Since the authors of the token exchange draft have asked IANA for an early registration of the parameters I get the impression that the question is more “ does the resource indicator spec need to define the resource parameter (or rather reference the resource and audience parameters from the token exchange spec)”?
From: Filip Skokan <panva...@gmail.com> Sent: Donnerstag, 7. Februar 2019 16:38 To: Hannes Tschofenig <hannes.tschofe...@arm.com> Cc: a...@ietf.org; oauth@ietf.org Subject: Re: [OAUTH-WG] Resource, Audience, and req_aud To add to that, 3. If a device uses HTTP Token Exchange it can use both resource and audience parameters. With the recent discussion and changes to the language in the resource indicators draft, does the token exchange spec need a unique audience parameter? S pozdravem, Filip Skokan On Thu, 7 Feb 2019 at 16:25, Hannes Tschofenig <hannes.tschofe...@arm.com<mailto:hannes.tschofe...@arm.com>> wrote: Hi all, after re-reading token exchange, the resource indicator, and the ace-oauth-params drafts I am wondering whether it is really necessary to have different functionality in ACE vs. in OAuth for basic parameters. Imagine I use an Authorization Server and I support devices that use CoAP and HTTP. 1. If a device uses CoAP then it has to use the req_aud parameter to indicate to the authorization server that it wants to talk to a specific resource server. It would either put a URI or a logical name there. 2. If a device uses HTTP then it has to use either the resource parameter to indicate to the authorization server that it wants to talk to a resource server, which is identified using a URI, or the audience parameter, if it uses a logical name. Ciao Hannes IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
