Hi Torsten, thank you for writing this clarifying article :) In the health sector in Norway we are facing similar challenges regarding the need for contextual information. At the time, our planned solution is to package this information as custom claims in request objects - e.g.: “helse:client/claims/xxxx”, but after reading your article I realize that the structured scope approach makes a lot more sense and, as you stated in the article, pushing the request objects mitigates the issues with request-size and complexity on the client side. In our case we may also have a requirement to encrypt the pushed request object due to potential sensitive content.
- Steinar lør. 20. apr. 2019 kl. 20:21 skrev Torsten Lodderstedt < [email protected]>: > Hi all, > > I just published an article about the subject at: > https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948 > > > I look forward to getting your feedback. > > kind regards, > Torsten. > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > -- Vennlig hilsen Steinar Noem Partner Udelt AS Systemutvikler | [email protected] | [email protected] | +47 955 21 620 | www.udelt.no |
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
