Dear All, I have published an Internet Draft document that I would like to introduce to the OAuth working group for consideration. Here is the link for your reference: https://www.ietf.org/archive/id/draft-janicijevic-oauth-b2b-authorization-00.html
Abstract Delegated B2B Authorization enables a third-party OAuth client to obtain a limited access to an HTTP service on behalf of another OAuth client which is acting as a resource owner. This specification extends the OAuth 2.0 Authorization Framework with two new endpoints which allow a resource owner OAuth client to manage access for a third-party OAuth client. Motivation I work for a large financial services organization, and we are using OAuth 2.0 extensively to secure API based B2B integrations with various third parties by utilizing OAuth client_credentials grant type. Some of those third parties are our customers, while others are either our partners or partners of our customers. One of the challenges that we have encountered is that there is no standard way to delegate access to resources in B2B integrations, so that one party can obtain access to protected resources on behalf of another party. The above internet draft describes a possible extension to OAuth 2.0 that may be able to address this issue. I am looking forward to receiving your feedback. Regards, Igor
_______________________________________________ OAuth mailing list -- oauth@ietf.org To unsubscribe send an email to oauth-le...@ietf.org
