[OAUTH-WG] Re: Feedback on draft-jenkins-oauth-public-00

Hi Neil, I mentioned in the zulip chat that I rather like the idea of using protocol names as scopes, but that maybe you'd want them to be finer grained.On second pass, I'm wondering if it'd make sense to expose a list of supported resources & protocols for the authorization server, not just relyin

[OAUTH-WG] Re: Feedback on draft-jenkins-oauth-public-00

Hi George, Thanks for the feedback. > Section 1.1 > * is there a reason that only email address based login identifiers are > supported? It seems like this profile could be used for other use cases as > well. No, this should just be username. (It is of course likely to be an email address, bu

[OAUTH-WG] Side meeting on ALFA 2.0 this afternoon at 2pm in Tennyson

Hi everyone, One of the topics I will be presenting during the OAuth session tomorrow is ALFA 2.0. If you want learn more, feel free to join us during a side meeting this afternoon: Thanks, David 14:00 - 15:00 Tennyson ALFA 2.0 - the Abbreviated Language for Authorization

[OAUTH-WG] Re: New issue: RAR object inside a TraT

Any statement I made at meeting the other day on this topic was less an actual proposal and more just a meta comment that there might be some confusion around the term "authorization details" because it is already used extensively in RAR to mean a RAR related thing. RFC9396 uses the term "authoriza