Thanks, Justin. Interesting. It's trying to do AS discovery for (it seems) jurisdictional and load-balancing use cases. It proposes direct token endpoint discovery in the same response vs. using the OAuth discovery doc. Because it involves a tokenless resource request, I wonder if the RS may have the challenge of figuring out which AS to point to in some cases.


Eve Maler
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl


On Wed, Nov 15, 2017 at 12:31 AM, Justin Richer <jricher@mit.edu> wrote:
Dick Hardt is proposing a Distributed OAuth system:

https://tools.ietf.org/html/draft-hardt-oauth-distributed

I've brought up that this is potentially related to UMA 2.0's solution space, and Dick has stated that he believes that they're solving a subset of UMA's problem space, and therefore don't need a lot of the functions and structure in UMA. Something to look into for people in this group, and perhaps even engage on the IETF side.

-- Justin


_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-uma