Hello Ludwig, This is UMA. The ticket is a way for RS to register client’s request with AS, giving it the ability to communicate other scopes etc related to request.
Client presents the ticket to AS to obtain an access token. (So ticket is not an access token). I brought UMA ticket up to respond Jim’s original question of: “Jim is suggesting to add hints to the audience and scope the resource server expects for accessing this resource.” The ticket is a reference to audience/scopes the rs communicated to as with respect to the request. I already touched upon the feasibility of this in ACE given that rs and as may not be always connected. More info: https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-08.html#permission-endpoin <https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-08.html#permission-endpoint> t Thanks, On Monday, November 6, 2017, Ludwig Seitz <ludwig.se...@ri.se <javascript:_e(%7B%7D,'cvml','ludwig.se...@ri.se');>> wrote: > On 2017-11-05 18:37, Cigdem Sengul wrote: > >> In the case of rogue requestor being the client, it does not have >> visibility into what is included in the permission ticket ( ticket is a >> reference returned by rs to be presented at as). It may dos Rs with >> requests, which rs may implement a solution like rate limiting (not >> described in uma). >> >> The as api for rs is protected via an oauth2 token (PAT) which rs must >> present for permission registration (as well as for other functions). This >> Pat allows as to map es’s request to a particular Ro. Rs can only ask for >> permissions for the resources and scopes it already registered with the As. >> >> Hope I was able to clarify. >> >> Thanks, >> —Cigdem >> >> > Just for even more clarity: What you (or is it UMA?) call ticket is > equivalent to the OAuth access tokens? > > /Ludwig > > -- > Ludwig Seitz, PhD > Security Lab, RISE SICS > Phone +46(0)70-349 92 51 > > _______________________________________________ > Ace mailing list > Ace@ietf.org > https://www.ietf.org/mailman/listinfo/ace >
_______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
