hi all, after re-reading token exchange, the resource indicator, and the ace-oauth-params drafts I am wondering whether it is really necessary to have different functionality in ACE vs. in OAuth for basic parameters.
Imagine I use an Authorization Server and I support devices that use CoAP and HTTP. 1. If a device uses CoAP then it has to use the req_aud parameter to indicate to the authorization server that it wants to talk to a specific resource server. It would either put a URI or a logical name there. 2. If a device uses HTTP then it has to use either the resource parameter to indicate to the authorization server that it wants to talk to a resource server, which is identified using a URI, or the audience parameter, if it uses a logical name. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
