It's simply the entity that created the assertion. Third party token service
was meant to encapsulate pretty much all of your stakeholders below. The only
one it doesn't really cover is Authorization Server.
On Dec 3, 2012, at 12:35 AM, Nat Sakimura wrote:
Hi Brian,
The assertion framework defines the Issuer as:
Issuer The unique identifier for the entity that issued the
assertion. Generally this is the entity that holds the key
material used to generate the assertion. The issuer may be either
an OAuth client (when assertions are self-issued) or a third party
token service.
I was wondering why it has to be either the client or a third party token
service.
Conceptually, it could be any token service (functionality) residing in any of
the stakeholders (Resource Owner, OAuth Client, Authorization Server, or
a third party).
I would appreciate if you could clarify why is the case.
Best,
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
_______________________________________________
OAuth mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
