Dear Torsten, I was impressed with your article. It describes considerations points very well that implementers of leading-edge authorization servers will eventually face or have already faced.
It seems to me that the mechanism of "structured_scope" can be positioned as a more generic mechanism whose usage doesn't necessarily have to be limited to scopes. I mean that the mechanism can be used to include any arbitrary dynamic structured data in an authorization request. So, if there were something I might be able to propose additionally, I would suggest renaming "structured_scope" to a more generic name. Best Regards, Takahiko Kawasaki Representative director, Authlete, Inc. 2019年4月21日(日) 3:21 Torsten Lodderstedt <[email protected]>: > Hi all, > > I just published an article about the subject at: > https://medium.com/oauth-2/transaction-authorization-or-why-we-need-to-re-think-oauth-scopes-2326e2038948 > > > I look forward to getting your feedback. > > kind regards, > Torsten. > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
