On 2018-02-01 14:59, Hannes Tschofenig wrote:
Hi all,

the Client Token is a new mechanism in the ACE-OAuth that aims to solve a scenario where the Client does not have connectivity to the Authorization Server to obtain an access token while the Resource Server does.

The solution is therefore for the Client to use the Resource Server to relay messages to the Authorization Server.

While this sounds nice it does not follow the OAuth model and we, at ARM, have not seen anyone requesting this feature.


In summary, I am again requesting that the Client Token functionality is removed from the ACE-OAuth draft.

I agree that interest for this use case has been lukewarm at most in the WG. I will remove that feature from the draft in the next update.


Ludwig Seitz, PhD
Security Lab, RISE SICS
Phone +46(0)70-349 92 51

Ace mailing list

Reply via email to