Phil,
I thoroughly enjoy working with you whenever I can, and I really liked
your work on SCIM, but from the perspective of the web developers I work
with, I have a few concerns about what you wrote:
1. Developer experience and usability of the standards
You keep mentioning that web develope
Rather surprised (and pleased) to see a reference to the UAA here, but I
would like to make a quick clarification.
Justin, I think we concluded that what the UAA is doing is static client
registration via SCIM extensions, not dynamic client registrations. The
UAA has been serving OAuth2 and SC
comments inline:
On 12/18/2012 02:14 PM, John Bradley wrote:
We probably also need to consider this in light of people like Google
already adding new JWT claims to specify a secondary audience, though
there 'cid' Client ID claim is more about who requested the token.
In our implementation we
