Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-05-10 Thread Brian Eaton
On Sun, May 9, 2010 at 1:56 PM, Eran Hammer-Lahav wrote: > The authorization server can issue an access token with any expiration but > should not issue expiration > later than that of the assertion. But still, there is nothing to prevent that. Wait, why shouldn't the authorization server issue

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-05-10 Thread Foiles, Doug
Thanks for the clarity Eran and I understand. -Original Message- From: Eran Hammer-Lahav [mailto:e...@hueniverse.com] Sent: Sunday, May 09, 2010 1:57 PM To: Foiles, Doug; OAuth WG Subject: RE: [OAUTH-WG] Autonomous clients and resource owners (editorial) > -Original Mess

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-05-09 Thread Eran Hammer-Lahav
> -Original Message- > From: Foiles, Doug [mailto:doug_foi...@intuit.com] > Sent: Sunday, May 09, 2010 1:07 PM > To: Eran Hammer-Lahav; OAuth WG > Subject: RE: [OAUTH-WG] Autonomous clients and resource owners > (editorial) > > Thanks for addressing my ques

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-05-09 Thread Foiles, Doug
TH-WG] Autonomous clients and resource owners (editorial) > -Original Message- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Foiles, Doug > Sent: Sunday, May 02, 2010 8:41 AM > To: OAuth WG > Subject: Re: [OAUTH-WG] Autonomous clients and resou

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-05-09 Thread Eran Hammer-Lahav
> -Original Message- > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf > Of Foiles, Doug > Sent: Sunday, May 02, 2010 8:41 AM > To: OAuth WG > Subject: Re: [OAUTH-WG] Autonomous clients and resource owners > (editorial) > > I wanted

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-05-02 Thread Foiles, Doug
flow" would work where the credential is something different than the username and password. Thanks. Doug From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Chuck Mortimore Sent: Tuesday, April 27, 2010 5:46 PM To: Keenan, Bill; OAuth WG Subject: Re: [OA

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-04-27 Thread Chuck Mortimore
sday, April 27, 2010 9:06 AM To: Torsten Lodderstedt; Brian Eaton Cc: Foiles, Doug; OAuth WG Subject: Re: [OAUTH-WG] Autonomous clients and resource owners (editorial) Same here - we don't intend to issue refresh tokens for either of these flows, and we'll only be accep

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-04-27 Thread Keenan, Bill
2010 9:06 AM To: Torsten Lodderstedt; Brian Eaton Cc: Foiles, Doug; OAuth WG Subject: Re: [OAUTH-WG] Autonomous clients and resource owners (editorial) Same here - we don't intend to issue refresh tokens for either of these flows, and we'll only be accepting 1 time use

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-04-27 Thread Chuck Mortimore
Cc: Chuck Mortimore; Foiles, Doug; OAuth WG Subject: Re: [OAUTH-WG] Autonomous clients and resource owners (editorial) returning access token would suffice in this flow, from my point of view. regards, Torsten. Am 27.04.2010 um 08:33 schrieb Brian Eaton : > From my perspective, the main thin

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-04-27 Thread Torsten Lodderstedt
OAuth specific flow. Thanks. Doug From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eve Maler Sent: Friday, April 23, 2010 7:21 AM To: OAuth WG Subject: [OAUTH-WG] Autonomous clients and resource owners (editorial) Regarding the second comment I made below: I real

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-04-26 Thread Brian Eaton
tside the OAuth specific flow. > > Thanks. > > Doug > > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of > Eve Maler > Sent: Friday, April 23, 2010 7:21 AM > To: OAuth WG > Subject: [OAUTH-WG] Autonomous clients and resource owners (editorial

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-04-26 Thread Torsten Lodderstedt
the OAuth specific flow. Thanks. Doug *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf Of *Eve Maler *Sent:* Friday, April 23, 2010 7:21 AM *To:* OAuth WG *Subject:* [OAUTH-WG] Autonomous clients and resource owners (editorial) Rega

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-04-26 Thread Eve Maler
alf a > resource owner that is not themselves … it then seems the resource owner > must provide some level of consent outside the OAuth specific flow. > > Thanks. > > Doug > > > From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eve > M

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-04-26 Thread Chuck Mortimore
er must provide some level of consent outside the OAuth specific flow. Thanks. Doug From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eve Maler Sent: Friday, April 23, 2010 7:21 AM To: OAuth WG Subject: [OAUTH-WG] Autonomous clients and resource owners (editorial) Regar

Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-04-25 Thread Foiles, Doug
...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eve Maler Sent: Friday, April 23, 2010 7:21 AM To: OAuth WG Subject: [OAUTH-WG] Autonomous clients and resource owners (editorial) Regarding the second comment I made below: I realized last night that Sections 3.7.1 and 3.7.2 get this more

[OAUTH-WG] Autonomous clients and resource owners (editorial)

2010-04-23 Thread Eve Maler
Regarding the second comment I made below: I realized last night that Sections 3.7.1 and 3.7.2 get this more correct, by saying that an autonomous client represents a "separate resource owner". So Section 2.2 definitely needs a slight change, from: "...and autonomous flows where the client is a