On Wed, Oct 23, 2013 at 8:37 PM, Eve Maler <e...@xmlgrrl.com> wrote: > Hi Thomas-- You may want to take a look at UMA, which leverages both OAuth > and Justin's token introspection draft. Token introspection on its own is a > "shallow" kind of loose coupling between authorization servers and resource > servers. If these are operated by different organizations, as appears to be > the case for you, then "deep" loose coupling may be need to answer > questions about how the AS and RS onboard and establish trust with each > other. UMA provides one set of answers for how to do this. You can find > more info at http://tinyurl.com/umawg. >
There are interesting concepts in UMA. In our case though, AS, PR and Clients are all operated by different organizations, but we do have "strong coupling" between them (a central registry of PRs and Clients). Thanks anyway.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
