Obviously, it is not so clear from the language there.
Chuck Mortimore <[email protected]> 写于 2012-12-04 10:17:12: > There's no reason why it can't be resource owner today. > > On Dec 3, 2012, at 6:06 PM, <[email protected]> <[email protected] > > wrote: > > > +1. > And why it was not looked at that time? > > [email protected] 写于 2012-12-04 01:30:55: > > > Actually, I think it is a good time to start looking at the resourse > > owner issuing assertions@ (Interestingly enough, Hui-Lan had brought > > this up a couple of years ago.) > > > > Igor > > > > On 12/3/2012 3:58 AM, Nat Sakimura wrote: > > I suppose, yes. I was reading it like that all the time. > > Whether it is or not, if it is still ok, it might be better to clarify it. > > Word like "third party" tends to be a bit of problem without > clearlydefining. > > I had similar experience in other fora. > > > > Nat > > > > Sent from iPad > > > > 2012/12/03 0:52、"[email protected]" <[email protected]> の > > メッセ�`ジ: > > > > > could be Resource owner? > > > > > > > "Tschofenig, Hannes (NSN - FI/Espoo)" <[email protected]> > > 发件人: [email protected] > > 2012-12-03 16:49 > > > > 收件人 > > > > "ext Nat Sakimura" <[email protected]>, "Brian Campbell" < > > [email protected]>, "oauth" <[email protected]> > > > > 抄送 > > > > 主题 > > > > Re: [OAUTH-WG] Assertion Framework - Why does issuer have to be > > either the client or a third party token service? > > > > > > > > > > Hi Nat, > > > > The current text essentially says that the assertion can either be > > created by the client (in which case it is self-signed) or it can be > > created by some other entity (which is then called the third party > > token service). So, this third party could be the authorization server. > > > > Ciao > > Hannes > > > > > > From: [email protected] [mailto:[email protected]] On Behalf Of > > ext Nat Sakimura > > Sent: Monday, December 03, 2012 10:35 AM > > To: Brian Campbell; oauth > > Subject: [OAUTH-WG] Assertion Framework - Why does issuer have to be > > either the client or a third party token service? > > > > Hi Brian, > > > > > > The assertion framework defines the Issuer as: > > > > Issuer The unique identifier for the entity that issued the > > assertion. Generally this is the entity that holds the key > > material used to generate the assertion. The issuer may be either > > an OAuth client (when assertions are self-issued) or a third party > > token service. > > > > I was wondering why it has to be either the client or a third party > > token service. > > Conceptually, it could be any token service (functionality) > residingin any of > > > > the stakeholders (Resource Owner, OAuth Client, Authorization Server, or > > a third party). > > > > > > I would appreciate if you could clarify why is the case. > > > > > > Best, > > > > -- > > Nat Sakimura (=nat) > > Chairman, OpenID Foundation > > http://nat.sakimura.org/ > > @_nat_en > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > > OAuth mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
