Yes, SWT or similar was what I was looking for. But all I could find was, well, nothing, and people indicating that SWT is dead - or at least not part of OAuth.
Originally I was looking for a claims based security standard for a REST API. That's why I ended up with OAuth - but having finally figured out the inner workings of OAuth, I see that OAuth is not claims based (at least not in the token). It's only federated, which is certainly good! But I was hoping to find something for REST that SAML does for SOAP: a standard for sending claims with each request. Thanks, Jørn On Sep 1, 10:19 pm, Dick Hardt <dick.ha...@gmail.com> wrote: > There were a couple of documents that described standard access tokens. SWT > (Simple Web Token was one of those) > > The WRAP and OAuth work specifically were token agnostic. > > -- Dick > > On 2010-08-31, at 11:54 PM, Jørn Wildt wrote: > > > Thanks! So OAuth is only concerned with the actual exchange of the > > authorization token and access token - not what's in them. Further: > > it's up to the OAuth vendor to decide how it should handle those > > tokens internally. > > > For instance: When an end user grants access to something, then this > > is registered internally in the application, and when a resource > > webservice receives the access token, it looks it up in the internal > > register to see what it is valid for? The specs say nothing about what > > the webservice should do with that token. Right? > > > /Jørn > > > On Sep 1, 7:58 am, John Kristian <jmkrist...@gmail.com> wrote: > >> It's vendor specific. > > > -- > > You received this message because you are subscribed to the Google Groups > > "OAuth" group. > > To post to this group, send email to oa...@googlegroups.com. > > To unsubscribe from this group, send email to > > oauth+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/oauth?hl=en. > > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oa...@googlegroups.com. To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.