+1 for rationalizing this! :)
On 2/7/19 10:24 AM, Hannes Tschofenig wrote:
Hi all,
after re-reading token exchange, the resource indicator, and the
ace-oauth-params drafts I am wondering whether it is really necessary
to have different functionality in ACE vs. in OAuth for basic parameters.
Imagine I use an Authorization Server and I support devices that use
CoAP and HTTP.
1. If a device uses CoAP then it has to use the req_aud parameter to
indicate to the authorization server that it wants to talk to a
specific resource server. It would either put a URI or a logical
name there.
2. If a device uses HTTP then it has to use either the resource
parameter to indicate to the authorization server that it wants to
talk to a resource server, which is identified using a URI, or the
audience parameter, if it uses a logical name.
Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended
recipient, please notify the sender immediately and do not disclose
the contents to any other person, use it for any purpose, or store or
copy the information in any medium. Thank you.
_______________________________________________
Ace mailing list
a...@ietf.org
https://www.ietf.org/mailman/listinfo/ace
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
