Okay. I will capture this in a GitHub issue. I made a branch for edits that start to take care of all these "public comment period" era issues that are editorial and seem uncontroversial. *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl On Tue, Jul 11, 2017 at 4:53 AM, Justin Richer <jricher@mit.edu> wrote:
This is a good point, might as well spell it out.
--Justin
*Sent from my phone*
-------- Original message -------- From: James Phillpotts <james.phillpotts@forgerock.com> Date: 7/11/17 3:57 AM (GMT-05:00) To: Eve Maler <eve@xmlgrrl.com> Cc: "wg-uma@kantarainitiative.org UMA" <wg-uma@kantarainitiative.org> Subject: Re: [WG-UMA] Minor comment
Only in that in UMA 1.0 the token type hint was *not* access_token.
J.
On 11 July 2017 at 02:14, Eve Maler <eve@xmlgrrl.com> wrote:
Since both PATs and RPTs are already formally defined, and function, as OAuth access tokens, I wonder if it's necessary to spell this requirement out. (The protection API is just about introspecting the RPT.)
Eve Maler (sent from my iPad) | cell +1 425 345 6756 <(425)%20345-6756>
On Jul 10, 2017, at 6:44 AM, James Phillpotts < james.phillpotts@forgerock.com> wrote:
Hi all,
In https://docs.kantarainitiative.org/uma/wg/oauth-uma- federated-authz-2.0-05.html#token-introspection given we just talk about RPTs and PATs, should we specify that the token_type_hint (if used) should be set to access_token?
ref: https://tools.ietf.org/html/rfc7662#section-2.1 and https://tools.ietf.org/html/rfc7009#section-4.1.2.2
Cheers James
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/wg-uma