[Idel-wg] Mike Jones: Working Group Draft for OAuth 2.0 Act-As and On-Behalf-Of
Paul Millar
paul.millar at desy.de
Mon Aug 25 09:49:56 EDT 2014
Hi Alan,
On 25/08/14 07:13, Sill, Alan wrote:
> Thought you would be interested in the following link, from the blog
> of Mike Jones of Microsoft.
>
> Topic: There's now an OAuth working group draft of the OAuth 2.0
> Token Exchange specification, which provides Act-As and On-Behalf-Of
> functionality for OAuth 2.0. This functionality is deliberately
> modelled on the same functionality present in WS-Trust.
Interesting, although (to me) a little odd: OAuth is already about
delegation, so providing a delegation framework within a delegation
framework seems redundant.
Another odd point is that the RP needs to know (a priori) the identity
it wishes which, in general, it doesn't (c.f. OpenID Connect).
So, the use-case seems to be RP needs a credential (X.509, Kerberos,
...) to communicate with some server that doesn't support OAuth but
trusts the server issuing the credential --- perhaps for legacy services
or ones that don't provide a web front-end?
Anyhow, thanks for the pointer.
Cheers,
Paul.
More information about the Idel-wg
mailing list