I would prefer Bron to answer that question, as they are the one who started this email thread.
However let's look at GNAP, I've honestly been struggling to understand at least one fully documented case that GNAP supports. It seems in every document the only thing that is clear is GNAP wants to allow "everything", doesn't actually talk about an example. By NxM, I assume we mean that the end user or client is free to select whichever AS they want, in a way which the RS can verify the AS credential and the user identity, without the RS having to (and really without the ability to limit) which AS are allowed. Would you agree with that statement? Warren Parad Founder, CTO Secure your user data with IAM authorization as a service. Implement Authress <https://authress.io/>. On Wed, Feb 24, 2021 at 11:36 AM Carsten Bormann <c...@tzi.org> wrote: > On 2021-02-24, at 11:22, Warren Parad <wparad=40rhosys...@dmarc.ietf.org> > wrote: > > > > Should we solve the NxM problem, and if so, how do you propose we do > that? > > Let GNAP do that. > > Grüße, Carsten > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
