Hi Jim, On 2020-02-24 19:02, Jim Schaad wrote: > I was starting to code up the encoding of scope and wanted to clarify what > the encoding is. > > The text appears to say that the encoding is: > > scope = [ groupId: tstr, ?[* role : any ]] > > I was expecting this to be more along the lines of > > scope = [ + scope_item ] > scopeItem = [ groupId: tstr, ?[* role : any ]] > > This would allow for more than one group to be identified in a single token > which I think is important given some of the statements about only having a > single token for a client. This does not solve the resource server having > multiple audiences but that is fine.
==>MT At the January interim, we mentioned a multi group/topic scope as next step. The format you suggest above is essentially the one we also had in mind. This should be firstly defined in the ace-key-groupcomm document. This should be just fine for the Token request/response and the Access Token itself. Then I am thinking of what happens next. In a general case, in each of the specified groups a different signature algorithm (etc.) is used. Then, in the 2.01 response from /authz-info , we would have 'sign_info' also as an array of arrays and 'pub_key_enc' as an array (unless the very same configuration applies for each scopeItem above). Same goes for 'rsnonce' becoming an array. The order of such arrays' elements is the same as for the scopeItems in the 'scope' claim. <== > > I am unsure if it makes sense to allow for the array to be removed for scope > in the second example in the event that only one group is specified. One > byte saved at the expense of more code. ==>MT I think it makes sense to avoid that byte, and essentially revert to the original scope format when only one group is specified. <== Best, /Marco > > Jim > > -- Marco Tiloca Ph.D., Senior Researcher RISE Research Institutes of Sweden Division ICT Isafjordsgatan 22 / Kistagången 16 SE-164 40 Kista (Sweden) Phone: +46 (0)70 60 46 501 https://www.ri.se
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ace mailing list [email protected] https://www.ietf.org/mailman/listinfo/ace
