A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Device Flow for Browserless and Input
Constrained Devices
Authors : William Denniss
We have discussed this.
Audiences can certainly be logical identifiers.
This however is a more specific location. The AS is free to map the
location into some abstract audience in the AT.
From a security point of view once the client starts asking for logical
resources it can be tricked int
Hi Vittorio,
The text you quoted is copied form the abstract of the draft itself.
*Authors,*
Should the draft be updated to cover the logical identifier case?
Regards,
Rifaat
On Thu, Jan 17, 2019 at 8:19 AM Vittorio Bertocci
wrote:
> Hi Rifaat,
> one detail. The tech summary says
>
> An e
Hi Rifaat,
one detail. The tech summary says
An extension to the OAuth 2.0 Authorization Framework defining request
parameters that enable a client to explicitly signal to an authorization server
about the *location* of the protected resource(s) to which it is requesting
access.
But at least in t
