Here, I think it is better to differentiate the entity and function/role.
Authorization Server in OAuth is "kind of" entity.
Its function actually is split into two, or in most cases three.
1. Authentication Endpoint
2. Authorization Endpoint
3. Token Endpoint
Now, "Assertion Verifier" is a func
As I understand, RO=issuer does not mean RO=AS.
RO as an issuer generates assertion (if the assertion is similar to
delegation statement in my use cases),
AS as an assertion verifier receives the assertion and check its validity.
oauth-boun...@ietf.org 写于 2012-12-06 01:35:10:
> Just checking
Just checking that I understand: If the RO == the issuer, then the RO == the
AS, right? Just as in Nat's example, the user (or at least the device
presenting a user agent to them) == the IdP? Colocating the RO and AS functions
shouldn't be precluded, but I would be awfully confused if there were
It is not OAuth, but Austrian eID system is an example of RO as an
assertion issuer pattern. They have their own SAML IdP on their PC (at
least a few years ago) and combined with the qualified certs in the user's
smart card and another file, creates a SAML assertion with sectoral
identifier and sup
Hi
On 30/11/12 16:36, Phil Hunt wrote:
Two things.
1. I think access_token would be a bit confusing in some contexts even though thats what
it is. However it is likely a foreign access token. "chain" is also shorter.
2. Regarding refresh, any idea on the use case? My impression is that if anyt
On 04/12/12 22:24, Sergey Beryozkin wrote:
We are working with one of our users on the support for pre-authorized
tokens which can be checked by AS at the initial end user redirection to
this AS before requesting the end-user authorization.
My assumption is that if the pre-authorized token exist
Hi Adam,
My employer's product supports the STS case for getting SAML to be used in
the assertion flow. We and the employer of one of my co-authors on the spec
have a few very significant mutual customers that are using it today. The
JWT variant is 'on the road map' as we juggle other priorities a
Hi Brian,
This is sort of my feeling on the STS as well (theoretical). Are there any
real-life examples of obtaining a JWT assertion from an STS that can be used
for the assertion flow? And if so then how is it obtained? It cannot be an
id_token because that is audience restricted to the cli
I say that it's only theoretical because I don't believe there are any
actual deployments supporting, or planning on supporting, RO as an
assertion issuer.
On Tue, Dec 4, 2012 at 5:39 PM, wrote:
>
> Why RO as an issuer is only theoretical today?
>
>
> *Brian Campbell *
>
> 2012-12-04 23:41
>
ZhouSuJing00132831/user/zte_ltd 写于 2012-12-04 13:52:30:
> How about the following use cases:
> 1. Direct Delegation
>
>Description:
>
>Company GoodPay prepares the employee payrolls for the company
>GoodWork. In order to do that the application at www.GoodPay.example
>gets aut
10 matches
Mail list logo
