+1 Phil
> On Nov 3, 2014, at 16:07, Bill Mills <[email protected]> wrote: > > We need to think about this, and whatever we build in this space should work > for POP tokens as well. I'd love to hear the concrete use cases and problems > to be solved. > > > > POP tokens (like OAuth 1.0a) are likely not to be proxyable, so the edge > servers really should have a way to get a new credential for accessing other > services on behalf of the user. > > > > Another major consideration is that auth servers are frequently not scaled to > handle the full edge transaction load, that's part of the point of issuing a > longer lived credential by a server that's already done all the expensive > policy and DB checks. > > > > I'm not a big fan of a token exchange through the auth server for that > reason, as well as the added cost incurred for the network round trips that's > being built in. > > > > -bill > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
