+1 for a list of use cases :)
On 3/17/16 2:30 AM, Nat Sakimura wrote:
A disadvantage of this method is that it cannot be used in the case
where concrete resource uri is unknown to the client until the user
gives permission.
Right, this is a different use case. That’s why we need a use-case
driven Requirement document to start with.
Nat
*From:*OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *John Bradley
*Sent:* Wednesday, March 16, 2016 2:57 AM
*To:* Brian Campbell <bcampb...@pingidentity.com>
*Cc:* <oauth@ietf.org> <oauth@ietf.org>
*Subject:* Re: [OAUTH-WG] New Version Notification for
draft-hunt-oauth-bound-config-00.txt
(..snip..)
The advantage of always sending it in the token request is that it
allows the AS to do the mapping from a resource URI to one or more
abstract audience for the token.
That might help address George’s concern.
John B.
--
PLEASE READ :This e-mail is confidential and intended for the
named recipient only. If you are not an intended recipient,
please notify the sender and delete this e-mail.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth