Hi,
I support the adoption of this document as starting point for our work
towards OAuth discovery.
Restating what I already posted after the last IETF meeting: It seems
the document assumes the AS can always be discoverd using the user id of
the resource owner. I think the underlying assumption is resource
servers accept access token of different (any?) user specific AS (and
OP)? From my perspective, RSs nowadays typically trust _the_ AS of their
security domain/ecosystem and all resource owners need to have an user
account with this particular AS. So I would assume the process to start
at the RS. I think the spec needs to cover the latter case as well.
kinds regards,
Torsten.
Am 19.01.2016 um 12:48 schrieb Hannes Tschofenig:
Hi all,
this is the call for adoption of OAuth 2.0 Discovery, see
https://tools.ietf.org/html/draft-jones-oauth-discovery-00
Please let us know by Feb 2nd whether you accept / object to the
adoption of this document as a starting point for work in the OAuth
working group.
Note: If you already stated your opinion at the IETF meeting in Yokohama
then you don't need to re-state your opinion, if you want.
The feedback at the Yokohama IETF meeting was the following: 19 for /
zero against / 4 persons need more information.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
