28 May
2017
28 May
'17
6:18 p.m.
permission ticket - "A correlation handle, initially passed to the client by the resource server and subsequently exchanged during the authorization process between the client AND AUTHORIZATION SERVER." [emphasis added]
What about something like: "A correlation handle, created by the AS in response to a resource registration request or interactive claims gathering process, that is subsequently exchanged for an RPT token." I think this is more generic because you could get back a rotated permission ticket during interactive claims gathering. Also, the fact that the AS both generates the ticket, and issues the RPT gives more meaning to the "correlation". The RS is just passing it along. - Mike