;http://www.mail-wise.com/installation/2> – See your emails
> as clean, short chats.
>
>
>
> -------- Originalnachricht ----
> Betreff: Re: [OAUTH-WG] Fwd: New Version Notification for
> draft-campbell-oauth-resource-indicators-01.txt
> Von: Brian Campbell
> An
.
Originalnachricht
Betreff: Re: [OAUTH-WG] Fwd: New Version Notification for
draft-campbell-oauth-resource-indicators-01.txt
Von: Brian Campbell
An: Torsten Lodderstedt
Cc: oauth
>Sorry for the slow response, Torsten, I was on vacation last week with my
>family.
>
>The omission of sco
Sorry for the slow response, Torsten, I was on vacation last week with my
family.
The omission of scope values in the example requests wasn't really
intentional so much as just an initial desire to have a minimal amount of
stuff in the examples. Adding a scope parameter to the example
authorizatio
Hi Brian,
did you intentionally omit scope values in your example requests? I would like
to know what you envision to be the relationshop between scope and resource.
As you draft says, we today use scope values to indicate to the AS, which
ressource servers the clients wants to access. I think
'aud' can't be used b/c it conflicts with the (yet to be registered) 'aud'
claim/parameter in https://tools.ietf.org/html/draft-ietf-oauth-jwsreq and
JWS/E requests in Connect (honestly, I'd like to use aud because we've
already done so in product but I don't think it works given the spec
landscape
I don't consider this draft to be a direct alternative to the bound config
thing. It aims to fill a need that the WG has discussed several times
previously. It happens to also facilitate getting audience restrictions
into ATs, which address the concerns about a bad RS using an AT at a good
RS that
Hi
Is there any reason why 'resource' parameter can not be named 'aud' or
'audience' ?
The text says "AS should audience restrict" the access token and that a
token 'aud' property may be equal to this "resource" value.
I guess 'audience' is a pure access token property, while as far as
cli
What about server processing rules and error conditions? The client passes the
resource in with every request. What happens if it sends a bad URL. I see the
registration for invalid_resource, but I see no processing logic for the server
that describes when that is returned. I’ll assume that i
Very minor update to this draft before the deadline that moves Hannes from
Acknowledgements to Authors in acknowledgment of his similar work a few
years ago. Also fleshed out the IANA section with the formal registration
requests.
-- Forwarded message --
From:
Date: Mon, Mar 21,