Hi John,
thx for this explanation. It helps me to see, why this decision has been
made.
Wishes,
Manfred
-Ursprüngliche Nachricht-
Von: John Bradley [mailto:ve7...@ve7jtb.com]
Gesendet: Dienstag, 11. März 2014 20:49
An: Manfred Steyer
Cc: Hannes Tschofenig; Antonio Sanso; oauth
Hi,
perhaps you can show that I'm wrong, but I still think, that there are
cases, where the subject is unknown cause it's not relevant. Let's consider
the following federation-scenario:
1. Bob has a Token T1 that says, that he works for Company A on Project B.
The Subject of this token is "Bob".
Hi Antonio,
some time ago, I wrote about the same issue, but unfortunately didnt
get an answer. I place my thoughts about this at the end of this mail.
Wishes,
Manfred
8<---
Hi,
the draft about the
JWT Profile for OAuth 2.0 Client Authent
Hi Phil,
the server won't see the access-code, cause it is returned within the hash
that stays at the client-site:
http://.../returnUri#access_code=ABCDE.
By definition, the returnURI has to be the URI that was registered for the
client. IMHO, you are only allowed to add additional URL-
Hi,
the draft about the
JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants [1]
says:
"The JWT MUST contain a "sub" (subject) claim identifying theprincipal that
is the subject of the JWT. Two cases need to be differentiated:
A. For the authorizati
Hi Adam,
Thx for this interresting information. Did you consider, just using OIDC for
both, authentication and authorization?
As the JWT-based id_token can contain self-defined claims and as the current
spec gives us a way to exchange one token for another, which allows us for
(SAML/WS-Trust-l
.com]
Gesendet: Freitag, 19. Juli 2013 18:12
An: Prateek Mishra; Manfred Steyer
Cc: <mailto:oauth@ietf.org> oauth@ietf.org
Betreff: RE: [OAUTH-WG] SAML-like ActAs
You can accomplish the ActAs semantics with Assertions profile, while a bit
clumsy the basics are in place, the only issue i
19. Juli 2013 18:03
An: Manfred Steyer
Cc: <mailto:oauth@ietf.org> oauth@ietf.org
Betreff: Re: [OAUTH-WG] SAML-like ActAs
Hi Manfred,
This is an area of interest to us and we have done some profiling in our
implementation.
Generally speaking, we work with the assertion profiles as a start
Hi,
are there plans for supporting delegation-styles like ActAs or OnBehalfOf in
SAML?
If this was possible, a resource server could delegate a subset of the
delegated rights to another resource server. This could be a very important
thing, when one wants to use OAuth 2 within an enterprise
