I will be there until Thursday evening, so I would prefer Tuesday or
Wednesday evening.
regards,
Torsten.
Am 16.04.2012 13:55, schrieb Hannes Tschofenig:
Hi guys,
I was wondering how many of you will be at the upcoming IIW in Mountain View
(or for some other event). IIW will run from
Hi Eran,
why do you see a relationship between dynamic client registration and
discovery? Basically, we don't care so far how a client finds tokens and
end-user authorization point. Why is this any different for the client
registration endpoint (or the revocation endpoint)? Or do you have a
Because it is in the draft the WG is suppose to consider. It's a stated
dependency.
EH
-Original Message-
From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
Sent: Wednesday, April 18, 2012 12:50 PM
To: Eran Hammer
Cc: Hannes Tschofenig; oauth@ietf.org WG
Subject: Re:
Hi all,
is there enough experience in the field with such an interface to
standardize it?
I would expect such an endpoint to return the same payload, which is
carried in a JSON Web Token. So once we designed the JSON Web Tokens
content, designing the AS-PR interface could be the next
Hi Eran,
thanks for pointing this out. I took a quick look on the document. Seems
the I-D combines registration and discovery. I think both should be kept
separat. So I would suggest to remove section 5 and the dependency is gone.
regards,
Torsten.
Am 18.04.2012 21:51, schrieb Eran Hammer:
So it's a known issue. I think that's an artificial reason to leave it
and a reasonable section to be cut out first.
-- Justin
On 04/18/2012 03:51 PM, Eran Hammer wrote:
Because it is in the draft the WG is suppose to consider. It's a stated
dependency.
EH
-Original Message-
Not all implementations in the field that do this are using JWTs as the
tokens. Ours in particular used a random blob with no structured
information in it. The endpoint returned a JSON object.
-- Justin
On 04/18/2012 03:53 PM, Torsten Lodderstedt wrote:
Hi all,
is there enough experience
WFM. An updated I-D without it would be great.
EH
-Original Message-
From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
Sent: Wednesday, April 18, 2012 12:57 PM
To: Eran Hammer
Cc: Hannes Tschofenig; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Dynamic Client Registration
Hi Justin,
I refered to the data format used at the AS-PR interface. According to
your description, you use JSON objects there. What data does such an
object contain? Is this any different from a JSON Web Token (leaving
aside digital signatures and encryption)?
regards,
Torsten.
Am
+1 for keeping registration and discovery separate.
(As is typical, Torsten had beaten me to saying just what I was thinking
about and preparing to to say. The only consolation is that he
expressed it better than I would have.)
Igor
On 4/18/2012 3:56 PM, Torsten Lodderstedt wrote:
Hi
I think we might be crossing wires about input to the token
introspection endpoint vs. output from it.
In OpenID Connect, you send a JWT in, and get back a JSON object that
represents the Claims bit of the JWT.
In our implementation (and I think both Ping and AOL's), you send in an
11 matches
Mail list logo
