Hi Kristoffer,
Hannes compiled the list :-)
regards,
Torsten.
Am 07.02.2011 22:10, schrieb Kristoffer Gronowski:
Hi Torsten!
Great that you compiled the list on WG items.
IMO there is one item missing and that is to create an optional formal
interface between the authorization server and the protected resource.
It could increase the productivity of creating the oauth protected web
services when the auth server can be treated as an off the shelf piece
of code.
Then it would be up to the auth server to also provide an number of
other extension like the discovery, token revocation and other.
The next most important for me is the discovery but here I would
rather want to tie on to existing technologies that already describe
REST resources like WADL.
So that the Oauth discovery metadata just deals with two levels of
metadata. First being more static information about the oauth server
that is authorative over the protected resource.
Second would be the endpoint specific authorization data about the
resource what kind of scopes are required for me to fulfill a
successful request. But here it needs to be more innovative since it
might be a different answer if I am trying to do a HTTP GET then what
would be needed if I am trying to do a HTTP DELETE request on a
protected resource.
We are actually trying to experiment with the two different API for
auth server <-> protected resource IF and for resource discovery to
get hands on experience on how they could look like.
So if other sees the same value we would be happy to collaborate and
try to contribute it becoming something agreed upon within this WG.
The good part is that all of our experiments are shared in open source
so others could also join in and we do not have any strong opinion
that it has to be solved our way.
BR Kristoffer
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
