Re: [Ace] [EXTERNAL] RE: Access token question

[Mike Jones]

And https://tools.ietf.org/html/rfc8693#section-7.4, which registers “scope” at 
https://www.iana.org/assignments/jwt/jwt.xhtml.

                                                                -- Mike

From: Jim Schaad <i...@augustcellars.com>
Sent: Friday, February 21, 2020 9:15 AM
To: 'Francesca Palombini' <francesca.palomb...@ericsson.com>; 'Seitz Ludwig' 
<ludwig.se...@combitech.se>; Mike Jones <michael.jo...@microsoft.com>
Cc: 'Ace Wg' <ace@ietf.org>
Subject: [EXTERNAL] RE: Access token question

You are missing something

https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-33#section-8.13<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-ace-oauth-authz-33%23section-8.13&data=02%7C01%7CMichael.Jones%40microsoft.com%7C41e26bbcdb7c4f902d7908d7b6f1a860%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637179021340478864&sdata=bMozqI2BYqMAAViWLIIKzJBvQFa30eqKVHtqUiC3bH8%3D&reserved=0>

defined here

From: Francesca Palombini 
<francesca.palomb...@ericsson.com<mailto:francesca.palomb...@ericsson.com>>
Sent: Friday, February 21, 2020 4:37 AM
To: Seitz Ludwig <ludwig.se...@combitech.se<mailto:ludwig.se...@combitech.se>>; 
Mike Jones <michael.jo...@microsoft.com<mailto:michael.jo...@microsoft.com>>; 
Jim Schaad <i...@augustcellars.com<mailto:i...@augustcellars.com>>
Cc: Ace Wg <ace@ietf.org<mailto:ace@ietf.org>>
Subject: Access token question

Hi,

Quick question regarding access token and scope.
I know that “scope” semantics is left to the application to define, but in 
general I would expect to include there some information about resource and 
method/operations allowed on that resource. Please correct me if any of this is 
not exact.

It was my understanding that “scope” (or more precisely the “scope” value) 
defined for the Client-AS request and response should be included in the access 
token as well. Checking in CWT, there is no such “scope” claim defined. “aud” 
claim is indeed defined for the CWT, but that should correspond to “aud” 
parameter in the ACE request/response. So where do I put the exact resource and 
operations in the access token?

What am I missing?

Francesca

_______________________________________________
Ace mailing list
Ace@ietf.org
https://www.ietf.org/mailman/listinfo/ace