Dear Taka, thanks for your feedback.
How would this more generic mechanism differ from the JSON-based request object? I personally would advocate to use both, structured scope & pushed request object, to together. best regards, Torsten. > Am 26.04.2019 um 09:47 schrieb Takahiko Kawasaki <t...@authlete.com>: > > Dear Torsten, > > I was impressed with your article. It describes considerations points very > well that implementers of leading-edge authorization servers will eventually > face or have already faced. > > It seems to me that the mechanism of "structured_scope" can be positioned as > a more generic mechanism whose usage doesn't necessarily have to be limited > to scopes. I mean that the mechanism can be used to include any arbitrary > dynamic structured data in an authorization request. So, if there were > something I might be able to propose additionally, I would suggest renaming > "structured_scope" to a more generic name. > > Best Regards, > Takahiko Kawasaki > Representative director, Authlete, Inc. > > 2019年4月21日(日) 3:21 Torsten Lodderstedt <tors...@lodderstedt.net>: >> Hi all, >> >> I just published an article about the subject at: >> https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948 >> >> >> I look forward to getting your feedback. >> >> kind regards, >> Torsten. >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
