Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

>From my perspective, the main thing is that the assertion flow can be used to connect existing authentication systems with APIs that are using OAuth2 for authorization. This will let us leverage existing trust relationships across systems. Note that this breaks, however, if the flow returns a re

Re: [OAUTH-WG] device profile comments

On Thu, Apr 22, 2010 at 5:58 PM, David Recordon wrote: > I don't fully understand what you're proposing. The device would show a > screen which tells the user to visit http://fb.me/xbox and enter the code > 123456. (Or to visit http://xbox.com/fb.) Asking a user to go to > http://goo.gl/?client_id

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

+1 we need the assertion flow for the same purpose. Can we add a variant of the flow to section "End User Credentials Flows"? regards, Torsten. Am 26.04.2010 23:17, schrieb Chuck Mortimore: +1. Our primary use-cases for the assertion flow are for clients acting on behalf of users, and not

Re: [OAUTH-WG] misc comments on draft

Another a little bit of comment. In Section 3.4, it states: 3.4. Client Credentials When requesting access from the authorization server, the client identifies itself using its authorization-server-issued client credentials. I think the client credentials need to to be authorization-s

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

In UMA, we've got use cases for "person-to-service" sharing that can act much like the user-delegated OAuth patterns of today (essentially introducing two services to interact on your own behalf), and also use cases for "person-to-person" sharing that involve a "separate resource owner", hence o

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

+1. Our primary use-cases for the assertion flow are for clients acting on behalf of users, and not autonomously. I believe Eran already has this on his list of feedback when the assertion flow gets edited. We also have need for a 2 legged Oauth model, and are looking at the client credentia

Re: [OAUTH-WG] Call for Consensus (Deadline: April 22)

+1 I am assuming this means that the current draft will become the initial check point, version 00. Is that correct? Marius On Mon, Apr 26, 2010 at 12:41 PM, Torsten Lodderstedt wrote: > +1 > > Eran's draft is a very good foundation for further work. > > regards, > Torsten. > > Am 23.04.2010

Re: [OAUTH-WG] Call for Consensus (Deadline: April 22)

+1 Eran's draft is a very good foundation for further work. regards, Torsten. Am 23.04.2010 13:20, schrieb Blaine Cook: This is a call for consensus on accepting Eran's latest OAuth draft, draft-hammer-oauth2 [1] as a working group item. Assuming no objections by end-of-day Tuesday, April 22nd

Re: [OAUTH-WG] Call for Consensus (Deadline: April 22)

+1 on this as a starting point. From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of David Recordon Sent: Friday, April 23, 2010 10:54 AM To: Blaine Cook Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Call for Consensus (Deadline: April 22) +1 Eran has done a really great job e