[Idel-wg] Mike Jones: Working Group Draft for OAuth 2.0 Act-As and On-Behalf-Of
jens.jensen at stfc.ac.uk
jens.jensen at stfc.ac.uk
Mon Aug 25 14:04:17 EDT 2014
Yes, if we can get the activity (re)started by OGF42, that'd be great. As I remember WS-Trust, the advantage was you could build stuff like WS-Federation and support for SOAP, so a different use case from OAuth2. Also, OAuth does have some, er, features which can be troublesome in certain environments.
See you in London, I hope.
Cheers
--jens
________________________________________
From: Sill, Alan [alan.sill at ttu.edu]
Sent: 25 August 2014 18:47
To: Paul Millar
Cc: idel-wg at ogf.org; Sill, Alan
Subject: Re: [Idel-wg] Mike Jones: Working Group Draft for OAuth 2.0 Act-As and On-Behalf-Of
Thanks, Paul. It was just for information.
Separately but along similar lines, there is a document in the pipeline for more than a year now that Jim basney wrote and submitted for comments from this group that could use some action:
ttp://redmine.ogf.org/dmsf_files/13113
- Word version
http://goo.gl/VnMKXS
- public Google Doc version
http://goo.gl/T6VOty - editable Google Doc (contact Jim for edit access)
You were the only person to reply back then - http://www.ogf.org/pipermail/idel-wg/2013-September/000012.html - but I have seen no activity on this since then, and Jim brought this up at the BoF on Identity Management Technologies that we held during the OGF 41 sessions at XSEDE 2014 in July.
Can we get a little more activity on reading, reviewing and discussing the various use cases and Jim’s draft?
Separately even from this, you may have noticed that OGF Redmine supports old-style OpenID logins via a variety of social media, and we would like to develop some more sophisticated capabilities soon too, or example the ability ti integrate or at least synchronize our repositories with GitHub via OpenID Connect, for example. So we are more than just interested bystanders and working group hosts on this issue.
In any case, please do read the able links and be prepared to participate in or forward your thoughts for discussion on the email lists and/or at OGF 43 in London.
Thanks,
Alan
On Aug 25, 2014, at 8:49 AM, Paul Millar <paul.millar at desy.de> wrote:
> Hi Alan,
>
> On 25/08/14 07:13, Sill, Alan wrote:
>> Thought you would be interested in the following link, from the blog
>> of Mike Jones of Microsoft.
>>
>> Topic: There's now an OAuth working group draft of the OAuth 2.0
>> Token Exchange specification, which provides Act-As and On-Behalf-Of
>> functionality for OAuth 2.0. This functionality is deliberately
>> modelled on the same functionality present in WS-Trust.
>
> Interesting, although (to me) a little odd: OAuth is already about delegation, so providing a delegation framework within a delegation framework seems redundant.
>
> Another odd point is that the RP needs to know (a priori) the identity it wishes which, in general, it doesn't (c.f. OpenID Connect).
>
> So, the use-case seems to be RP needs a credential (X.509, Kerberos, ...) to communicate with some server that doesn't support OAuth but trusts the server issuing the credential --- perhaps for legacy services or ones that don't provide a web front-end?
>
> Anyhow, thanks for the pointer.
>
> Cheers,
>
> Paul.
> _______________________________________________
> Idel-wg mailing list
> Idel-wg at ogf.org
> https://www.ogf.org/mailman/listinfo/idel-wg
_______________________________________________
Idel-wg mailing list
Idel-wg at ogf.org
https://www.ogf.org/mailman/listinfo/idel-wg
--
Scanned by iCritical.
More information about the Idel-wg
mailing list