As brought up in the F2F today in Yokohama, the UMA Resource Set Registration
document is here:
https://docs.kantarainitiative.org/uma/draft-oauth-resource-reg.html
The ID has expired and is out of sync with the Kantara document.
— Justin
___
OAuth m
I am thinking that the api management perspective might be very different than
UMAs. Eg we want to automatically register resource servers to be managed and
negotiate token format and introspection.
Today this is all done manually both when installing and when packaging
software for distributi
The concepts on resource registration is also very important when it comes to
IoT so I think we will get there soon enough.
/ Erik
> On 05 Nov 2015, at 09:35, Phil Hunt wrote:
>
> I am thinking that the api management perspective might be very different
> than UMAs. Eg we want to automatically
Hi John, and Jim
Thanks for the feedback
On 04/11/15 22:20, John Bradley wrote:
For a native app you can have one clientID and no secret (same as having one
secret for all of them) or you can use dynamic client registration to give each
one a separate client_id and secret.
The middle ground i
Hi John
On 05/11/15 11:09, Sergey Beryozkin wrote:
Hi John, and Jim
Thanks for the feedback
On 04/11/15 22:20, John Bradley wrote:
For a native app you can have one clientID and no secret (same as
having one secret for all of them) or you can use dynamic client
registration to give each one a s
My slightly late WGLC review follows...
SUBSTANTIVE ISSUES:
Section 3, paragraph 8: Change "extension variables such as "nonce",
"userinfo", and "id_token"" to "extension parameters such as "nonce",
"max_age", and "claims"". ("userinfo" and "id_token" are values within the
"claims" extension
The spec is very clear for most cases, but I think it could use some
guidance on nested JWTs.(Or perhaps I've got the approach wrong.)
Here's the use-case:
We have devices that are self-issuing keys.Via token exchange, we're
going to except a self-signed JWT from the device that includes a
I just checked the minutes from the Prague IETF meeting and noticed that
Tony, Brian, Erik, Nat, and Eduardo promised to review the native apps
draft and post their review comments to the list.
Could you please do your reviews?
Ciao
Hannes
signature.asc
Description: OpenPGP digital signature
_
