Hey Justin A few use cases that highlight how the world is different now than it was when OAuth 2.0 was developed would help participants understand why changes are needed, and also provide a reference for comparing and contrasting different approaches.
One of my first comments is why the client is starting off making calls to the AS. There are times when the AS is not known for a given resource. Why not allow starting at resource? On Tue, Jul 9, 2019 at 12:48 PM Justin Richer <jric...@mit.edu> wrote: > I have requested time to present Transactional Authorization (the XYZ > project) at the Montreal meeting in a couple weeks. Ahead of that, I’ve > uploaded a new version of the spec: > > https://tools.ietf.org/html/draft-richer-transactional-authz-02 > > Additionally, I’ve updated the writeup and examples on https://oauth.xyz/ > > I plan to be in Montreal for the whole week, and I’ve requested from the > chairs that I present during the Tuesday session due to limited > availability of some key WG members on Friday. > > — Justin > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
