FYI: I have just submitted the OAuth2.0 Token Introspection
specification to the IESG.
Here is the shepherd writeup:
http://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/shepherdwriteup/
signature.asc
Description: OpenPGP digital signature
ion.
What about the Audience restricted tokens, do you expect the endpoint to ignore
this and process the tokens for metadata ?
From: Justin Richer [mailto:jric...@mit.edu]
Sent: Monday, December 1, 2014 4:42 PM
To: Anthony Nadalin
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] draft-ietf-oauth-
> From: Justin Richer [mailto:jric...@mit.edu]
> Sent: Sunday, November 30, 2014 6:57 PM
> To: Anthony Nadalin
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] draft-ietf-oauth-introspection
>
> Tony, thanks for the comments. Your timing is great, as I was just today
>
ot;active" is supposed to mean so folks get
the same results on different endpoints
From: Justin Richer [mailto:jric...@mit.edu]
Sent: Sunday, November 30, 2014 6:57 PM
To: Anthony Nadalin
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] draft-ietf-oauth-introspection
Tony, thanks for the commen
Tony, thanks for the comments. Your timing is great, as I was just today
sitting down to polish the introspection draft into a proper WG document ready
for the last-call tomorrow. I’ve just posted the updated draft, and I think
that you’ll find it addresses your concerns. More direct answers inl
Comments
Intro
"about the authentication conext", not sure what this is since there is no
authentication context in Oauth
Use of Oauth2, mixed with use of Oauth, pick one
"allows holder of a token to query" so anything/anyone that has a token can use
this endpoint?
Introspection Endpoint
Use of
