Hi Justin, why is there a need for both scope and audience? I would assume the scope of the authorization request is typically turned into an audience of an access token.
Generally, wouldn't it be simpler (spec-wise) to just return a JWT instead of inventing another set of JSON elements? regards, Torsten. Am 09.01.2013 um 20:10 schrieb Justin Richer <[email protected]>: > Updated the introspection draft with feedback from the UMA WG, who have > incorporated it into their latest revision of UMA. > > I would like this document to become a working group item. > > -- Justin > > > -------- Original Message -------- > Subject: New Version Notification for > draft-richer-oauth-introspection-01.txt > Date: Tue, 8 Jan 2013 14:48:47 -0800 > From: <[email protected]> > To: <[email protected]> > > A new version of I-D, draft-richer-oauth-introspection-01.txt > has been successfully submitted by Justin Richer and posted to the > IETF repository. > > Filename: draft-richer-oauth-introspection > Revision: 01 > Title: OAuth Token Introspection > Creation date: 2013-01-08 > WG ID: Individual Submission > Number of pages: 6 > URL: > http://www.ietf.org/internet-drafts/draft-richer-oauth-introspection-01.txt > Status: > http://datatracker.ietf.org/doc/draft-richer-oauth-introspection > Htmlized: > http://tools.ietf.org/html/draft-richer-oauth-introspection-01 > Diff: > http://www.ietf.org/rfcdiff?url2=draft-richer-oauth-introspection-01 > > Abstract: > This specification defines a method for a client or protected > resource to query an OAuth authorization server to determine meta- > information about an OAuth token. > > > > > > > The IETF Secretariat > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
