Two points:
1/ I agree that it can be onerous for clients to host web pages. It's not a
matter of expense but of complexity.
BUT
2/ As we discussed previously in our in-person meeting, this should be handled
by a different endpoint, and not be the responsibility for the provider. If
Google
One more question - is the title technique used in production? I think you'd
mentioned that it was ... if so, can you point me to the docs where it's
currently used?
On Jun 22, 2010, at 11:00 PM, Luke Shepard wrote:
Two points:
1/ I agree that it can be onerous for clients to host web
On 2010-06-22, at 11:07 PM, Tschofenig, Hannes (NSN - FI/Espoo) wrote:
scope
OPTIONAL. The scope of the access request expressed as a list
of space-delimited strings. The value of the scope parameter
is defined by the authorization server. If the value contains
I've been noodling [1] a lot about full delegation in OAuth [2] and one of the
issues that came out of that was the need for discovering both the location and
realm of an endpoint's token server. But at least for my use cases (which
consist of walking up to a service and making an options
I think the core work is pretty stable now, unlike the discovery bits which
(while simple) are not enjoying the same level of consensus. I think it is much
more practical to propose them as a separate document and perhaps consider
merging them later on when they reach an equal level of
No objections on my part. I would rather have a smaller core spec with features
that everyone agrees on.
BTW, a thought for the discovery draft - RFC 2616/2617 only defines
www-authenticate's semantics in the context of a 401. It's unclear from the
draft what it would mean to return a
Thanks Hannes. Great list of to-do items for the WG :)
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Tschofenig, Hannes (NSN - FI/Espoo)
Sent: Wednesday, June 23, 2010 2:08 AM
This is probably the most important item were people will
Hi Yaron,
I think delegation is a great idea/feature that should be added or OAuth (as I
suggested in the kerberos-oauth draft). In the Kerberos world, it has been a
very important feature (a life saver).
In your example, when Yochi wants to terminate the delegation she gave to Leon,
how