There's no reason why it can't be resource owner today.
On Dec 3, 2012, at 6:06 PM, <zhou.suj...@zte.com.cn<mailto:zhou.suj...@zte.com.cn>> <zhou.suj...@zte.com.cn<mailto:zhou.suj...@zte.com.cn>> wrote: +1. And why it was not looked at that time? oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org> 写于 2012-12-04 01:30:55: > Actually, I think it is a good time to start looking at the resourse > owner issuing assertions@ (Interestingly enough, Hui-Lan had brought > this up a couple of years ago.) > > Igor > > On 12/3/2012 3:58 AM, Nat Sakimura wrote: > I suppose, yes. I was reading it like that all the time. > Whether it is or not, if it is still ok, it might be better to clarify it. > Word like "third party" tends to be a bit of problem without clearlydefining. > I had similar experience in other fora. > > Nat > > Sent from iPad > > 2012/12/03 0:52、"zhou.suj...@zte.com.cn<mailto:zhou.suj...@zte.com.cn>" > <zhou.suj...@zte.com.cn<mailto:zhou.suj...@zte.com.cn>> の > メッセージ: > > could be Resource owner? > > > "Tschofenig, Hannes (NSN - FI/Espoo)" > <hannes.tschofe...@nsn.com<mailto:hannes.tschofe...@nsn.com>> > 发件人: oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org> > 2012-12-03 16:49 > > 收件人 > > "ext Nat Sakimura" <sakim...@gmail.com<mailto:sakim...@gmail.com>>, "Brian > Campbell" < > bcampb...@pingidentity.com<mailto:bcampb...@pingidentity.com>>, "oauth" > <oauth@ietf.org<mailto:oauth@ietf.org>> > > 抄送 > > 主题 > > Re: [OAUTH-WG] Assertion Framework - Why does issuer have to be > either the client or a third party token service? > > > > > Hi Nat, > > The current text essentially says that the assertion can either be > created by the client (in which case it is self-signed) or it can be > created by some other entity (which is then called the third party > token service). So, this third party could be the authorization server. > > Ciao > Hannes > > > From: oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org> > [mailto:oauth-boun...@ietf.org] On Behalf Of > ext Nat Sakimura > Sent: Monday, December 03, 2012 10:35 AM > To: Brian Campbell; oauth > Subject: [OAUTH-WG] Assertion Framework - Why does issuer have to be > either the client or a third party token service? > > Hi Brian, > > > The assertion framework defines the Issuer as: > > Issuer The unique identifier for the entity that issued the > assertion. Generally this is the entity that holds the key > material used to generate the assertion. The issuer may be either > an OAuth client (when assertions are self-issued) or a third party > token service. > > I was wondering why it has to be either the client or a third party > token service. > Conceptually, it could be any token service (functionality) residingin any of > > the stakeholders (Resource Owner, OAuth Client, Authorization Server, or > a third party). > > > I would appreciate if you could clarify why is the case. > > > Best, > > -- > Nat Sakimura (=nat) > Chairman, OpenID Foundation > http://nat.sakimura.org/ > @_nat_en > _______________________________________________ > OAuth mailing list > OAuth@ietf.org<mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org<mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org<mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
