I'll be attending.
I'd like to request some time to talk about the state of the assertion
drafts.
http://tools.ietf.org/html/draft-ietf-oauth-assertions
http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer
http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer
Thanks,
Brian
On Wed, Jun 26,
Attending
On 2013-06-26, at 2:56 PM, Hannes Tschofenig wrote:
> Hi all,
>
> please drop us a message if you are planning to attend the upcoming IETF
> meeting and if you would like to talk about a specific topic.
> It would also be great if you could let us know if you plan to participate
>
I was expecting to find that someone had seen this problem before and was
working towards a solution like forwarding your scopes to the delegate
authorization server to get all permissions from the user at once
(something similar to the aggregate claims in the OpenID spec, if I read it
correctly).
I think this is the only viable approach if you want to allow for
different auth servers in different security domains. Accepting access
tokens from somebody else's domain takes a few more steps and rules that
the WG hasn't totally figured out yet, though some of us are working on
the pieces (t
Apologies if this has been asked before, but AFAIK what I could find do not
follow the problem until a valid solution.
Let's say I have a website BookFace, which is offering services and using
OAuth2 to validate its users. For this example, it is important
that BookFace does not keep track of any