[Idel-wg] OAuth2 certificate delegation
Paul Millar
paul.millar at desy.de
Mon Sep 16 16:14:56 EDT 2013
Hi Jim,
Thanks for the contributions.
On 13/09/13 16:53, Basney, Jim wrote:
> Hi IDEL WG,
>
> Sorry I'll miss the Tuesday morning WG meeting, though I plan to remotely
> join the FedSec meeting later in the day if possible. In prior IDEL WG
> meetings I promised a draft spec on OAuth2 certificate delegation in
> MyProxy. I invite your comments on our v0.1 draft:
>
> http://redmine.ogf.org/dmsf_files/13113 - Word version
> http://goo.gl/VnMKXS - public Google Doc version
> http://goo.gl/T6VOty - editable Google Doc (contact me for edit access)
>
> It uses the OpenID Connect UserInfo endpoint to deliver information about
> the certificate subject and defines a GetCert endpoint for obtaining the
> certificate, using the OAuth authorization code flow supporting refresh
> tokens.
>
> It's a work in progress. We haven't released any code that implements it
> yet. Ideally it can be generalized to not be so MyProxy-focused. I think
> others are already doing something similar, so I'm curious to learn how it
> compares to other approaches.
I'm actually in the process of putting together a MyProxy-OAuth
implementation. It's early days (esp. as I'm being distracted with
talks at conferences and the like).
I'll be pouring over the documents as a very interested party.
Cheers,
Paul.
More information about the Idel-wg
mailing list