Please feel free to suggest better language. Issuer simply allows the token service to know who created the assertion, so it can look them up and see if they're trusted. Effectively the same as an Issuer in SAML.
-cmort On Dec 3, 2012, at 6:23 PM, <[email protected]<mailto:[email protected]>> wrote: Obviously, it is not so clear from the language there. Chuck Mortimore <[email protected]<mailto:[email protected]>> 写于 2012-12-04 10:17:12: > There's no reason why it can't be resource owner today. > > On Dec 3, 2012, at 6:06 PM, > <[email protected]<mailto:[email protected]>> > <[email protected]<mailto:[email protected]> > > wrote: > > > +1. > And why it was not looked at that time? > > [email protected]<mailto:[email protected]> 写于 2012-12-04 01:30:55: > > > Actually, I think it is a good time to start looking at the resourse > > owner issuing assertions@ (Interestingly enough, Hui-Lan had brought > > this up a couple of years ago.) > > > > Igor > > > > On 12/3/2012 3:58 AM, Nat Sakimura wrote: > > I suppose, yes. I was reading it like that all the time. > > Whether it is or not, if it is still ok, it might be better to clarify it. > > Word like "third party" tends to be a bit of problem without > clearlydefining. > > I had similar experience in other fora. > > > > Nat > > > > Sent from iPad > > > > 2012/12/03 0:52、"[email protected]<mailto:[email protected]>" > > <[email protected]<mailto:[email protected]>> の > > メッセージ: > > > > > could be Resource owner? > > > > > > > "Tschofenig, Hannes (NSN - FI/Espoo)" > > <[email protected]<mailto:[email protected]>> > > 发件人: [email protected]<mailto:[email protected]> > > 2012-12-03 16:49 > > > > 收件人 > > > > "ext Nat Sakimura" <[email protected]<mailto:[email protected]>>, "Brian > > Campbell" < > > [email protected]<mailto:[email protected]>>, "oauth" > > <[email protected]<mailto:[email protected]>> > > > > 抄送 > > > > 主题 > > > > Re: [OAUTH-WG] Assertion Framework - Why does issuer have to be > > either the client or a third party token service? > > > > > > > > > > Hi Nat, > > > > The current text essentially says that the assertion can either be > > created by the client (in which case it is self-signed) or it can be > > created by some other entity (which is then called the third party > > token service). So, this third party could be the authorization server. > > > > Ciao > > Hannes > > > > > > From: [email protected]<mailto:[email protected]> > > [mailto:[email protected]] On Behalf Of > > ext Nat Sakimura > > Sent: Monday, December 03, 2012 10:35 AM > > To: Brian Campbell; oauth > > Subject: [OAUTH-WG] Assertion Framework - Why does issuer have to be > > either the client or a third party token service? > > > > Hi Brian, > > > > > > The assertion framework defines the Issuer as: > > > > Issuer The unique identifier for the entity that issued the > > assertion. Generally this is the entity that holds the key > > material used to generate the assertion. The issuer may be either > > an OAuth client (when assertions are self-issued) or a third party > > token service. > > > > I was wondering why it has to be either the client or a third party > > token service. > > Conceptually, it could be any token service (functionality) > residingin any of > > > > the stakeholders (Resource Owner, OAuth Client, Authorization Server, or > > a third party). > > > > > > I would appreciate if you could clarify why is the case. > > > > > > Best, > > > > -- > > Nat Sakimura (=nat) > > Chairman, OpenID Foundation > > http://nat.sakimura.org/ > > @_nat_en > > _______________________________________________ > > OAuth mailing list > > [email protected]<mailto:[email protected]> > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > > _______________________________________________ > > OAuth mailing list > > [email protected]<mailto:[email protected]> > > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > > OAuth mailing list > > [email protected]<mailto:[email protected]> > > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > [email protected]<mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
