, 2014 7:42 AM
To: Mike Jones
Cc: oauth-cha...@tools.ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token
Exchange" as an OAuth Working Group Item
I'd be okay with that as a way forward. Frankly, of course, I'd prefer to see
draft-c
Hi Brian,
we should definitely take your work into account and I recall some other
drafts on the same subject being published some time ago as well.
Adding more co-authors to this working group item makes a lot of sense
to me.
Ciao
Hannes
On 08/11/2014 04:42 PM, Brian Campbell wrote:
> I'd be
I'd be okay with that as a way forward. Frankly, of course, I'd prefer to
see draft-campbell-oauth-sts as the starting point with Mike and the other
draft-jones-oauth-token-exchange authors added as co-authors. Regardless,
there are elements from both that likely need to end up in the final work
so
OK so act_as if not sent is implicitly the requestor perhaps authenticated by
the endpoint in the normal OAuth way.
If the if the requestor is acting like a proxy as in the Token Agent case the
act_as would indicate the identity of the client making the request to the
Token Agent so that the re
:55 AM
To: John Bradley
Cc: oauth-cha...@tools.ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token
Exchange" as an OAuth Working Group Item
Absolutely agree that some examples are needed. There's a [[ TODO ]] in there
for it. I jus
Absolutely agree that some examples are needed. There's a [[ TODO ]] in
there for it. I just hadn't gotten to it yet and wanted to get the I-D up
before the Aug 10 date that Hannes put out there. The example you outlined
is a good start, I think.
Yes, code and refresh tokens would/could be valid t
Thanks for doing that.
I think that this is clearer and extends Mike's draft to be more specific about
input and output token types.
It is going to be hard for people to get their heads around this without
at-least having some example use-cases and example token input and outputs.
In following
I am very much in favor of the WG pursuing the general concept of an OAuth
Token Exchange. However, I don't believe this document, in its current
form anyway, is the necessarily the most appropriate starting point as a WG
work item.
I wrote up an I-D, which I'd ask to be considered as alternative
Hi all,
during the IETF #90 OAuth WG meeting, there was strong consensus in
adopting the "OAuth 2.0 Token Exchange"
(draft-jones-oauth-token-exchange-01.txt) specification as an OAuth WG
work item.
We would now like to verify the outcome of this call for adoption on the
OAuth WG mailing list. Her
