-WG] Confirmation: Call for Adoption of OAuth
Token Introspection as an OAuth Working Group Item
Decoding a token with a specific format wouldn't tell you whether the
token is still live: it could have been revoked before its expiration.
Le 30 juil. 2014 02:16, Mike Jones michael.jo
Hunt; Thomas Broyer
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth
Token Introspection as an OAuth Working Group Item
We also have a use case where the AS is provided by a partner and the
RS is provided by AOL. Being able to have a standardized way
mailto:t.bro...@gmail.com]
*Sent:* Tuesday, July 29, 2014 5:43 PM
*To:* Mike Jones
*Cc:* oauth@ietf.org mailto:oauth@ietf.org; George
Fletcher; Phil Hunt
*Subject:* RE: [OAUTH-WG] Confirmation: Call for Adoption of
OAuth Token Introspection as an OAuth Working Group Item
Token Introspection as an OAuth Working Group Item
We also have a use case where the AS is provided by a partner and the
RS is provided by AOL. Being able to have a standardized way of
validating and getting data about the token from the AS would make
our implementation much simpler as we
] *On Behalf Of *George
Fletcher
*Sent:* Tuesday, July 29, 2014 3:25 PM
*To:* Phil Hunt; Thomas Broyer
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth
Token Introspection as an OAuth Working Group Item
We also have a use case where the AS is provided
[mailto:oauth-boun...@ietf.org] *On Behalf Of *George
Fletcher
*Sent:* Tuesday, July 29, 2014 3:25 PM
*To:* Phil Hunt; Thomas Broyer
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth
Token Introspection as an OAuth Working Group Item
We also have a use
@ietf.org
*Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth
Token Introspection as an OAuth Working Group Item
We also have a use case where the AS is provided by a partner and the
RS is provided by AOL. Being able to have a standardized way of
validating and getting data about
Actually, I view this in a much simpler way. In today's environment
there is a tight coupling between AS and RS. Each deployment has to
develop it's own mechanism for dealing with understanding tokens (even
if the AS and RS are in the same domain).
The introspection spec solve probably 80+
Broyer
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth
Token Introspection as an OAuth Working Group Item
We also have a use case where the AS is provided by a partner and the
RS is provided by AOL. Being able to have a standardized way of
validating
Of *George
Fletcher
*Sent:* Tuesday, July 29, 2014 3:25 PM
*To:* Phil Hunt; Thomas Broyer
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth
Token Introspection as an OAuth Working Group Item
We also have a use case where the AS is provided by a partner
: [OAUTH-WG] Confirmation: Call for Adoption of OAuth
Token Introspection as an OAuth Working Group Item
We also have a use case where the AS is provided by a partner and the
RS is provided by AOL. Being able to have a standardized way of
validating and getting data about the token from the AS would
...@gmail.com
Cc: oauth@ietf.orgmailto:oauth@ietf.org
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
No worries.
Some of the people in the F2F piling on with discussion derailed Hannes
original question.
during the IETF #90 OAuth WG
: John Bradley
Sent: 7/30/2014 7:20 AM
To: Sergey Beryozkin
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
No worries.
Some of the people in the F2F piling on with discussion derailed Hannes
Beryozkin
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
No worries.
Some of the people in the F2F piling on with discussion derailed Hannes
original question.
during the IETF #90 OAuth WG meeting
We also have a use case where the AS is provided by a partner and the RS
is provided by AOL. Being able to have a standardized way of validating
and getting data about the token from the AS would make our
implementation much simpler as we can use the same mechanism for all
Authorization
.
-- Mike
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of George Fletcher
Sent: Tuesday, July 29, 2014 3:25 PM
To: Phil Hunt; Thomas Broyer
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
] *On Behalf Of *George
Fletcher
*Sent:* Tuesday, July 29, 2014 3:25 PM
*To:* Phil Hunt; Thomas Broyer
*Cc:* oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
We also have a use case where the AS is provided
for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
Decoding a token with a specific format wouldn't tell you whether the token is
still live: it could have been revoked before its expiration.
