There's no reason why it can't be resource owner today.
On Dec 3, 2012, at 6:06 PM, <[email protected]<mailto:[email protected]>> <[email protected]<mailto:[email protected]>> wrote: +1. And why it was not looked at that time? [email protected]<mailto:[email protected]> 写于 2012-12-04 01:30:55: > Actually, I think it is a good time to start looking at the resourse > owner issuing assertions@ (Interestingly enough, Hui-Lan had brought > this up a couple of years ago.) > > Igor > > On 12/3/2012 3:58 AM, Nat Sakimura wrote: > I suppose, yes. I was reading it like that all the time. > Whether it is or not, if it is still ok, it might be better to clarify it. > Word like "third party" tends to be a bit of problem without clearlydefining. > I had similar experience in other fora. > > Nat > > Sent from iPad > > 2012/12/03 0:52、"[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> の > メッセージ: > > could be Resource owner? > > > "Tschofenig, Hannes (NSN - FI/Espoo)" > <[email protected]<mailto:[email protected]>> > 发件人: [email protected]<mailto:[email protected]> > 2012-12-03 16:49 > > 收件人 > > "ext Nat Sakimura" <[email protected]<mailto:[email protected]>>, "Brian > Campbell" < > [email protected]<mailto:[email protected]>>, "oauth" > <[email protected]<mailto:[email protected]>> > > 抄送 > > 主题 > > Re: [OAUTH-WG] Assertion Framework - Why does issuer have to be > either the client or a third party token service? > > > > > Hi Nat, > > The current text essentially says that the assertion can either be > created by the client (in which case it is self-signed) or it can be > created by some other entity (which is then called the third party > token service). So, this third party could be the authorization server. > > Ciao > Hannes > > > From: [email protected]<mailto:[email protected]> > [mailto:[email protected]] On Behalf Of > ext Nat Sakimura > Sent: Monday, December 03, 2012 10:35 AM > To: Brian Campbell; oauth > Subject: [OAUTH-WG] Assertion Framework - Why does issuer have to be > either the client or a third party token service? > > Hi Brian, > > > The assertion framework defines the Issuer as: > > Issuer The unique identifier for the entity that issued the > assertion. Generally this is the entity that holds the key > material used to generate the assertion. The issuer may be either > an OAuth client (when assertions are self-issued) or a third party > token service. > > I was wondering why it has to be either the client or a third party > token service. > Conceptually, it could be any token service (functionality) residingin any of > > the stakeholders (Resource Owner, OAuth Client, Authorization Server, or > a third party). > > > I would appreciate if you could clarify why is the case. > > > Best, > > -- > Nat Sakimura (=nat) > Chairman, OpenID Foundation > http://nat.sakimura.org/ > @_nat_en > _______________________________________________ > OAuth mailing list > [email protected]<mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > [email protected]<mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > [email protected]<mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
