Parecki mailto:aa...@parecki.com>>;
mailto:oauth@ietf.org>> mailto:oauth@ietf.org>>
Subject: Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
Authorization
Thanks for 1 and 2, but 3 is still the question that I feel is unanswered. Can
you walk through a concrete imp
on… The only potential drawback is that RO needs
> to implement the approval endpoint, and in my experience that could be a
> problem… it is much easier for ROs to make calls to other people’s
> endpoints J
>
>
>
> Regards,
>
> Igor
>
>
>
>
>
> *From:*
ay 2024 10:23 PM
To: Igor Janicijevic mailto:i...@ivagor.com>>
Cc: Warren Parad mailto:wpa...@rhosys.ch>>;
mailto:oauth@ietf.org>> mailto:oauth@ietf.org>>
Subject: Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
Authorization
Yeah this just sounds like the
This means that the third party client will only be able to obtain read
> only access to that resource and will not be able to update the resource.
>
>
>
> *From:* Warren Parad [mailto:wpa...@rhosys.ch]
> *Sent:* Sunday, 19 May 2024 9:57 PM
> *To:* Igor Janicijevic
> *Cc
policies are
needed at AS.
From: Aaron Parecki [mailto:aa...@parecki.com]
Sent: Sunday, 19 May 2024 10:23 PM
To: Igor Janicijevic
Cc: Warren Parad ;
Subject: Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
Authorization
Yeah this just sounds like the client credentials grant with
the RO wants to delegate to
the third party.
From: Warren Parad [mailto:wpa...@rhosys.ch]
Sent: Sunday, 19 May 2024 10:21 PM
To: Igor Janicijevic
Cc: Thomas Broyer ;
Subject: Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
Authorization
Okay but that just creates more unanswered
> *Sent:* Sunday, 19 May 2024 9:57 PM
> *To:* Igor Janicijevic
> *Cc:* Thomas Broyer ; >
> *Subject:* Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
> Authorization
>
>
>
> Hmmm, interesting. How does the first-party client decide which scopes to
>
Sunday, 19 May 2024 9:57 PM
> *To:* Igor Janicijevic
> *Cc:* Thomas Broyer ; >
> *Subject:* Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
> Authorization
>
>
>
> Hmmm, interesting. How does the first-party client decide which scopes to
> grant to the th
Cc: Thomas Broyer mailto:t.bro...@gmail.com>>;
mailto:oauth@ietf.org>> mailto:oauth@ietf.org>>
Subject: Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
Authorization
Maybe let's separate those two things for a second:
1. Third party acquiring token to acc
t will have to have a possession of it to present it to the
> revocation endpoint… Maybe I am completely missing your point, so can you,
> please, clarify.
>
>
>
> Cheers,
>
> Igor
>
>
>
>
>
> *From:* Warren Parad [mailto:wpa...@rhosys.ch]
> *Sent:* Su
;
Subject: Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
Authorization
Maybe let's separate those two things for a second:
1. Third party acquiring token to access RS
2. RO revoking token generated for the Third Party client
For #1. I'd be interested to know how t
arad [mailto:wpa...@rhosys.ch]
> *Sent:* Sunday, 19 May 2024 7:14 PM
> *To:* Igor Janicijevic
> *Cc:* Thomas Broyer ; >
> *Subject:* Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
> Authorization
>
>
>
> But the AS is already governing the access betwee
[mailto:wpa...@rhosys.ch]
Sent: Sunday, 19 May 2024 7:14 PM
To: Igor Janicijevic
Cc: Thomas Broyer ;
Subject: Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
Authorization
But the AS is already governing the access between clients, so at the surface
at least I'm not able to wrap my
t; *From:* Warren Parad [mailto:wpa...@rhosys.ch]
> *Sent:* Sunday, 19 May 2024 1:36 AM
> *To:* Thomas Broyer
> *Cc:* Igor Janicijevic ; >
> *Subject:* Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
> Authorization
>
>
>
> That was my first thought, b
access between the clients.
Regards,
Igor
From: Warren Parad [mailto:wpa...@rhosys.ch]
Sent: Sunday, 19 May 2024 1:36 AM
To: Thomas Broyer
Cc: Igor Janicijevic ;
Subject: Re: [OAUTH-WG] Re: New Internet Draft: OAuth 2.0 Delegated B2B
Authorization
That was my first thought, but since we only
That was my first thought, but since we only have one AS, isn't just this
just OAuth but switching up which is the RS and which is the user agent?
Why wouldn't the third party just request a client_credentials grant for
the RS using the appropriate audience?
On Sat, May 18, 2024, 16:52 Thomas Bro
Isn't that covered by Token Exchange already?
https://datatracker.ietf.org/doc/html/rfc8693
Le sam. 18 mai 2024, 16:29, Igor Janicijevic a écrit :
> Dear All,
>
>
>
> I have published an Internet Draft document that I would like to introduce
> to the OAuth working group for consideration. Here i
17 matches
Mail list logo
