oidc-survey - Fwd: Re: [mitreid-connect] token chaining ....
Subject: OIDC Survey Working Group
List archive
- From: Steven Carmody <>
- To:
- Subject: Fwd: Re: [mitreid-connect] token chaining ....
- Date: Thu, 12 Jan 2017 09:58:44 -0500
- Ironport-phdr: 9a23:Ll7otRAt7QgeIk7qRGFhUyQJP3N1i/DPJgcQr6AfoPdwSPX7pMbcNUDSrc9gkEXOFd2CrakV16yN6+u/ACQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9GiTe5br5+Nhu7oRneusQUnIdpN7o8xAbOrnZUYepd2HlmJUiUnxby58ew+IBs/iFNsP8/9MBOTLv3cb0gQbNXEDopPWY15Nb2tRbYVguA+mEcUmQNnRVWBQXO8Qz3UY3wsiv+sep9xTWaMMjrRr06RTiu86FmQwLuhSwaNTA27XvXh9RwgqxGrhKvuR9xzYDab46aNvVxYqzTcMgGRWdCRMtdSzBND42+YoYJEuEPPfxYr474p1YWsBW+GRejBP3xxT9Om3T7w7c10/4kEQHBwQMhH88FvXPPrNXpKqgST/66zK/QwjrfdfxWwzL96I/VfREhuvyDRqhwcc3fyEkpDQ/KkEifqZH8Mj6Ty+8DvW+b7+96WuKujW4qswBxrSazxscikIXJgZgVyl/c+SV8wYY1Oce0R1Bmbt65FpZbqiKUN5NuT888QmxkpCQ3x7gIuZO4ZycG1JEqyhHDZ/CbboeF5w7sWPqMLjp9gX9pZqyziAyq/US91OHxVdO43EtFoydGiNXAqH4A2wLJ5sWGTPZ2412v1iyV1w/J7+FJOUA0mrTfK54m2rMwk4AcsUXHHiPvgUX2kLOaelwr++S29ejoeK/qppCbN49zhQH+NrohltajDuQ/NwgCR2mb+eKi273/5UD1XrRHguE0n6TcvpDXJt8UqrK8DgJazoov9wuwAjK639gEgHYKKVdIdAyZg4fzI13OJer3Dfa7g1SiijdrwPXGM6X6ApXRMHfDjqnufbBl5EFA0gUz19Vf55VJBbABO//8QVXxtNvWDx8/KQC73fvoCMhl2oMERW2PGrOZML/VsVKQ5+IvJfWDZIgQuDb4LPgl4eTijXgjmV8SZKWp2poXZ22kEfh/OEWZfGDsgskfHmYKpQc+SO3qiEaeUT5IeXq+RaM85jcnCI24F4fDQJ6igKCf0CuhAJJZe31GWRiwFiLvdomPHuwRcjyfM+dglDcDUL2mTckmzx79mhX9zu9cMufK9ytQnpv50d959qWHjg0/6zFyOM+UyWSKQ3BclHkPWDlw0axi9x8ugmyf2LR11qQLXedY4OlEB183
Hi,
we were chatting about this sort of functionality on last friday's call ..... interesting
The MITRED OIDC/OAuth2 implementation is a very popular open source implementation. Justin seems to be the primary implementer.
The first rfc says in its abstract:
> This document provides a method for a resource server to present a
> token that it has received from a client back to its authorization
> server for the purposes of receiving a derivative token for use on
> another resource server in order to chain together service requests.
That's what I'm looking for. But, that info rfc is long expired.
The second rfc is authored by the usual set of OAuth2 suspects, including Mike Jones, Tony Nadalin, John Bradley, etc. It re-introduces our old friend the STS from the WS protocols:
> This specification defines a protocol for an HTTP- and JSON- based
> Security Token Service (STS) by defining how to request and obtain
> security tokens from OAuth 2.0 authorization servers, including
> security tokens employing impersonation and delegation.
The second rfc is active, tho.
-------- Forwarded Message --------
Subject: Re: [mitreid-connect] token chaining ....
Date: Tue, 10 Jan 2017 14:03:17 -0500
From: Justin Richer
<>
To: Steven Carmody
<>
CC:
MITREid Connect currently implements this expired draft for token chaining:
https://tools.ietf.org/html/draft-richer-oauth-chain-00
The OAuth Working Group is currently working on something with similar (but much more complicated) functionality:
https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-06
Nothing is published as an RFC yet.
— Justin
On Jan 9, 2017, at 3:18 PM, Steven Carmody
<>
wrote:
Hi,
The MITRED documentation says that it supports token chaining -- but I'm
having trouble finding a current rfc that describes this
protocol/profile .... is there one ? Is there a description of what the
package supports for token chaining, and an example of how to use it ?
thanks !
_______________________________________________
mitreid-connect mailing list
http://mailman.mit.edu/mailman/listinfo/mitreid-connect
- Fwd: Re: [mitreid-connect] token chaining ...., Steven Carmody, 01/12/2017
- Re: Fwd: Re: [mitreid-connect] token chaining ...., David Walker, 01/12/2017
Archive powered by MHonArc 2.6.19.