Here is some late input to this thread. The UMA group had a F2F meeting on
Wednesday, for which draft minutes are written up here:
http://kantarainitiative.org/confluence/display/uma/UMA+telecon+2010-03-10
I had taken an action from the last OAuth telecon to collect UMA use cases that
related
On Fri, Mar 12, 2010 at 10:22 AM, Eve Maler e...@xmlgrrl.com wrote:
It was observed that the argument in the OAuth community about token size
seems to be related to token signing, thusly: those who are willing to
require the Authorization Server to be stateless need large meaningful
tokens and
Yes, the third-party-based non-repudiation with symmetric cryptography
is a complex thing. The way I would apply it to the Client request is
as follows:
1) The Client sends the token request, R, to the Third Party (and, you
are right, the Third Party must know who the client is, and so
Agreed that token signing is separate from message signing as a proposition. I
just happened to stick all of our signing conversations into one bucket of
notes... Sorry that was confusing.
Eve
On 12 Mar 2010, at 11:06 AM, Brian Eaton wrote:
On Fri, Mar 12, 2010 at 10:22 AM, Eve