Hi all,

Eve sent me an email off-list last night asking "Are we going to be sorry we don't have a named object for a single permission?" With clarification this morning, it turns out she was talking about the token introspection endpoint :)

You'll remember the response currently looks like:

{  
   "active":true,
   "exp":1256953732,
   "iat":1256912345,
   "permissions":[  
      {  
         "resource_id":"112210f47de98100",
         "resource_scopes":[  
            "view",
            "http://photoz.example.com/dev/actions/print"
         ],
         "exp":1256953732
      }
   ]
}

With a bit more discussion, the only thing I could see as potentially useful was to have permissions as an object (instead of array), and use the resource_id as the key in the object. To do this, we'd have to then make its value an array so that if you have multiple different scopes with different expiry times, they could be expressed effectively, so:

{  
   "active":true,
   "exp":1256953732,
   "iat":1256912345,
   "permissions":{  
      "112210f47de98100":[
         {
           "resource_scopes":[  
              "view",
              "http://photoz.example.com/dev/actions/print"
           ],
           "exp":1256953732
         },
         {
           "resource_scopes":[
             "edit"
           ],
           "exp":1256953750
         }
      ]
   }
}

I'm by no means convinced that this is very much more useful than the current version, and is thoroughly backwards-incompatible, but the object structure could be useful if RPT permission arrays were to get very big. 

Thoughts?

Cheers

James

_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma