__________________________________________ > -----Original Message----- > From: Brian Campbell [mailto:[email protected]] > Sent: Wednesday, August 25, 2010 4:29 PM > To: Thomas Hardjono > Cc: oauth > Subject: Re: [OAUTH-WG] SAML profile comments/questions from the SAML > people > > Again, sorry for the slow reply. > > On Thu, Aug 19, 2010 at 1:52 PM, Thomas Hardjono <[email protected]> > wrote: > > > Does Oauth-v2 today allow > > the Authorization Server to delegate/relegate the actual obtaining of > > the access token to a 3rd Party? > > I'm not sure I follow the question?
Brian, apologies for the delay. What I meant to say is that User#1/Client#1 asks for an access token (to a given resource) with the intention of later handing over the access-token to a different User#2/Client#2. Ideally, this model could be extensible where User#2/Client#2 asks the Auth Server to "swap" (re-issue) this token for a different client_id (User#3/Client#3). However, this bring us into space of role based access control and permissions, which would somewhat complicate the Oauth 2.0 authorization model :) /thomas/ _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
