hart/Lexington/IBM@IBMUS,
> Cc: Prateek Mishra , IETF oauth WG
>
> Date:07/19/2013 12:22 PM
> Subject:Re: [OAUTH-WG] AS associated to multiple IdPs
>
>
>
> I think most people look this similarly to SSO account mapping. Typically
> someon
n, MA 01460-1250
1-978-899-4705
2-276-4705 (T/L)
lainh...@us.ibm.com
From: John Bradley
To: Todd W Lainhart/Lexington/IBM@IBMUS,
Cc: Prateek Mishra , IETF oauth WG
Date: 07/19/2013 12:22 PM
Subject: Re: [OAUTH-WG] AS associated to multiple IdPs
I think most people look thi
Prateek Mishra
> To:Todd W Lainhart/Lexington/IBM@IBMUS,
> Cc: IETF oauth WG
> Date:07/18/2013 09:48 PM
> Subject:Re: [OAUTH-WG] AS associated to multiple IdPs
>
>
>
> Todd - doesnt the AS have adequate "scope" in
Todd W Lainhart/Lexington/IBM@IBMUS,
Cc: IETF oauth WG
Date: 07/18/2013 09:48 PM
Subject: Re: [OAUTH-WG] AS associated to multiple IdPs
Todd - doesnt the AS have adequate "scope" information to guess which
resource server the token might get delivered to? I am afraid thats a
You could pass the RS's opaque tokens and do introspection or send signed JWT
to avoid the introspection step.
There is no guarantee that the user portion of identities used to login to your
AS will be globaly unique.
You need to scope the user part to the issuer in the token you issue to the R
Todd - doesnt the AS have adequate "scope" information to guess which
resource server the token might get delivered to? I am afraid thats
about as far as the OAuth flows go in capturing the "target" of the
final request.
Couldn't the "scope" information be used by the AS to decide between
inc
This is not specifically an OAuth question per se, but there's enough
experience here from multiple domains (e.g. OIDC, UMA, SCIM) that someone
might be able to give me a pointer.
I'm considering the case where an authorization server is associated to
multiple IdPs, such that identity could com
