Re: [OAUTH-WG] resource server id needed?

Marius Scurtescu <mscurtescu@google.com> Thu, 15 July 2010 18:15 UTC

DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:from:date:message-id: subject:to:cc:content-type:x-system-of-record; b=oSqOHTfS9KagCa/62WmlIFs8Zd/yMEKwEfLBR36OxOqRlZiyeI+6ZQdSQnKXv1/en UijNSkYXbQTQfhU4FBlzA==
MIME-Version: 1.0
In-Reply-To: <4C3F3F6A.5000409@lodderstedt.net>
References: <C8645B85.372D8%eran@hueniverse.com> <4C3F3F6A.5000409@lodderstedt.net>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Thu, 15 Jul 2010 11:14:55 -0700
Message-ID: <AANLkTinIjg7MIBmEIUzV9_Uo3MDb0nXvYXJcXNeLTUCe@mail.gmail.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] resource server id needed?
Precedence: list

On Thu, Jul 15, 2010 at 10:03 AM, Torsten Lodderstedt
<torsten@lodderstedt.net> wrote:
> As I have written in my reply to Marius's posting. I'm fine with including
> server ids in scopes. But this requires a definition of the scope's syntax
> and semantics in the spec. Otherwise, scope interpretation (and server
> identification) will be deployment specific.

Sure, it is deployment specific, but why is that an issue?

In your case, the authz server and all the resource servers are
managed by the same organization, right?

Do clients need to be aware of the actual resource server?

You can probably create a separate spec that defines scope syntax for
this purpose, if really needed. Does it have to be in core?

Marius

[OAUTH-WG] resource server id needed? Torsten Lodderstedt
Re: [OAUTH-WG] resource server id needed? Marius Scurtescu
Re: [OAUTH-WG] resource server id needed? Eran Hammer-Lahav
Re: [OAUTH-WG] resource server id needed? Torsten Lodderstedt
Re: [OAUTH-WG] resource server id needed? Ivan Pulleyn
Re: [OAUTH-WG] resource server id needed? Luke Shepard
Re: [OAUTH-WG] resource server id needed? William Mills
Re: [OAUTH-WG] resource server id needed? William Mills
Re: [OAUTH-WG] resource server id needed? Torsten Lodderstedt
Re: [OAUTH-WG] resource server id needed? Eran Hammer-Lahav
Re: [OAUTH-WG] resource server id needed? Torsten Lodderstedt
Re: [OAUTH-WG] resource server id needed? Ivan Pulleyn
Re: [OAUTH-WG] resource server id needed? Marius Scurtescu
Re: [OAUTH-WG] resource server id needed? Torsten Lodderstedt
Re: [OAUTH-WG] resource server id needed? Wolfgang.Steigerwald
Re: [OAUTH-WG] resource server id needed? Brian Eaton
Re: [OAUTH-WG] resource server id needed? Torsten Lodderstedt
Re: [OAUTH-WG] resource server id needed? Brian Eaton
Re: [OAUTH-WG] resource server id needed? Torsten Lodderstedt
Re: [OAUTH-WG] resource server id needed? Torsten Lodderstedt
Re: [OAUTH-WG] resource server id needed? David Recordon
Re: [OAUTH-WG] resource server id needed? Andrew Arnott
Re: [OAUTH-WG] resource server id needed? Torsten Lodderstedt
Re: [OAUTH-WG] resource server id needed? Eve Maler
Re: [OAUTH-WG] resource server id needed? Torsten Lodderstedt
Re: [OAUTH-WG] resource server id needed? Eve Maler
Re: [OAUTH-WG] resource server id needed? Torsten Lodderstedt
Re: [OAUTH-WG] resource server id needed? Eve Maler