Eve,
A number of us want to hold a session on the Tuesday of IIW to discuss the
various options, that people have built.
UMA is one of the more advanced ones, but we also have Ping, MITRE, AOL, and
others.
There is a fair amount of overlap between them.
If the AS RS work is not included in t
Once again, you may want to look at the UMA core I-D to see how it defines an
AS/RS interface:
http://tools.ietf.org/html/draft-hardjono-oauth-umacore-04
(see particularly Section 3.3)
It uses what is by now a very common token introspection pattern to have the RS
get the AS's crucial help in v
Hi Justin,
In my opinion, the OpenID Connect introspection/checkid endpoint is a
convenience function for clients (not resource servers) unable to
decrypt id tokens and validate their signatures. I'm not convinced this
function is needed, that's why I proposed to drop it.
The AS-PR endpoint
Some of the use cases I have discussed with people also involve returning SAML
tokens in the response for dealing with some existing systems.
In principal if the RS is authenticated to the AS (perhaps with OAuth) then
the correct response format RS can be provided.
We need to decide what p
I think we might be crossing wires about input to the token
introspection endpoint vs. output from it.
In OpenID Connect, you send a JWT in, and get back a JSON object that
represents the Claims bit of the JWT.
In our implementation (and I think both Ping and AOL's), you send in an
arbitrary
Hi Justin,
I refered to the data format used at the AS-PR interface. According to
your description, you use JSON objects there. What data does such an
object contain? Is this any different from a JSON Web Token (leaving
aside digital signatures and encryption)?
regards,
Torsten.
Am 18.04.20
Not all implementations in the field that do this are using JWTs as the
tokens. Ours in particular used a random blob with no structured
information in it. The endpoint returned a JSON object.
-- Justin
On 04/18/2012 03:53 PM, Torsten Lodderstedt wrote:
Hi all,
is there enough experience in
Hi all,
is there enough experience in the field with such an interface to
standardize it?
I would expect such an endpoint to return the same payload, which is
carried in a JSON Web Token. So once we designed the JSON Web Tokens
content, designing the AS-PR interface could be the next logical
OK, but with SWD and discovery off the table, can this now be
considered to be within that manageable number instead?
We wanted to keep the # of WG items to approximately 5. Once we finish
some of these items and get them off our plate we could roll new items
onto the plate, theoretically.
Justin Richer writes:
> OK, but with SWD and discovery off the table, can this now be
> considered to be within that manageable number instead?
We wanted to keep the # of WG items to approximately 5. Once we finish
some of these items and get them off our plate we could roll new items
onto the
The Ping doc was sent a while back on a different thread about
re-charting: http://www.ietf.org/mail-archive/web/oauth/current/msg08607.html
I should probably have my people (aka Paul) submit it as an actual I-D?
On Sat, Apr 14, 2012 at 8:25 AM, John Bradley wrote:
> There is a Ping document. I
There is a Ping document. I was talking to openAM/ForgeRock today about a
similar endpoint they are working on.
Justin can submit his and I will look for the others.
John B.
Sent from my iPhone
On 2012-04-14, at 2:28 PM, "Tschofenig, Hannes (NSN - FI/Espoo)"
wrote:
>
> OK, but
smime
: Mike Jones
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Updated Charter to the IESG (this weekend)
OK, but with SWD and discovery off the table, can this now be considered
to be within that manageable number instead?
-- Justin
On 04/13/2012 01:10 PM, Mike Jones wrote:
> Yes, there was
rg WG
Subject: Re: [OAUTH-WG] Updated Charter to the IESG (this weekend)
Did the "Introspection Endpoint" or "Methods for connecting a PR to an AS" get
dropped? There seemed to be interest in the list in coming up with a generally applicable scheme,
or set of schemes, to do this, a
-boun...@ietf.org] On Behalf Of
Justin Richer
Sent: Friday, April 13, 2012 10:02 AM
To: Hannes Tschofenig
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Updated Charter to the IESG (this weekend)
Did the "Introspection Endpoint" or "Methods for connecting a PR to an AS" get
dr
Did the "Introspection Endpoint" or "Methods for connecting a PR to an
AS" get dropped? There seemed to be interest in the list in coming up
with a generally applicable scheme, or set of schemes, to do this, and
there are certainly no shortage of starting points. Both AOL and Ping
have their ow
/.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Igor
Faynberg
Sent: Thursday, April 12, 2012 9:58 AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] Updated Charter to the IESG (this weekend)
Hannes,
I
Hannes,
I took a look (a bit longer than just "quick"), and what I see
completely coincides with my understanding of the result of the discussions.
Good job!
Igor
On 4/12/2012 6:55 AM, Hannes Tschofenig wrote:
Hey guys
based on the discussion before, during, and after the Paris IETF meetin
Hi Hannes, do you mean 'discover relevant OAuth endpoints *for* a
resource server'? ie instead of discovering the RS itself?
On 4/12/12 6:55 AM, Hannes Tschofenig wrote:
Hey guys
based on the discussion before, during, and after the Paris IETF meeting I am
going to send the following updated
With the exception of SWD which is still being discussed, this looks good.
EH
On Apr 12, 2012, at 6:55, "Hannes Tschofenig" wrote:
> Hey guys
>
> based on the discussion before, during, and after the Paris IETF meeting I am
> going to send the following updated charter / milestones to the IE
Hey guys
based on the discussion before, during, and after the Paris IETF meeting I am
going to send the following updated charter / milestones to the IESG.
Please have a quick look (till the end of the week) to double-check the content
(particularly the suggested milestone dates):
--
21 matches
Mail list logo
