Hi Brian!
Thanks for this background and explanation. There was history here I didn’t
know.
With the benefit of this thread and private exchanges, the key takeaways for me
are:
** the definition of 'resource' for 'token exchange' is identical in both
drafts (draft-ietf-oauth-resource-indicat
ected resource can
be used by any one of those protected resources to access any of the other
protected resources."
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disc
Yeah, as you surmised, there is some history behind this. Basically
draft-ietf-oauth-token-exchange predates
draft-ietf-oauth-resource-indicators by a good long time (years) and with
the hope and expectation that draft-ietf-oauth-token-exchange would move to
RFC, I've avoided having a reference in
Hi Brian!
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: Wednesday, July 17, 2019 4:35 PM
To: Roman Danyliw
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] AD Review: draft-ietf-oauth-resource-indicators-02
Thank you, Roman, for the review. Some replies are inline below. I'll aim to
Hi!
I forgot one more thing about this draft after re-reading
draft-ietf-oauth-token-exchange.
Per the IANA action in Section 4.1, I need help understanding on the thinking
to resolve this TODO:
o Parameter usage location: authorization request, token request
[[TODO: draft-ietf-oauth
Thank you, Roman, for the review. Some replies are inline below. I'll aim
to push out a -03 addressing this stuff sometime not too long after the I-D
submission embargo is lifted next week.
On Tue, Jul 16, 2019 at 5:23 PM Roman Danyliw wrote:
> Hi!
>
> The following is my AD review of draft-iet
I’d be interested in hearing that presentation – particularly the “lessons”
part.
-- Mike
From: OAuth On Behalf Of Richard Backman, Annabelle
Sent: Wednesday, July 17, 2019 11:28 AM
To: Dick Hardt ; Rifaat Shekh-Yusef
Cc: oauth
Subject:
Hi!
The following is my AD review of
draft-ietf-oauth-jwt-introspection-response-03.
(1) Section 4. Per introspection_encrypted_response_alg, how is either signing
or encryption being requested? Is it by also including an
introspection_signed_response_alg? If that's the case, it is worth e