Congrats..!!! Its been a great - highly extensible framework which can be
leveraged to address many aspect in REST security...
Thanks & regards,
-Prabath
On Wed, May 15, 2013 at 10:54 PM, Mike Jones wrote:
> I’m pleased to report that OAuth 2.0 has won the 2013 European Identity
> Award for Bes
Yes. If its a new grant asking an access token with a new scope - then we
need to give a new acces token.
Thanks & regards,
-Prabath
On Fri, May 17, 2013 at 6:13 AM, Phil Hunt wrote:
> My understanding is this is ok if during authorization, the client
> requested at least "foo1 bar1 foo2" or "f
My understanding is this is ok if during authorization, the client requested at
least "foo1 bar1 foo2" or "foo1 bar1 foo2 bar2" for example. The effect of
asking for a separate token is the client has two tokens with different scopes.
"foo1 bar1" and "foo2". This is actually nice because each
Hi All,
I want to know, what is the correct way that authorization server must act
when same client with same resource owner is asking for an access token for
different scopes?
Let say.
1. Got an access token for scope "foo1, bar1"
2. Then , if same client with same resource owner asks for an
Hi All,
I want to know, what is the correct way that authorization server must act
when same client with same resource owner is asking for an access token for
different scopes?
Let say.
1. Got an access token for scope "foo1, bar1"
2. Then , if same client with same resource owner asks for an
This is nothing more than an RFC 6750 bearer token. These can expire, as
explained in that draft. (The can also be issued an a manner that they don't
expire.) Nothing new is being invented in this regard.
-- Mike
-Original Message-
From: oauth-boun...@
All,
In the dynamic registration draft, a new token type is defined called the
"registration access token". Its use is intended to facilitate clients being
able to update their registration and obtain new client credentials over time.
The client credential is issued on completion of the initia
Folks, please take generic discussion to the tools list. [1]
That's where it'll have some effect.
If you're only talking about what the oauth wg ought do that's
fine, but this reads as more generic.
Thanks,
S.
[1] https://www.ietf.org/mailman/listinfo/tools-discuss
On 05/16/2013 09:44 AM, Nat
I am by no means suggesting IETF to use Vim/emacs. That is counter
productive. I was merely pointing out that one has to decide the diff
policy wisely.
I like XMLMind's XML2RFC. Too bad it became commercial product only.
Intelligent diffs would work fine. However, there have been push back to
tha
