The intended scope is to provide a transactional model for doing authorization delegation, not for authenticating a transaction itself. I can understand the confusion! Naming things is hard.
— Justin > On Oct 28, 2019, at 1:55 PM, Kyle Rose <[email protected]> wrote: > > On Mon, Oct 28, 2019 at 11:39 AM Dick Hardt <[email protected] > <mailto:[email protected]>> wrote: > Hey OAuthers > > As chair of the Tx BOF coming up in Singapore on Nov 18 @ 5:30-7:30PM Monday > Afternoon, I'm gathering who would be interested in making presentations, and > how much time you would like. > > Is this BoF limited to authorization, or would something like end-to-end > authentication of transaction request/response via a less trusted > intermediary (e.g., an API gateway or CDN) for purposes of limiting > transitive trust be in scope? I'm thinking of something akin to OSCORE-style > transactions, but more general (e.g., not specific to constrained computing > environments, not forcing the use of CBOR). > > Thanks, > Kyle > -- > Txauth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/txauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
