Darren,
I have got some questions regarding your posting, esp. the assertion.
1) cliqset.com would like to request an access token from google.com.
Sends a request with grant_type=assertion.
Request:
POST /token HTTP/1.1
Host: google.com
Content-Type: application/x-www-form-urlencoded
grant_ty
Eve,
how does UMA plan to address resource servers during the OAuth end-user
authorization process?
regards,
Torsten.
Am 29.07.2010 02:37, schrieb Eve Maler:
Belatedly... Sorry if I sound like a broken record on this, but: Most
of UMA's use involve letting a user introduce their various hos
Belatedly... Sorry if I sound like a broken record on this, but: Most of UMA's
use involve letting a user introduce their various hosts (UMA-flavored resource
servers) to their single chosen "authorization manager" (UMA-flavored
authorization server), by treating the former as a dynamically int
Folks interested in protected feeds may be interested in UMA's solution, which
proposes mechanisms to demand "claims" from the requesting side based on
user-specified policyon the authorizing server side. An example of
UMA-protected resources that require agreement to terms can be seen in the
Please excuse the cross posting.
Following the Federated Social Web Summit in Portland a couple weeks
ago, there has been a lot of chatter around protected feeds and how
they'll function to achieve SWAT0
(http://federatedsocialweb.net/wiki/SWAT0). Protected feed
subscriptions are clearly an impor
From
http://developers.facebook.com/docs/authentication/canvas
Why is the signature first?
Doing a left split is usually easier than a right one. It also allows us to
pursue other encodings, like hex for the signature and percent encoding for the
payload.
Why is it called signed_request?
It's t
On Tue, Jul 27, 2010 at 4:31 PM, Nat Sakimura wrote:
> Hi.
>
> Currently, the discovery document would have something like:
>
> {
>"verification_keys": {
>"key1":"RSA.ALqcwR...",
>"key2":"X509.
>}
> }
>
> It defines RSA and X509. Could we define a
MAY it is. Thanks
On Jul 28, 2010 4:06 AM, "Igor Faynberg"
wrote:
+1 on MAY; (+0.3 on SHOULD).
Igor
Torsten Lodderstedt wrote:
>
> Am 28.07.2010 um 01:40 schrieb Brian Eaton :
>
>...
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mail
+1 on MAY; (+0.3 on SHOULD).
Igor
Torsten Lodderstedt wrote:
Am 28.07.2010 um 01:40 schrieb Brian Eaton :
On Tue, Jul 27, 2010 at 11:56 AM, Brian Campbell
wrote:
There seem to be two potential arguments against it - the burden of
tracking the state and the potential that it's unnec
thanks for sharing your thoughts.
Differentiating resource servers by using different end-user
authorization endpoint URLs is an option. I dont't know how this will
work in conjunction with discovery, especially since this
differentiation might by required on other endpoints, too. For example,
10 matches
Mail list logo
