Tony, thanks for the comments. Your timing is great, as I was just today
sitting down to polish the introspection draft into a proper WG document ready
for the last-call tomorrow. I’ve just posted the updated draft, and I think
that you’ll find it addresses your concerns. More direct answers inl
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth 2.0 Token Introspection
Author : Justin Richer
Filename: draft-
Hannes,
I’ve had a chance to more thoroughly re-read both the drafts and your notes, I
think you’re actually correct about the IANA registration. We register
“client_id” and “client_secret”, even though they can’t be requested by the
client. As such, we do need to register “registration_access_
Tom,
I think this is interesting and important work as it could help more directly
bridge the gap between Kerberos deployments (more common in enterprise/LAN
environments) and the OAuth/web/mobile world.
When you get down to it, there are really two things going on here: mapping
Kerberos tick
Added more technical details and examples.
--- Begin Message ---
A new version of I-D, draft-yu-oauth-token-translation-01.txt
has been successfully submitted by Tom Yu and posted to the
IETF repository.
Name: draft-yu-oauth-token-translation
Revision: 01
Title: A Kerber
Comments
Intro
"about the authentication conext", not sure what this is since there is no
authentication context in Oauth
Use of Oauth2, mixed with use of Oauth, pick one
"allows holder of a token to query" so anything/anyone that has a token can use
this endpoint?
Introspection Endpoint
Use of
