Re: [OAUTH-WG] Token Exchange Implementations
Bill Burke <bburke@redhat.com> Mon, 27 November 2017 17:18 UTC
Return-Path: <bburke@redhat.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7820D128BBB for <oauth@ietfa.amsl.com>; Mon, 27 Nov 2017 09:18:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xvpyl6BIZnxi for <oauth@ietfa.amsl.com>; Mon, 27 Nov 2017 09:18:07 -0800 (PST)
Received: from mail-ua0-f182.google.com (mail-ua0-f182.google.com [209.85.217.182]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79A2112895E for <oauth@ietf.org>; Mon, 27 Nov 2017 09:18:07 -0800 (PST)
Received: by mail-ua0-f182.google.com with SMTP id l25so19538159uag.8 for <oauth@ietf.org>; Mon, 27 Nov 2017 09:18:07 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=tK9Xff/z166fSWd3YgTnlASuebzDNkt12UWCj3qJ2cc=; b=hNjO5S0CHjl2BlBsW2OYZ1EVmYHVFaEabCdM2cBnn3ItXcAxeocQteMxv6XseCMEq/ sMQRCeLUYgJDxEj+OmTKVnBBrkgWfZlwyv+4bRSkMygv3L6HTXdb7X0jOlZVRaewdEij yO0yX4MgAJHXCYB1IcjipFUircfDxzbo3/k5NtbNpThcvRXMYGtT3xtqel7dgUY/C3zm hdUyRaIhNOSLPB2crg65/xpPuUpMs85z59LwYpoyUne0nNxFzq1+uRcXVZ3juFVn2mM3 h28WTvWGKw9mSG8fLveWi2FJ39krblYQC+eulF5gExlxYY0t6FkVP/4uv9GNnr8R+qUE M94g==
X-Gm-Message-State: AJaThX4UD0MYL0aALMilwBZDWzUBBA1R6LtXA8h8f1xGc6YFF0NJ2rmg 4cKJrAAJ/S5S6GAGa5f5Ys/Yg+6eMEVqSsePGfnJsQ==
X-Google-Smtp-Source: AGs4zMZxC+OC0uYeV1CZcmA9O88Oe0z++YHLcwCaG276uCewEIVPIuVVDZ6+ITU7c+OWE3QwiB9XF+bclENWTGVKjRI=
X-Received: by 10.176.90.216 with SMTP id x24mr24571773uae.179.1511803086506; Mon, 27 Nov 2017 09:18:06 -0800 (PST)
MIME-Version: 1.0
Received: by 10.103.68.86 with HTTP; Mon, 27 Nov 2017 09:18:06 -0800 (PST)
In-Reply-To: <CAGL6epJhm=iue0A3X4ayFhe-_x1cKUWmyKwYWUN3te+PNrAb_Q@mail.gmail.com>
References: <CAGL6epJhm=iue0A3X4ayFhe-_x1cKUWmyKwYWUN3te+PNrAb_Q@mail.gmail.com>
From: Bill Burke <bburke@redhat.com>
Date: Mon, 27 Nov 2017 12:18:06 -0500
Message-ID: <CABRXCmx09XCfkX48BNYVFD55AfjEqfqKcPHH9-rK-TA6XY7uyA@mail.gmail.com>
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Cc: oauth <oauth@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Oo9OdgtkMagLQ8AEqKpd_mQ5Evo>
Subject: Re: [OAUTH-WG] Token Exchange Implementations
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Nov 2017 17:18:09 -0000
Red Hat has a partial implementation of this within the Keycloak project: http://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange Been meaning to discuss this with this list as we added extensions to better support external token exchange, specifically "subject_issuer" and "requested_issuer" parameters. We also did not add support for actor tokens as we have not yet gotten requests for this level of complexity. On Thu, Nov 23, 2017 at 11:17 AM, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> wrote: > All, > > As part of the write-up for the Token Exchange document, we are looking for > information about implementation for this document. > > We are aware of 3 implementations for this document by: Salesforce, > Microsoft, and Box. > > Are people aware of any other implementation? > > Regards, > Rifaat > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Bill Burke Red Hat
- [OAUTH-WG] Token Exchange Implementations Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Token Exchange Implementations Brian Campbell
- Re: [OAUTH-WG] Token Exchange Implementations Bill Burke