What’s the WG consensus (heh) on the best guide to adding OAUTH support to an
existing server so that it can act as an identity provider? Which version of
oauth is most widely deployed by relying parties these days?
I want to add OAUTH support to the IETF datatracker.
Thanks for any pointers.
The openID Connect kind of OAuth server.
OAuth on its own is not designed to be secure for identity federation.
John B.
On 8/17/2019 1:23 PM, Salz, Rich wrote:
>
> What’s the WG consensus (heh) on the best guide to adding OAUTH
> support to an existing server so that it can act as an identity
>
indeed OAuth != identity see https://oauth.net/articles/authentication/
Hans.
On Sat, Aug 17, 2019 at 8:31 PM John Bradley wrote:
> The openID Connect kind of OAuth server.
>
> OAuth on its own is not designed to be secure for identity federation.
>
> John B.
> On 8/17/2019 1:23 PM, Salz, Rich
I don’t want to get distracted from my main goal. Thanks.
From: Hans Zandbelt
Date: Saturday, August 17, 2019 at 2:34 PM
To: John Bradley
Cc: "oauth@ietf.org"
Subject: Re: [OAUTH-WG] Info on how to implement a server
indeed OAuth != identity see
https://oauth.net/articles/auth
ley
> *Cc: *"oauth@ietf.org"
> *Subject: *Re: [OAUTH-WG] Info on how to implement a server
>
>
>
> indeed OAuth != identity see https://oauth.net/articles/authentication/
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__oauth.n
As I said at the start of the thread: I want to add OAUTH support to the
datatracker.
From: Dick Hardt
Date: Sunday, August 18, 2019 at 4:47 PM
To: Rich Salz
Cc: Hans Zandbelt , John Bradley
, "oauth@ietf.org"
Subject: Re: [OAUTH-WG] Info on how to implement a server
What is the
e: *Sunday, August 18, 2019 at 4:47 PM
> *To: *Rich Salz
> *Cc: *Hans Zandbelt , John Bradley <
> ve7...@ve7jtb.com>, "oauth@ietf.org"
> *Subject: *Re: [OAUTH-WG] Info on how to implement a server
>
>
>
> What is the goal?
>
>
>
> On Sun, Aug 18,
>
>
> From: Hans Zandbelt
> Date: Saturday, August 17, 2019 at 2:34 PM
> To: John Bradley
> Cc: "oauth@ietf.org"
> Subject: Re: [OAUTH-WG] Info on how to implement a server
>
>
>
> indeed OAuth != identity see https://oauth.net/articles/authentication/
>
Not to be pedantic, but adding OAuth support is a mechanism in support
of a goal. What's the end goal?
* Letting third party apps use the datatracker API?
* Letting people sign in to other apps with a datatracker account?
The latter.
__
>Do you want to enable applications to call datatracker APIs?
Not me, no. But I know of a couple that will be able to benefit
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
On Sun, Aug 18, 2019 at 2:29 PM Salz, Rich wrote:
> Not to be pedantic, but adding OAuth support is a mechanism in support
> of a goal. What's the end goal?
>
> * Letting third party apps use the datatracker API?
> * Letting people sign in to other apps with a datatracker account?
>Then you want OpenID Connect
great, thank you for the pointer.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
12 matches
Mail list logo
