Concept of a "service" supported by a set of RSs #238
Comments
|
RS discovery seems like an overkill for what is fundamentally an internal detail of the RS. That use case is better managed via tokens that allow delegation (and also enable a better tracking that the second order delegation has been processed by the RS). That's one of the microservice implementations we've been discussing previously. |
|
The first text clearly mentions that the notion of a service is able to support two mechanisms instead of one.
The first case could indeed be supported by asking a new access token, but the merits of this proposal Furthermore, this proposal avoids to consider RSs as clients from the point of view of the AS. Don't forget that if the access token only contains some kinds of attributes, the AS can be kept ignorant of the identity of the RS. |
|
The described process is already possible within GNAP (section 2.1), and the GNAP-RS extension created by #246 goes into greater depth on requesting resources and deriving tokens for internal requests as needed. |
jricher
added
the
Pending Close
|
This issue has been marked "Pending Close", however its content is important. The mechanism described in section 2.1 is rather different and much more complex than supporting the concept of The two mechanisms can co-exist. |
jricher
removed
the
Pending Close
At the moment an access token is intended to be presented to one server, i.e. a RS.
There are cases where a Service (SRV) is supported by a set of RSs, e.g. a printing service or a storage service.
If an access token includes the name of a service (in addition to an identifier of a RS), either :
This avoids the RS or the client to ask for a new access token.
The implication is as follows: every RS should be able to advertise the name of the service(s), it belongs to.
This can be done using a RS discovery operation.
The text was updated successfully, but these errors were encountered: