Interesting question.

In our specific case, we don't really *need* interop as we have a single
AS, so the protocol could be specific to our needs. Building on a standard
however means that it might be easier to find software libraries
implementing it that could be used to build apps for our platform.
Similarly: we use OpenID Connect but we could have defined our own protocol
that issues OAuth access tokens. The benefit of standards are peer reviews
(particularly of privacy and security concerns) and software libraries.

>From my PoV, this goes along with registration: you register an app to an
AS, and if the app exposes resources protected using OAuth then it can use
introspection to allow/deny access. Interop of introspection is as
necessary as interop of registration; it means an app can easily be
"portable": deployable in different environments provided they implement
introspection (and/or registration, and/or OpenID Connect, etc.)
Maybe it falls under the UMA scope more than the OAuth WG though
(registration is not enough, you also need to register "resource sets" with
their scopes).


On Tue, Jul 29, 2014 at 2:11 AM, Phil Hunt <phil.h...@oracle.com> wrote:

> Could we have some discussion on the interop cases?
>
> Is it driven by scenarios where AS and resource are separate domains? Or
> may this be only of interest to specific protocols like UMA?
>
> From a technique principle, the draft is important and sound. I am just
> not there yet on the reasons for an interoperable standard.
>
> Phil
>
> On Jul 28, 2014, at 17:00, Thomas Broyer <t.bro...@gmail.com> wrote:
>
> Yes. This spec is of special interest to the platform we're building for
> http://www.oasis-eu.org/
>
>
> On Mon, Jul 28, 2014 at 7:33 PM, Hannes Tschofenig <
> hannes.tschofe...@gmx.net> wrote:
>
>> Hi all,
>>
>> during the IETF #90 OAuth WG meeting, there was strong consensus in
>> adopting the "OAuth Token Introspection"
>> (draft-richer-oauth-introspection-06.txt) specification as an OAuth WG
>> work item.
>>
>> We would now like to verify the outcome of this call for adoption on the
>> OAuth WG mailing list. Here is the link to the document:
>> http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/
>>
>> If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion
>> as to the suitability of adopting this document as a WG work item,
>> please send mail to the OAuth WG list indicating your opinion (Yes/No).
>>
>> The confirmation call for adoption will last until August 10, 2014.  If
>> you have issues/edits/comments on the document, please send these
>> comments along to the list in your response to this Call for Adoption.
>>
>> Ciao
>> Hannes & Derek
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>
>
> --
> Thomas Broyer
> /tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>


-- 
Thomas Broyer
/tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to