Re: [OAUTH-WG] Audience parameter in authorization flow

2013-08-21 Thread Phil Hunt
the audience being >>> part of the restrictions for "act as" or "on behalf of" support >>> >>> -Original Message- >>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of >>> Hannes Tschofenig >&

Re: [OAUTH-WG] Audience parameter in authorization flow

2013-08-21 Thread Justin Richer
.org] On Behalf Of Hannes Tschofenig Sent: Wednesday, August 21, 2013 9:41 AM To: Phil Hunt Cc: Subject: Re: [OAUTH-WG] Audience parameter in authorization flow That's certainly true although the referenced document did not talk about the registration phase but rather about the time when the

Re: [OAUTH-WG] Audience parameter in authorization flow

2013-08-21 Thread Phil Hunt
ent: Wednesday, August 21, 2013 9:41 AM > To: Phil Hunt > Cc: > Subject: Re: [OAUTH-WG] Audience parameter in authorization flow > > That's certainly true although the referenced document did not talk about the > registration phase but rather about the time when the cl

Re: [OAUTH-WG] Audience parameter in authorization flow

2013-08-21 Thread Anthony Nadalin
g [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Wednesday, August 21, 2013 9:41 AM To: Phil Hunt Cc: Subject: Re: [OAUTH-WG] Audience parameter in authorization flow That's certainly true although the referenced document did not talk about the registration phase but rathe

Re: [OAUTH-WG] Audience parameter in authorization flow

2013-08-21 Thread Hannes Tschofenig
That's certainly true although the referenced document did not talk about the registration phase but rather about the time when the client talks to the authorization server to obtain an access token. Maybe UMA has provided a story for this already... On 08/21/2013 06:35 PM, Phil Hunt wrote: T

Re: [OAUTH-WG] Audience parameter in authorization flow

2013-08-21 Thread Phil Hunt
This could be bound up in the client registration process since oauth clients don't authorize for random "targets". Phil @independentid www.independentid.com phil.h...@oracle.com On 2013-08-21, at 9:30 AM, "Tschofenig, Hannes (NSN - FI/Espoo)" wrote: > Hi Sergey, > > The idea of the

Re: [OAUTH-WG] Audience parameter in authorization flow

2013-08-21 Thread Tschofenig, Hannes (NSN - FI/Espoo)
Hi Sergey, The idea of the audience was to provide a way for the client to indicate the resource server it wants to talk to explicitly rather than overloading the scope field. We certainly need that capability for the MAC token work. The audience information is provided when the client intera

Re: [OAUTH-WG] Audience parameter in authorization flow

2013-08-19 Thread Sergey Beryozkin
Hi, Thanks for the feedback, On 19/08/13 17:09, Justin Richer wrote: Both of those make sense to me, and it mimics what "scope" does today. Namely, clients can usually register for a list of scopes that they want access to, then at authorization time they ask for a particular set to be approved