Hi Hannes-- That's kind of a cool idea. You're right that it's a "client
account" of sorts. At least worth exploring, I'd say, unless a SCIM expert
pipes up with a reason why not.
Eve
On 13 Apr 2012, at 7:36 AM, Hannes Tschofenig wrote:
> Hi all,
>
> at the IETF#83 OAuth working grou
Thanks Blaine. I appreciate it, and I’m sorry for any misstatements in my
note. Yes, we both agree on how important this and I look forward to working
with you to make it happen!
Best wishes,
On 13 April 2012 12:18, Mike Jones wrote:
> Hi Blaine. I must admit, I’m pretty surprised by the tone of your
> reply. I’ll say up front that I have absolutely no problem with anyone
> disagreeing with me on a technical or tactical basis. If you think I’m
> wrong, have at it.
>
> ** **
>
Inline.
On 2012-04-13, at 9:13 PM, Lewis Adam-CAL022 wrote:
> Hi Justin …
>
> In your application, to start things off, you fire off a web browser to the
> authorization server's authorization endpoint. The user logs in to the
> authorization server through the web browser, approves this copy
Hi Justin ...
In your application, to start things off, you fire off a web browser to the
authorization server's authorization endpoint. The user logs in to the
authorization server through the web browser, approves this copy of your app,
and gets redirected to "myapp://oauthcallback?code=basdf
Chuck,
The intent is clear. Perhaps the following change would clarify the text:
Old: The Authorization Server MUST validate the assertion in order to establish
a mapping between the Issuer and the secret used to generate the assertion.
New: The Authorization Server MUST validate the assertion's
OK, but with SWD and discovery off the table, can this now be considered
to be within that manageable number instead?
-- Justin
On 04/13/2012 01:10 PM, Mike Jones wrote:
Yes, there was an explicit decision in that regard. My sense was that the WG
did think they're important but they only wa
> -Original Message-
> From: apps-discuss-boun...@ietf.org [mailto:apps-discuss-boun...@ietf.org] On
> Behalf Of Stephen Farrell
> Sent: Friday, April 13, 2012 9:23 AM
> To: oauth@ietf.org WG
> Cc: Apps Discuss
> Subject: Re: [apps-discuss] [OAUTH-WG] Web Finger vs. Simple Web Discovery
>
Following-up on the OAUTH WG re-chartering discussion I have submitted an
updated draft on the OAuth use cases.
Compared to the previous version there are only minor changes in the Abstract
and Introduction sections.
All comments are welcomed.
Zachary
-Original Message-
From: internet-
Hi Zachary - sorry about the delay in responding.
Perhaps the language is a bit confusing - let me explain the intent and see if
it makes sense and if you have a recommendation on how it could be made clearer.
All this is really saying is that the Authorization server must validate the
signatur
Or perhaps update/extend the existing spec to do what is needed? Is there
anything that is fundamentally in conflict?
-bill
>
> From: Igor Faynberg
>To: John Bradley
>Cc: oauth@ietf.org
>Sent: Thursday, April 12, 2012 11:29 AM
>Subject: Re: [OAUTH-WG] Web
Yes, there was an explicit decision in that regard. My sense was that the WG
did think they're important but they only wanted to take on a manageable number
of tasks at once.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@i
Did the "Introspection Endpoint" or "Methods for connecting a PR to an
AS" get dropped? There seemed to be interest in the list in coming up
with a generally applicable scheme, or set of schemes, to do this, and
there are certainly no shortage of starting points. Both AOL and Ping
have their ow
If the mobile device has a web browser (such as a smart phone), then
this is pretty easy, and you've got a couple of options.
One of the best options when the token is on behalf of an end user is,
in my opinion, to use the authorization code flow like this: First,
register what's called a "pub
On 12 April 2012 13:00, Hannes Tschofenig wrote:
> Hi all,
>
> those who had attended the last IETF meeting may have noticed the ongoing
> activity in the 'Applications Area Working Group' regarding Web Finger.
> We had our discussion regarding Simple Web Discovery (SWD) as part of the
> re-chart
Hi All,
So Hannes and Derek and I have been discussing this with
the Apps ADs and Apps-area WG chairs. I've also read the
docs now, and after all that we've decided that this topic
(what to do with swd and webfinger) is best handled in the
apps area and not in the oauth WG.
The logic for that is
Hi Blaine. I must admit, I’m pretty surprised by the tone of your reply. I’ll
say up front that I have absolutely no problem with anyone disagreeing with me
on a technical or tactical basis. If you think I’m wrong, have at it.
But I am pretty shocked that you would decide to impugn my motives
Hi all,
at the IETF#83 OAuth working group meeting we had some confusion about the
Dynamic Client Registration and the Simple Web Discovery item. I just listened
to the audio recording again.
With the ongoing mailing list discussion regarding WebFinger vs. Simple Web
Discovery I hope that fo
18 matches
Mail list logo
