Just two questions...
1. What is the rationale that 'data' is really an array of arbitrary
top-level claims? I find looking at the spec and not finding a 'data'
section a little confusing.
2. What is the rationale for sending the JSON object as a urlencoded
JSON string rather than a base64url encoded JSON string? The later would
likely be smaller and easier to read:)
Thanks,
George
On 9/21/19 1:51 PM, Torsten Lodderstedt wrote:
Hi all,
I just published a draft about ???OAuth 2.0 Rich Authorization Requests???
(formerly known as ???structured scopes???).
https://tools.ietf.org/html/draft-lodderstedt-oauth-rar-02
It specifies a new parameter?????authorization_details"??that is used to
carry fine grained authorization data in the OAuth authorization
request. This mechanisms was designed based on experiences gathered in
the field of open banking, e.g. PSD2, and is intended to make the
implementation of rich and transaction oriented authorization requests
much easier than with current OAuth 2.0.
I???m happy that Justin Richer and Brian Campbell joined me as authors
of this draft. We would would like to thank Daniel Fett, Sebastian
Ebling, Dave Tonge, Mike Jones, Nat Sakimura, and Rob Otto for their
valuable feedback during the preparation of this draft.
We look forward to getting your feedback.
kind regards,
Torsten.
Begin forwarded message:
*From: *internet-dra...@ietf.org <mailto:internet-dra...@ietf.org>
*Subject: **New Version Notification for
draft-lodderstedt-oauth-rar-02.txt*
*Date: *21. September 2019 at 16:10:48 CEST
*To: *"Justin Richer" <i...@justin.richer.org
<mailto:i...@justin.richer.org>>, "Torsten Lodderstedt"
<tors...@lodderstedt.net <mailto:tors...@lodderstedt.net>>, "Brian
Campbell" <bcampb...@pingidentity.com
<mailto:bcampb...@pingidentity.com>>
A new version of I-D, draft-lodderstedt-oauth-rar-02.txt
has been successfully submitted by Torsten Lodderstedt and posted to the
IETF repository.
Name:draft-lodderstedt-oauth-rar
Revision:02
Title:OAuth 2.0 Rich Authorization Requests
Document date:2019-09-20
Group:Individual Submission
Pages:16
URL:
https://www.ietf.org/internet-drafts/draft-lodderstedt-oauth-rar-02.txt
Status: https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-rar/
Htmlized: https://tools.ietf.org/html/draft-lodderstedt-oauth-rar-02
Htmlized:
https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-rar
Diff: https://www.ietf.org/rfcdiff?url2=draft-lodderstedt-oauth-rar-02
Abstract:
????This document specifies a new parameter "authorization_details" that
????is used to carry fine grained authorization data in the OAuth
????authorization request.
Please note that it may take a couple of minutes from the time of
submission
until the htmlized version and diff are available at tools.ietf.org
<http://tools.ietf.org>.
The IETF Secretariat
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
