Scalability and prior relationships between ASs and RSs #240
Comments
|
Not sure what's your point here. |
|
The text should clarify that two broad types of approaches are supported:
Note 1: In the case where an AS and a RS have no prior relationship, on-line means to negotiate the access token format Note 2: In the case where where an AS and a RS have established a prior relationship, they may have agreed In addition, if rights may be included into access tokens issued by an AS for a RS, the RS must nominate (using out of bands means) |
|
GNAP core is agnostic to how the AS and RS establish their relationship. The GNAP-RS extension created by #246 describes some mechanisms by which this relationship can be established dynamically if desired. |
jricher
added
the
Pending Close
|
This issue has been marked "Pending Close", however its content is important. @jricher . You wrote:
This is not the topic of this thread. As an example, OAuth is mandating the AS and the RS to have a prior relationship. Token format negotiation is not needed when the AS and the RS have a prior relationship, but may be needed/useful Some text should be inserted into the current draft to capture this important difference. |
jricher
removed
the
Pending Close
In OAuth: The token format is defined between a RS and an AS using out of bands means, hence a prior relationship must exist between every RS and every AS. This is not scalable.
In GNAP: A RS MUST trust access tokens delivered by some AS(s) for some kind of privileges present in these access tokens.
Note: Trust relationships are only unilateral.
In general, ASs do not need to have a prior knowledge of RSs, nor trust relationships with RSs.
This allows the model to be scalable over the Internet
However, in the case where an AS delivers capabilities (i.e. rights) on some objects on behalf of a RO,
that AS needs to have a trust relationship with that RO.
The text was updated successfully, but these errors were encountered: