On Fri, Jun 4, 2010 at 8:23 AM, Justin Richer <jric...@mitre.org> wrote:
> > We should solve one problem at a time. It's easy to layer structure > > on top of an opaque blob in a separate spec. > > +1 to this. Token structure seems like a nice idea, but it's outside > what should be dictated by the OAuth spec. We want people to be able to > use OAuth to shuttle their existing tokens around, or create hexblobs > that mean nothing to anyone else, or encode 37 fields in a structured > format that's signed with a private key, or whatever else they want to > do, and still have all of that be OAuth. If someone wants to say "we use > OAuth and our tokens are UberTokens so they're compatible with everyone > else", that's fine; but you should be fully able to do OAuth without > adding *any* structure to your tokens whatsoever. Token format has been out of scope of WRAP and OAuth 2.0. A separate spec defining standard tokens has been discussed. Luke was commenting on not supporting multiple AS. That *IS* in scope and was a design objective and *IS* being implemented. -- DIck >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
