Thanks Brian!
I suggest to put a Note: in front of the last paragraph to indicate it is
additional infomercial.
WDYT?
> Am 03.09.2020 um 02:29 schrieb Justin Richer :
>
> Nice work, Brian. Looks good to me!
>
> From: Brian Campbell [bcampb...@pingiden
> Token introspection is an optional feature primarily intended for clients
No.
The abstract of RFC 7662 (OAuth Introspection) starts:
This specification defines a method for a protected resource to query
an OAuth 2.0 authorization server to determine the active state of an
OAuth 2.0 to
Nice work, Brian. Looks good to me!
From: Brian Campbell [bcampb...@pingidentity.com]
Sent: Wednesday, September 2, 2020 3:41 PM
To: Justin Richer
Cc: Takahiko Kawasaki; Torsten Lodderstedt; oauth
Subject: Re: [OAUTH-WG] WGLC Review of PAR
Thanks Torsten,
Thanks Torsten, Taka, and Justin,
I took the revised text from Justin and tweaked it with some typo cleanup
and minor adjustments to make what is hopefully a final proposal below. I
had a similar feeling about the last paragraph not really fitting but don't
have a better location to suggest so am
I agree, "limited access" makes sense. I am happy to create a PR, if required.
Current wording is:
The OAuth 2.1 authorization framework enables a*n* *third-party*
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval inter
The real conflict here is with the BCP and 2.1, both of which adopt the
stricter matching semantics for redirect URIs than 6749 does on its own. This
section would be needed to clarify how they relate to each other. That said, I
think adding some of Taka’s observations to Torsten’s text wouldn’t
I’m not sure that adding this amount of text to the privacy considerations
section is appropriate for an errata. If we wanted to do this, I believe we’d
need to do a new revision of 7662.
— Justin
> On Sep 2, 2020, at 4:39 AM, Denis wrote:
>
> Hi Ben,
>
> This new thread, i.e."Towards an RF
> On 2. Sep 2020, at 05:58, William Denniss
> wrote:
>
> +1 to drop the "third party", there are valid first party use-cases.
>
> On the subject, in first party cases the access may not be all that
> "limited", I wonder if it should read more genericly "an application to
> obtain access to
Hi Ben,
This new thread, i.e."Towards an RFC Errata to RFC 7662 ?" is used to
discuss one of the topics raised in:
Last Call: (JWT
Response for OAuth Token Introspection) to Proposed Standard
Only the text relevant to this topic has been left.
The text that has been discussed and polished w
