+1 for solution 2
Regarding usage of the scope attribute: As Dick suggested, the spec
should state that the client should pass the scope attributes content to
the corresponding scope parameter in any authorization flow. Moreover, I
would suggest, clients should be allowed to combine scopes fro
'scope' shouldn't be defined as a (as it is in section 6.1
WWW-Auth header). That implies two 'scope' values should be compared as URIs --
by seeing if they identify the same resource (ie resolve to the same absolute
URI). I don't think this was intended.
Facebook, for instance, have a 'scope'
I don't recall any discussion at the level of detail that Torsten is asking
about.
My inclination would be the Client would include the what was returned in
WWW-Authenticate in the access request call.
On Tue, Jun 1, 2010 at 11:47 AM, Peter Saint-Andre wrote:
> We discussed this a bit at the int
Do you mean minutes?
The chairs are working on that, AFAIK.
/psa
On 6/1/10 1:20 PM, Torsten Lodderstedt wrote:
> is there a protocol of the interim meeting?
>
> Am 01.06.2010 20:47, schrieb Peter Saint-Andre:
>> We discussed this a bit at the interim meeting, but I don't think we
>> came to any
is there a protocol of the interim meeting?
Am 01.06.2010 20:47, schrieb Peter Saint-Andre:
We discussed this a bit at the interim meeting, but I don't think we
came to any consensus.
On 6/1/10 12:46 PM, Torsten Lodderstedt wrote:
Is there anyone who can answer my questions?
Am 30.05.2010
We discussed this a bit at the interim meeting, but I don't think we
came to any consensus.
On 6/1/10 12:46 PM, Torsten Lodderstedt wrote:
> Is there anyone who can answer my questions?
>
> Am 30.05.2010 17:56, schrieb Torsten Lodderstedt:
>> I have some questions regarding the WWW-Authenticate h
Is there anyone who can answer my questions?
Am 30.05.2010 17:56, schrieb Torsten Lodderstedt:
I have some questions regarding the WWW-Authenticate header's "scope"
attribute.
The spec states
"The "scope" attribute is a space-delimited list of URIs (relative or
absolute) indicating the req
