I'm not emphatic about either, but my vote is to remove the envelope.
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Brian
Eaton
Sent: Monday, June 21, 2010 9:49 AM
To: Dick Hardt
Cc: OAuth WG
Subject: Re: [OAUTH-WG] proposal for signatures
I like the idea of simplifying the core spec, but the devil is in the details.
In practice it seems onerous to ask the AS and the PR to know both the key used
to sign the token as well as the key used to sign the request (regardless of if
the request signing key is the same as the
value in the 401 (should the URI reference the
individual service or the bundle).
From: Manger, James H [mailto:james.h.man...@team.telstra.com]
Sent: Thursday, April 15, 2010 9:44 PM
To: Justin Smith; OAuth WG
Subject: RE: [OAUTH-WG] Issue: Scope parameter
So, let’s say there is an Authorization
: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Justin Smith
Sent: Friday, 16 April 2010 9:39 AM
To: Eran Hammer-Lahav; Marius Scurtescu; record...@gmail.com
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Issue: Scope parameter
I don’t see how the presence of a scope parameter hurts
token
request to http://as.com. Is that right?
If so, then how does http://as.com know that the intended resource is
http://foo.com?
From: Manger, James H [mailto:james.h.man...@team.telstra.com]
Sent: Thursday, April 15, 2010 9:09 PM
To: Justin Smith; OAuth WG
Subject: RE: [OAUTH-WG] Issue
Along those lines, here's an access token (SWT w/o URL encoding) that has some
role and attribute data. I think it is representative of how customers are
using the OAuth WRAP implementation in AppFabric.
Part of the motivation behind that profile was to allow an autonomous client
(no end-user identity passed to the AS) the ability to access a web service. In
that case, I don't see what the client secret (along with the username and
password) would be adding.
Ethan - assuming the token is
Yep - mistake on my part. I the discussion was around section 5.1 and 5.2 on
OAuth WRAP v0.9.7.2.
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of David
Recordon
Sent: Tuesday, March 09, 2010 9:46 AM
To: oauth-wrap...@googlegroups.com;