Should the act and may_act also be registered for Introspection Endpoint responses?
Le ven. 4 mars 2016 21:13, Brian Campbell <[email protected]> a écrit : > > A new draft of "OAuth 2.0 Token Exchange" has been published addressing > review comments on the prior draft. The changes from -03 are listed here: > > https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-04 > > o Clarified that the "resource" and "audience" request parameters > can be used at the same time (via http://www.ietf.org/mail- > <http://www.ietf.org/mail-archive/web/oauth/current/msg15335.html> > archive/web/oauth/current/msg15335.html > <http://www.ietf.org/mail-archive/web/oauth/current/msg15335.html>). > o Clarified subject/actor token validity after token exchange and > explained a bit more about the recommendation to not issue refresh > tokens (via http://www.ietf.org/mail-archive/web/oauth/current/ > <http://www.ietf.org/mail-archive/web/oauth/current/msg15318.html> > msg15318.html > <http://www.ietf.org/mail-archive/web/oauth/current/msg15318.html>). > o Updated the examples appendix to use an issuer value that doesn't > imply that the client issued and signed the tokens and used > "Bearer" and "urn:ietf:params:oauth:token-type:access_token" in > one of the responses (via http://www.ietf.org/mail- > <http://www.ietf.org/mail-archive/web/oauth/current/msg15335.html> > archive/web/oauth/current/msg15335.html > <http://www.ietf.org/mail-archive/web/oauth/current/msg15335.html>). > o Defined and registered urn:ietf:params:oauth:token-type:id_token, > since some use cases perform token exchanges for ID Tokens and no > > > > ---------- Forwarded message ---------- > From: <[email protected]> > Date: Fri, Mar 4, 2016 at 12:57 PM > Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-token-exchange-04.txt > To: [email protected] > Cc: [email protected] > > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol of the IETF. > > Title : OAuth 2.0 Token Exchange: An STS for the REST of > Us > Authors : Michael B. Jones > Anthony Nadalin > Brian Campbell > John Bradley > Chuck Mortimore > Filename : draft-ietf-oauth-token-exchange-04.txt > Pages : 28 > Date : 2016-03-04 > > Abstract: > This specification defines a protocol for a lightweight HTTP- and > JSON- based Security Token Service (STS) by defining how to request > and obtain security tokens from OAuth 2.0 authorization servers, > including security tokens employing impersonation and delegation. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-04 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-token-exchange-04 > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
