There's a new working group document where this component *could* be captured (and I would argue it should), and that's:
https://tools.ietf.org/wg/oauth/draft-ietf-oauth-token-exchange/ However, at the moment it's more concerned with the semantically-aware assertion swap instead of an opaque token swap. Personally, I think that the syntax should be general (like in my and in Phil's draft) to allow for any kind of input and output token, and if someone wants to standardize an assertion on top of that, they can. Hopefully we can get that clear in the WG as progress continues on this new document. -- Justin On Nov 3, 2014, at 2:54 PM, Ajanta Adhikari <ajanta.adhik...@gmail.com<mailto:ajanta.adhik...@gmail.com>> wrote: Note sure if I can reply to the mailing list yet so responding directly. ----------------------------------------------------------------------------------------- Bas, We (Akamai) came up with a similar design before I read the draft from Justin and Phil. I talked to Justin at IIW about our design choice and he seems to think its in the right direction. There is a reference to it from our OAUTH scope design session at IIW http://iiw.idcommons.net/OAuth_2_Scope_Design_Discuss_iom I would be happy to share additional details if you are interested. We do not publish our implementation to public. Thanks, Ajanta On Mon, Nov 3, 2014 at 3:02 AM, Bas Zoetekouw <bas.zoetek...@surfnet.nl<mailto:bas.zoetek...@surfnet.nl>> wrote: Hi All, For a client of ours, I am looking into OAuth token redelegation from one RS to another. I've found two drafts that more or less describe the scenario they want to implement: https://tools.ietf.org/html/draft-richer-oauth-chain-00 and http://tools.ietf.org/html/draft-hunt-oauth-chain-01 Could anyone comment on the status of those? In particular I'ld be interested in hearing whether anyone is using either of those specs in practice, and whether there is any progress on the drafts. Best regards, Bas Zoetekouw. SURFnet. -- Bas Zoetekouw SURFnet Advanced Services Tel: +31 30 2305362<tel:%2B31%2030%202305362> Fax: +31 30 2305329<tel:%2B31%2030%202305329> SURFnet - POBox 19035 - NL-3501 DA Utrecht - The Netherlands _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth