> On 26. Apr 2019, at 19:57, Brian Campbell <bcampb...@pingidentity.com> wrote: > > One thing that I think is missing from the article in the discussion of pros > and cons is that in many cases a large or even voluminous request can be sent > via auto submitting form post (like > https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html but the > other way around from client to AS with the auth request), which doesn't then > run into the same URI size problem.
Thanks for pointing this out! Is the response mode often used in the wild for OAuth? > > From a prospective standardization standpoint, there are really two distinct > concepts in the article. One is the "Pushed Request Object" and the other the > "Structured Scope". They are certainly complementary things but each could > also be useful and used independently of one another. So I'd argue that they > should be developed independently too. I agree. I’m considering two separate drafts. > > > > On Sat, Apr 20, 2019 at 12:21 PM Torsten Lodderstedt > <tors...@lodderstedt.net> wrote: > Hi all, > > I just published an article about the subject at: > https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948 > > > I look forward to getting your feedback. > > kind regards, > Torsten. > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > CONFIDENTIALITY NOTICE: This email may contain confidential and privileged > material for the sole use of the intended recipient(s). Any review, use, > distribution or disclosure by others is strictly prohibited. If you have > received this communication in error, please notify the sender immediately by > e-mail and delete the message and any file attachments from your computer. > Thank you. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
