Re: [OAUTH-WG] JWT Token on-behalf of Use case

Wed, 01 Jul 2015 03:36:10 -0700

Hmm... perhaps the clue is in the draft title, token-exchange, so may be it is a case of the given access token ("on_behalf_of" or "act_as" claim) being used to request a new security token. One can only guess though, does not seem like the authors are keen to answer the newbie questions... 

Cheers, Sergey


On 30/06/15 13:38, Sergey Beryozkin wrote:

Hi,
Can you please explain what is the difference between On-Behalf-Of
semantics described in the draft-ietf-oauth-token-exchange-01 and the
implicit On-Behalf-Of semantics a client OAuth2 token possesses ?

For example, draft-ietf-oauth-token-exchange-01 mentions:

"Whereas, with on-behalf-of semantics, principal A still has its own
identity separate from B and it is explicitly understood that while B
may have delegated its rights to A, any actions taken are being taken by
A and not B. In a sense, A is an agent for B."

This is a typical case with the authorization code flow where a client
application acts on-behalf-of the user who authorized this application ?

Sorry if I'm missing something

Cheers, Sergey
On 25/06/15 22:28, Mike Jones wrote:

That’s what
https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-01 is about.

                                                                 Cheers,

                                                                 -- Mike

*From:*OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Vivek Biswas
-T (vibiswas - XORIANT CORPORATION at Cisco)
*Sent:* Thursday, June 25, 2015 2:20 PM
*To:* OAuth@ietf.org
*Subject:* [OAUTH-WG] JWT Token on-behalf of Use case

Hi All,

   I am looking to solve a use-case similar to WS-Security On-Behalf-Of
<http://docs.oasis-open.org/ws-sx/ws-trust/v1.4/errata01/os/ws-trust-1.4-errata01-os-complete.html#_Toc325658980>

with OAuth JWT Token.

   Is there a standard claim which we can define within the OAuth JWT
which denote the On-behalf-of User.

For e.g., a Customer Representative trying to create token on behalf of
a customer and trying to execute services specific for that specific
customer.

Regards,

Vivek Biswas,
CISSP

*Cisco Systems, Inc <http://www.cisco.com/>*

*Bldg. J, San Jose, USA,*

*Phone: +1 408 527 9176*



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth





_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to