+1
Zachary
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Phil
Hunt
Sent: Saturday, October 06, 2012 2:54 PM
To: Torsten Lodderstedt
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Agenda for Atlanta Meeting
+1
Phil
On 2012-10-06, at 10:07,
Hi Prabath,
As far as I know, OAuth itself generally isn't used to let one human resource
owner delegate access to a different human resource owner. However, UMA (which
leverages OAuth) does strive to solve exactly this use case, among other
similar ones; we call this one person-to-person
Hi Eve,
Thanks for pointers.. I've been following the work done in UMA.. Sure..
will join the webinar...
BTW .. I am not quite sure UMA addresses my use case. Even in the case of
UMA it's client initiated or requestor initiated...
Please correct me if I am wrong... but in OAuth specification
Hi, Praba
I am also thinking on this subject, and published a draft on it.
http://tools.ietf.org/id/draft-zhou-oauth-owner-auth-00.txt
I'd like to have your opinion.
Prabath Siriwardena prab...@wso2.com
发件人: oauth-boun...@ietf.org
2012-10-08 08:08
收件人
Eve Maler e...@xmlgrrl.com
抄送
Hi Zhou,
Nice to see some common interest on this. Sure I will go through your
proposal.
Please find my proposal here [1]. I've added there the complete token flow,
introducing a new grant type.
[1]:
http://blog.facilelogin.com/2012/10/proposal-resource-owner-initiated.html
Thanks regards,
Hi,Prabath
I have read your proposal, and have some questions:
why RS needs to get access token in client register stage;
and why RS needs to get client-id from AS by exchanging access token
(isn't client-id public?)
Prabath Siriwardena prab...@wso2.com
2012-10-08 09:50
收件人
Hi Zhou,
Even though client_id is public that needs to be passed from the
Authorization Server to the Resource Server. This does not happen in the
normal OAuth flow. It only returns back the access_token.
Please let me know if you need any further clarifications...
Thanks regards,
-Prabath
On
