On Thu, Jul 15, 2010 at 10:03 AM, Torsten Lodderstedt <[email protected]> wrote: > As I have written in my reply to Marius's posting. I'm fine with including > server ids in scopes. But this requires a definition of the scope's syntax > and semantics in the spec. Otherwise, scope interpretation (and server > identification) will be deployment specific.
Sure, it is deployment specific, but why is that an issue? In your case, the authz server and all the resource servers are managed by the same organization, right? Do clients need to be aware of the actual resource server? You can probably create a separate spec that defines scope syntax for this purpose, if really needed. Does it have to be in core? Marius _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
