Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth Token Introspection" as an OAuth Working Group Item

Wed, 30 Jul 2014 00:46:25 -0700 

+1.
I've understood from what Justin said the idea is to introduce a standard way for RS to communicate to AS about the tokens issued by the AS. I think it is a good idea, I'd only not focus on the RS-to-3rd party AS communications because it complicates it a bit. 


Clearly it would be of help to implementers of OAuth2 filters protecting 
RS, having a new lengthy process to collect the cases seems to be a very 
administrative idea to me


Thanks, Sergey

On 30/07/14 03:54, Phil Hunt wrote:

-100

Phil

On Jul 29, 2014, at 17:52, Justin Richer <jric...@mit.edu
<mailto:jric...@mit.edu>> wrote:


Reading through this thread, it appears very clear to me that the use
cases are very well established by a number of existing implementers
who want to work together to build a common standard. I see no reason
to delay the work artificially by creating a use case document when
such a vast array of understanding and interest already exists. Any
use cases and explanations of applications are welcome to be added to
the working group draft as it progresses.

 -- Justin


On 7/29/2014 8:16 PM, Mike Jones wrote:


Did you consider standardizing the access token format within that
deployment so all the parties that needed to could understand it,
rather requiring an extra round trip to an introspection endpoint so
as to be able to understand things about it?

I realize that might or might not be practical in some cases, but I
haven’t heard that alternative discussed, so I thought I’d bring it up.

I also second Phil’s comment that it would be good to understand the
use cases that this is intended to solve before embarking on a
particular solution path.

-- Mike

*From:*OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *George
Fletcher
*Sent:* Tuesday, July 29, 2014 3:25 PM
*To:* Phil Hunt; Thomas Broyer
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth
Token Introspection" as an OAuth Working Group Item

We also have a use case where the AS is provided by a partner and the
RS is provided by AOL. Being able to have a standardized way of
validating and getting data about the token from the AS would make
our implementation much simpler as we can use the same mechanism for
all Authorization Servers and not have to implement one off solutions
for each AS.

Thanks,
George

On 7/28/14, 8:11 PM, Phil Hunt wrote:

    Could we have some discussion on the interop cases?

    Is it driven by scenarios where AS and resource are separate
    domains? Or may this be only of interest to specific protocols
    like UMA?

    From a technique principle, the draft is important and sound. I
    am just not there yet on the reasons for an interoperable standard.

    Phil


    On Jul 28, 2014, at 17:00, Thomas Broyer <t.bro...@gmail.com
    <mailto:t.bro...@gmail.com>> wrote:

        Yes. This spec is of special interest to the platform we're
        building for http://www.oasis-eu.org/

        On Mon, Jul 28, 2014 at 7:33 PM, Hannes Tschofenig
        <hannes.tschofe...@gmx.net
        <mailto:hannes.tschofe...@gmx.net>> wrote:

        Hi all,

        during the IETF #90 OAuth WG meeting, there was strong
        consensus in
        adopting the "OAuth Token Introspection"
        (draft-richer-oauth-introspection-06.txt) specification as an
        OAuth WG
        work item.

        We would now like to verify the outcome of this call for
        adoption on the
        OAuth WG mailing list. Here is the link to the document:
        http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/

        If you did not hum at the IETF 90 OAuth WG meeting, and have
        an opinion
        as to the suitability of adopting this document as a WG work
        item,
        please send mail to the OAuth WG list indicating your opinion
        (Yes/No).

        The confirmation call for adoption will last until August 10,
        2014.  If
        you have issues/edits/comments on the document, please send these
        comments along to the list in your response to this Call for
        Adoption.

        Ciao
        Hannes & Derek


        _______________________________________________
        OAuth mailing list
        OAuth@ietf.org <mailto:OAuth@ietf.org>
        https://www.ietf.org/mailman/listinfo/oauth



        --
        Thomas Broyer
        /tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/>

        _______________________________________________
        OAuth mailing list
        OAuth@ietf.org <mailto:OAuth@ietf.org>
        https://www.ietf.org/mailman/listinfo/oauth




    _______________________________________________

    OAuth mailing list

    OAuth@ietf.org  <mailto:OAuth@ietf.org>

    https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth





_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



























					Reply via email to