This is addressed in
https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-10.html.
-- Mike
From: Michael Jones
Sent: Saturday, September 14, 2024 4:49 PM
To: Ralph Bragg <ralph.br...@raidiam.com>; oauth@ietf.org
Subject: RE: Feedback on OAuth 2.0 Protected Resource Metadata
https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/54
addresses this request. It reuses the metadata parameter name
authorization_details_types_supported from
https://www.rfc-editor.org/rfc/rfc9396.html.
-- Mike
From: Ralph Bragg <ralph.br...@raidiam.com<mailto:ralph.br...@raidiam.com>>
Sent: Friday, September 13, 2024 8:34 PM
To: Michael Jones
<mike@self-issued.consulting<mailto:mike@self-issued.consulting>>;
michael_b_jo...@hotmail.com<mailto:michael_b_jo...@hotmail.com>;
oauth@ietf.org<mailto:oauth@ietf.org>
Subject: Feedback on OAuth 2.0 Protected Resource Metadata
Hi,
Can I please request that additional metadata types for describing resource
access requirements be included from the RAR specification
(https://datatracker.ietf.org/doc/html/rfc9396#name-relationship-to-the-scope-p)
in the
https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-09.html
specification.
RAR is an alternative to scopes and the use of only one way to convey
authorization to access the resource is recommended in the RAR spec.
Combined use of authorization_details and scope is supported by this
specification in part to allow existing OAuth-based applications to
incrementally migrate towards using authorization_detailsexclusively. It is
RECOMMENDED that a given API use only one form of requirement specification.".
Oauth resource servers that have moved to supporting rar should be able to
advertise using the oauth resource metadata specification the rar types that
are required to access the resource in a similar way to scopes.
Thank you for your consideration for this change as I understand this draft is
in last call.
Kind Regards,
Ralph
Ralph Bragg
Chief Technology Officer
M.
+447890130559
T.
0203 148 6609
ralph.br...@raidiam.com<mailto:ralph.br...@raidiam.com>
[https://storage.letsignit.com/icons/designer/socials/Linkedin--circle--black.png]<https://cloud.letsignit.com/collect/bc/652d0421e161c54081b81962?p=TMTQYP7uhVuEibYQ91RsC3IoNUOt5RBT8PxKu46ijB200WFOdFgfuybDSNA7VsIsDfVuTvGEfkoMzngn2LEx6sZgJoSeY6SRq4DADGvENbcrCp3R8bPY3ukqcgnAE1QBOE1aeRl-_3D7UXCGJdZ1M7e1qUDa1Q4HzoARy0RaSJE=>
[https://storage.letsignit.com/5fd527570105a500075428f0/generated/effects_08e3e03b4f71b6a89cf4bd9f429daac0a7f6dd1ccb38a410fc760991.png]
The content of this email is confidential and intended for the recipient
specified in message only. It is strictly forbidden to share any part of this
message with any third party, without a written consent of the sender. If you
received this message by mistake, please reply to this message and follow with
its deletion, so that we can ensure such a mistake does not occur in the future.
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org
