[Openid-specs-authzen] OAuth Authorization Patterns draft
Omri Gazitt
omri at aserto.com
Tue Dec 19 00:41:42 UTC 2023
Thanks Rifaat... I added some of my comments. I may have misunderstood the
purpose of the document, I took it to be a description of the authorization
patterns we'd like to support / promote. If that's the intent, I feel like
the current description is very OAuth / token-centric. Most of the
implementations of authorization systems in the wild treat the
authentication ceremony as upstream / out-of-scope, and assume the result
of the authN ceremony is a signed access token that can be used to identify
the subject.
The "AS" in OAuth2 is functionally a different component from the
authorizer in externalized authorization architectures (at least the ones I
know of).
If we want to describe the state of the world more accurately, I think we
would make this clear in the document and its various scenarios.
On Mon, Dec 18, 2023 at 1:13 PM Rifaat Shekh-Yusef via Openid-specs-authzen
<openid-specs-authzen at lists.openid.net> wrote:
> Resending the email, after it bounced back initially.
>
>
> On Mon, Dec 18, 2023 at 3:15 PM Rifaat Shekh-Yusef <
> rifaat.s.ietf at gmail.com> wrote:
>
>> All,
>>
>> Eve and I have started working on the following document that describes
>> the OAuth Authorization Patterns and various aspects of these patterns.
>> OAuth Authorization Patterns - Google Docs
>> <https://docs.google.com/document/d/1UtkBdabXhNvps-29lhfldwGxMkv8OSwSE2zbAidEH_g/edit>
>>
>> This is still a work in progress document, but we would like to share it
>> with the WG and maybe discuss it tomorrow during our weekly meeting.
>>
>> Please, take a look and let us know what you think. Feel free to add
>> comments to the document.
>>
>> Regards,
>> Rifaat
>>
>> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20231218/633acd9e/attachment.html>
More information about the Openid-specs-authzen
mailing list