I was under the impression from my reading of the spec, that scopes were
only ever intended as coarse-grained authorizations. I would not expect
the AS to control finer-grained access as that would require intimate
knowledge of the contents of the resource server. (For example, what
calendars
My company intends to add OAuth2 support for its groupware services (mail -
imap/pop3/smtp, calendar, and contacts. We are “big enough” to have specific
configurations in common groupware clients like Thunderbird and Outlook.
Although we do not yet allow 3rd party AS, this may change in the
Hi Daniel,
from the history of the group I think it is fair to say that we can
guarantee that there will be further work on this topic.
The reason why I agree with Nat is that neither DPoP nor MTLS paint the
bigger picture.
Ciao
Hannes
Am 03.04.2023 um 09:20 schrieb Daniel Fett:
Hi
Hi Nat,
after reading through the PoP architecture document again, my impression
is that this document had a lot of value before MTLS and DPoP came
along. But when thinking about what an updated version could look like,
and considering that it is unlikely for the moment that many other PoP
