Decoding a token with a specific format wouldn't tell you whether the token is still live: it could have been revoked before its expiration. Le 30 juil. 2014 02:16, "Mike Jones" <michael.jo...@microsoft.com> a écrit :
> Did you consider standardizing the access token format within that > deployment so all the parties that needed to could understand it, rather > requiring an extra round trip to an introspection endpoint so as to be able > to understand things about it? > > > > I realize that might or might not be practical in some cases, but I > haven’t heard that alternative discussed, so I thought I’d bring it up. > > > > I also second Phil’s comment that it would be good to understand the use > cases that this is intended to solve before embarking on a particular > solution path. > > > > -- Mike > > > > *From:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *George > Fletcher > *Sent:* Tuesday, July 29, 2014 3:25 PM > *To:* Phil Hunt; Thomas Broyer > *Cc:* oauth@ietf.org > *Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth Token > Introspection" as an OAuth Working Group Item > > > > We also have a use case where the AS is provided by a partner and the RS > is provided by AOL. Being able to have a standardized way of validating and > getting data about the token from the AS would make our implementation much > simpler as we can use the same mechanism for all Authorization Servers and > not have to implement one off solutions for each AS. > > Thanks, > George > > On 7/28/14, 8:11 PM, Phil Hunt wrote: > > Could we have some discussion on the interop cases? > > > > Is it driven by scenarios where AS and resource are separate domains? Or > may this be only of interest to specific protocols like UMA? > > > > From a technique principle, the draft is important and sound. I am just > not there yet on the reasons for an interoperable standard. > > > > Phil > > > On Jul 28, 2014, at 17:00, Thomas Broyer <t.bro...@gmail.com> wrote: > > Yes. This spec is of special interest to the platform we're building for > http://www.oasis-eu.org/ > > > > On Mon, Jul 28, 2014 at 7:33 PM, Hannes Tschofenig < > hannes.tschofe...@gmx.net> wrote: > > Hi all, > > during the IETF #90 OAuth WG meeting, there was strong consensus in > adopting the "OAuth Token Introspection" > (draft-richer-oauth-introspection-06.txt) specification as an OAuth WG > work item. > > We would now like to verify the outcome of this call for adoption on the > OAuth WG mailing list. Here is the link to the document: > http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/ > > If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion > as to the suitability of adopting this document as a WG work item, > please send mail to the OAuth WG list indicating your opinion (Yes/No). > > The confirmation call for adoption will last until August 10, 2014. If > you have issues/edits/comments on the document, please send these > comments along to the list in your response to this Call for Adoption. > > Ciao > Hannes & Derek > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > > > > -- > Thomas Broyer > /tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
