Hi Thomas-- You may want to take a look at UMA, which leverages both OAuth and
Justin's token introspection draft. Token introspection on its own is a
shallow kind of loose coupling between authorization servers and resource
servers. If these are operated by different organizations, as appears
Hi Thomas,
You're right in that the introspection process is about getting meta data about
a particular token by making an authenticated call. It does reveal a lot of
information about the token -- because that's exactly the point of the
protocol. :)
If the PR is compromised, then the
On Wed, Oct 23, 2013 at 9:22 PM, Richer, Justin P. jric...@mitre.orgwrote:
Hi Thomas,
You're right in that the introspection process is about getting meta
data about a particular token by making an authenticated call. It does
reveal a lot of information about the token -- because that's
On Wed, Oct 23, 2013 at 8:37 PM, Eve Maler e...@xmlgrrl.com wrote:
Hi Thomas-- You may want to take a look at UMA, which leverages both OAuth
and Justin's token introspection draft. Token introspection on its own is a
shallow kind of loose coupling between authorization servers and resource