So you assume to use resource owner's address?
Regards,
Torsten.
Pedro Felix schrieb:
>
>
>> Hi Pedro,
>>
>> Am 10.10.2012 16:25, schrieb Pedro Felix:
>>> 1) Out-of-band code transmission
>>>
>>> Currently Google OAuth2 implementation uses the special
>"urn:ietf:wg:oauth:2.0:oob" to signal
Ah, right. I think I got this more correct in my initial post than in this last
one. Here's how I'd address this: RO Alice controls the access by
client/requester Bob by virtue of consenting at access token issuance time in
Prabath's proposal, vs. setting policies that direct an online service t
Hi, Eve,
The requester you described corresponds to Client in OAuth, so it is
still client initiated delegation, not what Prabath wants.
Eve Maler
2012-10-11 06:54
收件人
Prabath Siriwardena
抄送
zhou.suj...@zte.com.cn, "oauth@ietf.org WG"
主题
Re: [OAUTH-WG] Resource owner initiated OAuth de
Sure. We'll ultimately be publishing some case studies that will hopefully make
this clearer, but the key place to start in the spec is here:
http://docs.kantarainitiative.org/uma/draft-uma-core.html#r-h-attempt-access
" The requester typically attempts to access the desired resource at the
> Hi Pedro,
>
> Am 10.10.2012 16:25, schrieb Pedro Felix:
>> 1) Out-of-band code transmission
>>
>> Currently Google OAuth2 implementation uses the special
>> "urn:ietf:wg:oauth:2.0:oob" to signal the Authorization Endpoint to return
>> an HTML page with the code, instead of a redirect. At fi
Hi Eve,
I have gone through UMA spec but failed to find any case which covers this
scenario - in a resource owner initiated manner..
Can you please give some pointers..?
Thanks & regards,
-Prabath
On Wed, Oct 10, 2012 at 3:20 PM, Eve Maler wrote:
> There are a number of implicit actions happe
There are a number of implicit actions happening here that ideally should be
accounted for. If Alice is the RO and Bob is operating the client, then when
Bob accesses the protected resource it may not just be "on Alice's behalf" --
think of how people share calendar read/write access with other
Hi Pedro,
Am 10.10.2012 16:25, schrieb Pedro Felix:
1) Out-of-band code transmission
Currently Google OAuth2 implementation uses the special
"urn:ietf:wg:oauth:2.0:oob" to signal the Authorization Endpoint to
return an HTML page with the code, instead of a redirect. At first
sight, it seems
FYI folks,
There will be a free webinar on UMA in Higher Education
on October 17th 2012.
Info below.
/thomas/
Webinar on UMA and Higher Education on Wednesday, October 17
Our next webinar is scheduled for Oct 17 at 8am PT! The topic is UMA and Higher
Educ
Thank you, Barry and Mike:
I will make changes for the next version.
Zachary
-Original Message-
From: barryleiba.mailing.li...@gmail.com
[mailto:barryleiba.mailing.li...@gmail.com] On Behalf Of Barry Leiba
Sent: Wednesday, October 10, 2012 12:46 PM
To: Zeltsan, Zachary (Zachary)
Cc: oau
> Particularly, the authors are looking for advice with the use of the example
> URLs. Following the guidance of RFC 2606,
>
> we have used “example” as the top level domain name (e.g., example.com).
> This may mislead readers into thinking that all URLs belong to the same
> organization. A general
You can use example.com, example.org, and example.net, if you think that would
help. We do that in the OpenID Connect specifications.
-- Mike
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Zeltsan, Zachary (
On behalf of the co-authors I have posted the draft.
The main changes in the -02 version are the following:
· Removal of the use case on re-delegation. (The case is too far from
the present OAuth 2.0)
· Clarification of the use case Device
· Addition of a note for eac
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : OAuth Use Cases
Author(s) : George Fletcher
Torsten Loddersted
1) Out-of-band code transmission
Currently Google OAuth2 implementation uses the special
"urn:ietf:wg:oauth:2.0:oob" to signal the Authorization Endpoint to return
an HTML page with the code, instead of a redirect. At first sight, it seems
a good idea, however it isn't in the OAuth 2 RFC.
a) Wha
Hi Justin, Hi Torsten,
We will take care of appropriate time management and agenda topics that
have not seen enough presentation on the list will be postponed.
In fact, I am concerned about the progress with the use cases document
and the dynamic client registration work. I have notified the
16 matches
Mail list logo
