In this use case RS and AS could be implemented and operated by different
providers, MTI solves the interop issue.
-Tiru
From: Bill Mills [mailto:wmills_92...@yahoo.com]
Sent: Monday, March 09, 2015 11:10 AM
To: Tirumaleswar Reddy (tireddy); Hannes Tschofenig; oauth@ietf.org
Subject: Re: [OAUTH-
Explain to me why there should be one other than the desire to over-specify?
Why is one so clearly superior to any of the various possibilities that it
should be mandated?
I do not think that there is any clearly superior mechanism and so making any
particular one MTI is pointless and just like
Hi Bill,
Can you please provide more details why mandating specific key distribution
mechanism is not appropriate especially in case of loosely coupled systems ?
-Tiru
From: Bill Mills [mailto:wmills_92...@yahoo.com]
Sent: Monday, March 09, 2015 10:27 AM
To: Tirumaleswar Reddy (tireddy); Hannes
I do not believe making any specific key distribution MTI is aproprpiate.
On Sunday, March 8, 2015 8:06 PM, Tirumaleswar Reddy (tireddy)
wrote:
Hi Hannes,
http://tools.ietf.org/html/draft-ietf-oauth-pop-architecture-01#section-5.3
discusses long-term secret shared by the authorizat
Hi Hannes,
http://tools.ietf.org/html/draft-ietf-oauth-pop-architecture-01#section-5.3
discusses long-term secret shared by the authorization server with the resource
server but does not mention the out-of-band mechanism.
In
http://tools.ietf.org/html/draft-ietf-tram-turn-third-party-authz-13#
