In BlueButton+ REST, we defined a matrix of client types based on whether the client could keep a configuration-time secret (the "registration_jwt", predecessor to the "software_statement") and a particular kind of runtime secret (the client secret) in addition to the token. That matrix is defined here:
http://bluebuttontoolkit.healthit.gov/blue-button-plus-pull/ I've seen other attempts to categorize clients on similar lines: what can the client connect to, what can it keep secret, and from whom. -- Justin On Oct 2, 2014, at 4:19 PM, Lewis Adam-CAL022 <[email protected]<mailto:[email protected]>> wrote: Hi, 6749 defines three client profiles which are mapped to either confidential or public client types. Have any new client profiles since been defined? And is there a process or place to put those additional profiles? For example I’m thinking about additional confidential client types, maybe a legacy WS-* WSC accessing a WS-* WSP, and that WSP is acting as a confidential client to a RESTful RS. Just curious if further definitions are being collected anywhere. I’m not sure if it really matters, maybe confidential is confidential, regardless of if it’s a web server or a WS-* WSP, but since the spec went as far as to define the client profiles then maybe there is a place to define more. Tx! adam _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
