Hi Grant,
IMHO the main reason why the OAuth specification does not standardize OAuth
usage specially for SOAP is because most people by now realized that SOAP, as
another layer of encapsulation, does not add a lot of value.
Ciao
Hannes
On Mar 19, 2012, at 6:15 AM, Grant Yang wrote:
Thank
Hi guys,
In the above mentioned draft, the example on chapter 1.1 shows a timestamp
as date long, like:
GET /resource/1?b=1a=2 HTTP/1.1
Host: example.com
Authorization: MAC id=h480djs93hd8,
*ts=1336363200*,
nonce=dj83hs9s,
mac=bhCQXTVyfj5cmA9uKkPFx1zeOXM=
In chapter 3.2.1, it states:
using
There's going to be a lot of mixed environments for some time. Particularly an
issue at the boundaries between classic soap services and new restful services.
Phil
On 2012-03-19, at 0:05, Hannes Tschofenig hannes.tschofe...@gmx.net wrote:
Hi Grant,
IMHO the main reason why the OAuth
mixed REST SOAP environments dont necessarily require using OAuth
tokens directly in SOAP headers - you can exchange the token for an
equivalent SAML assertion (for which we already have a profile
stipulating how to use in SOAP headers)
We see alot of this - people leveraging existing SOAP
On 15 March 2012 17:31, Zeltsan, Zachary (Zachary)
zachary.zelt...@alcatel-lucent.com wrote:
... Considering OpenID Connect as a motivating use case for OAuth, SWD is
the one spec that would then be missing for this OAuth use case.
I worry that bringing OpenID Connect into OAuth (rather than
There is not intention to bring the openID Connect work to the OAuth WG.
It like many other protocols rely on OAuth 2.0 but are not part of it.
However if there are some things that we are doing as OAuth 2.0 extensions
that are more general and can be standardized in the IETF, we should
I would support those features of connect that are more general being part of
the general spec family under the WG.
Phil
On 2012-03-19, at 9:31, John Bradley ve7...@ve7jtb.com wrote:
There is not intention to bring the openID Connect work to the OAuth WG.
It like many other protocols rely
JWT and SWD are the highest priority to find a home.
We are doing token introspection and dynamic registration.
Those are larger tasks to generalize, though probably worthwhile.
John B.
On 2012-03-19, at 2:30 PM, Phil Hunt wrote:
I would support those features of connect that are more
Phil is right! I observe the same thing: the frond-end is RESTful; the
back-end is mixed. Personally, I think it would be good for OAuth to be
deployed as wide as possible. (The SAML/OAuth ideas I think are
working the same problem.)
Igor
On 3/19/2012 9:23 AM, Phil Hunt wrote:
There's