Le 30 juil. 2014 02:16, Mike Jones
michael.jo...@microsoft.commailto:michael.jo
Token
Introspection as an OAuth Working Group Item
We also have a use case where the AS is provided by a partner and the RS is
provided by AOL. Being able to have a standardized way of validating and
getting data about the token from the AS would make our implementation much
simpler as we
Broyer [mailto:t.bro...@gmail.com]
*Sent:* Tuesday, July 29, 2014 5:43 PM
*To:* Mike Jones
*Cc:* oauth@ietf.org; George Fletcher; Phil Hunt
*Subject:* RE: [OAUTH-WG] Confirmation: Call for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
Decoding a token with a specific
] Confirmation: Call for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
Decoding a token with a specific format wouldn't tell you whether the token
is still live: it could have been revoked before its expiration.
Le 30 juil. 2014 02:16, Mike Jones michael.jo
]
*Sent:* Tuesday, July 29, 2014 5:43 PM
*To:* Mike Jones
*Cc:* oauth@ietf.org mailto:oauth@ietf.org; George Fletcher;
Phil Hunt
*Subject:* RE: [OAUTH-WG] Confirmation: Call for Adoption of
OAuth Token Introspection as an OAuth Working Group Item
Decoding a token with a specific
to work on bearer tokens.
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Justin Richer
Sent: Tuesday, July 29, 2014 6:08 PM
To: Phil Hunt; Thomas Broyer
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
Decoding a token with a specific format wouldn't tell you whether the
token is still live: it could have been revoked before its expiration.
Le 30 juil. 2014 02:16, Mike Jones michael.jo...@microsoft.com a écrit
@ietf.org; George Fletcher; Phil Hunt
Subject: RE: [OAUTH-WG] Confirmation: Call for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
Decoding a token with a specific format wouldn't tell you whether the
token is still live: it could have been revoked before its expiration
Jones; Thomas Broyer
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of OAuth Token
Introspection as an OAuth Working Group Item
Not true if I revoke the token after it's been issued but before it expires.
On 7/29/2014 8:49 PM, Mike Jones wrote:
Yes, but that’s
Hi all,
during the IETF #90 OAuth WG meeting, there was strong consensus in
adopting the OAuth Token Introspection
(draft-richer-oauth-introspection-06.txt) specification as an OAuth WG
work item.
We would now like to verify the outcome of this call for adoption on the
OAuth WG mailing list.
+1 adoption
On Monday, July 28, 2014 11:41 AM, Hannes Tschofenig
hannes.tschofe...@gmx.net wrote:
Hi all,
during the IETF #90 OAuth WG meeting, there was strong consensus in
adopting the OAuth Token Introspection
(draft-richer-oauth-introspection-06.txt) specification as an OAuth WG
work
Yes. This spec is of special interest to the platform we're building for
http://www.oasis-eu.org/
On Mon, Jul 28, 2014 at 7:33 PM, Hannes Tschofenig
hannes.tschofe...@gmx.net wrote:
Hi all,
during the IETF #90 OAuth WG meeting, there was strong consensus in
adopting the OAuth Token
Could we have some discussion on the interop cases?
Is it driven by scenarios where AS and resource are separate domains? Or may
this be only of interest to specific protocols like UMA?
From a technique principle, the draft is important and sound. I am just not
there yet on the reasons for an
It's analogous to JWT in many ways: when you've got the AS and the RS
separated somehow (different box, different domain, even different
software vendor) and you need to communicate a set of information about
the approval delegation from the AS (who has the context to know about
it) through to
That doesn’t explain the need for inter-operability. What you’ve described is
what will be common practice.
It’s a great open source technique, but that’s not a standard.
JWT is much different. JWT is a foundational specification that describes the
construction and parsing of JSON based
I think this perspective has a lot to do with your idea of OAuth's
deployment model. You're right in that many people bundle the RS and the
AS very tightly, but that's not always case, nor is it desirable. We're
increasingly seeing cases where a group (often an enterprise) has their
own AS on
33 matches
Mail list logo
