Re: [OAUTH-WG] Tenancy in OAuth

2021-01-14 Thread Vladimir Dzhuvinov
Re: Tenancy in OAuth (Vladimir Dzhuvinov) > > > ------ > > Message: 1 > Date: Tue, 12 Jan 2021 16:13:26 -0500 > From: Justin Richer > To: Jaap Francke > Cc: "oauth@ietf.org&quo

Re: [OAUTH-WG] Tenancy in OAuth

2021-01-13 Thread Jaap Francke
--- Message: 1 Date: Tue, 12 Jan 2021 16:13:26 -0500 From: Justin Richer To: Jaap Francke Cc: "oauth@ietf.org" Subject: Re: [OAUTH-WG] Tenancy in OAuth Message-ID: Content-Type: text/plain; charset="utf

Re: [OAUTH-WG] Tenancy in OAuth

2021-01-12 Thread Vladimir Dzhuvinov
Hello Jaap, Justin made a good overview of the available OAuth facilities when dealing with multiple resource servers or resource server tenants. If you have control over the resource server, i.e. the token validation is going to happen in one place, then you have plenty of freedom to find out wh

Re: [OAUTH-WG] Tenancy in OAuth

2021-01-12 Thread Justin Richer
Hi Jaap, There have been a number of efforts to address this kind of thing in the OAuth world. You can definitely use a special scope to encode this value, which has the benefit of fitting into the implementation limitations of nearly all OAuth systems out there. The “resource” parameter can al

[OAUTH-WG] Tenancy in OAuth

2021-01-12 Thread Jaap Francke
Hi, I’m looking into the topic of tenancy. A multi-tenant service can be considered as an OAuth Resource Server managing resources of different tenants. An AS makes authorization decisions and communicates these using scopes, so one way would be to ‘encode’ the tenant into the scope values. Anot