Re: [OAUTH-WG] Recent UMA work that may inform this group's deliberations

2010-03-09 Thread Dick Hardt
On 2010-03-09, at 7:05 AM, Eve Maler wrote: > > It's a good idea to give guidance on how the scope parameter should be used. > That way, it will help avoid "abuse" of the parameter for other purposes, and > clashes if different deployments are using it in different ways. (I suspect > that th

Re: [OAUTH-WG] Recent UMA work that may inform this group's deliberations

2010-03-09 Thread Eve Maler
Thanks for your further feedback. Just a couple of comments back (eliding other portions of the thread): On 8 Mar 2010, at 2:21 PM, Dick Hardt wrote: > On 2010-03-05, at 6:57 AM, Eve Maler wrote: 2c. Currently, WRAP doesn't say anything about how to fill the scope parameter valu

Re: [OAUTH-WG] Recent UMA work that may inform this group's deliberations

2010-03-08 Thread Dick Hardt
On 2010-03-05, at 6:57 AM, Eve Maler wrote: > More below... > > On 4 Mar 2010, at 5:43 PM, Dick Hardt wrote: > >> Thanks Eve, comments inserted ... >> >> On 2010-03-04, at 12:51 PM, Eve Maler wrote: >> >>> As requested on today's call, here's a description of the places where UMA >>> seems

Re: [OAUTH-WG] Recent UMA work that may inform this group's deliberations

2010-03-05 Thread Eve Maler
More below... On 4 Mar 2010, at 5:43 PM, Dick Hardt wrote: > Thanks Eve, comments inserted ... > > On 2010-03-04, at 12:51 PM, Eve Maler wrote: > >> As requested on today's call, here's a description of the places where UMA >> seems to need "more" than what the WRAP paradigm offers (both prof

Re: [OAUTH-WG] Recent UMA work that may inform this group's deliberations

2010-03-04 Thread Eve Maler
Quick feedback... On 4 Mar 2010, at 5:42 PM, Dick Hardt wrote: > Hi Eve > > Looking at the WRAP oriented comments in the spec, here are some comments / > questions: > > Note > WRAP doesn't seem to say HTTPS is required for the user authorization URL; is > this a bug in the WRAP spec? If not,

Re: [OAUTH-WG] Recent UMA work that may inform this group's deliberations

2010-03-04 Thread Dick Hardt
Thanks Eve, comments inserted ... On 2010-03-04, at 12:51 PM, Eve Maler wrote: > As requested on today's call, here's a description of the places where UMA > seems to need "more" than what the WRAP paradigm offers (both profiling and > extending), based on the proposal at: > > http://kantarai

Re: [OAUTH-WG] Recent UMA work that may inform this group's deliberations

2010-03-04 Thread Dick Hardt
Hi Eve Looking at the WRAP oriented comments in the spec, here are some comments / questions: Note WRAP doesn't seem to say HTTPS is required for the user authorization URL; is this a bug in the WRAP spec? If not, is it a good idea for us to profile it in this way? Finally, is this the right p

Re: [OAUTH-WG] Recent UMA work that may inform this group's deliberations

2010-03-04 Thread Eve Maler
As requested on today's call, here's a description of the places where UMA seems to need "more" than what the WRAP paradigm offers (both profiling and extending), based on the proposal at: http://kantarainitiative.org/confluence/display/~xmlg...@idp.protectnetwork.org/Proposal+for+UMA+1.0+Core+P

[OAUTH-WG] Recent UMA work that may inform this group's deliberations

2010-03-04 Thread Eve Maler
Folks may be interested to see the following experiment being performed in the UMA group: http://kantarainitiative.org/confluence/display/~xmlg...@idp.protectnetwork.org/Proposal+for+UMA+1.0+Core+Protocol This is a proposal for a spec that uses a WRAP-friendly approach to solving our use cases.