Issues
- 3
RS persistent identity
#18 opened by yaronf - 0
Define errors for the RS-facing API
#81 opened by jricher - 0
Fix IANA Registry Instructions
#82 opened by jricher - 14
RS Revoking access token
#52 opened by jricher - 16
AS-RO policy delegation
#25 opened by fimbault - 5
What do we mean by AS discovery?
#17 opened by yaronf - 3
Indication of token introspection for a resource
#63 opened by yaronf - 20
Human rights considerations
#54 opened by fimbault - 0
RS-specific access tokens
#79 opened by yaronf - 1
More precision in Abstract
#12 opened by yaronf - 0
Introspection: security considerations
#62 opened by yaronf - 2
How does token introspection handle symmetric keys?
#47 opened by pq2 - 0
Security Considerations for Access Tokens
#45 opened by jricher - 11
RS validation of access token
#56 opened by cwaldm - 0
Optionality of fields in discovery response
#60 opened by yaronf - 0
Clarify semantics of "access" element
#61 opened by yaronf - 1
In section 3.4, "token_format_required" should be changed into"token_formats_supported"
#41 opened by Denisthemalice - 4
- 0
Downstream token security check
#64 opened by yaronf - 0
IANA Considerations
#21 opened by yaronf - 4
References to existing AT formats
#16 opened by yaronf - 1
Insufficient description of two fields from RS-facing AS Discovery (editorial)
#40 opened by Denisthemalice - 0
Accessing a secondary RS from a primary RS
#42 opened by Denisthemalice - 0
About end-users and client instance keys
#46 opened by Denisthemalice - 0
GNAP versus GNAF: do the current drafts describe a protocol or a framework ?
#51 opened by Denisthemalice - 1
.well-known - IANA
#59 opened by yaronf - 1
- 6
Propose an access token model
#15 opened by yaronf - 1
RS Token derivation
#23 opened by jricher - 2
- 1
“RS-Facing API” versus “AS-Facing API”
#39 opened by Denisthemalice - 3
- 0
Ref in Terminology
#14 opened by yaronf - 0
A section describing the structure of the list of token formats is currently missing
#29 opened by Denisthemalice - 3
Token Introspection security check
#20 opened by yaronf - 1
Token Introspection API: level of detail
#19 opened by yaronf - 3
Token Introspection
#24 opened by jricher - 0
RS-registered resource reference handle arity
#22 opened by jricher - 2
The privacy drawbacks when implementing an introspection service should be mentioned
#5 opened by Denisthemalice - 4
The access token verifications to be perfomed by the RS should be described
#30 opened by Denisthemalice - 1
- 1
Access Token Formats Negotiation
#27 opened by Denisthemalice - 6
- 1
Description of discovery mechanism in Intro
#13 opened by yaronf - 2
Capabilities only (i.e. actions) are supported. ACLs (i.e. attributes associated with a subject) should also be supported
#9 opened by Denisthemalice - 3
A model where the AS and the RS do not need to establish a prior relation relationship should be able to co-exist
#8 opened by Denisthemalice - 3
The text should say when the RS SHALL respond to the client with an authentication header indicating an error
#6 opened by Denisthemalice - 1
Section 2.3.4 should be normative
#10 opened by Denisthemalice - 1
Calls from a RS to an AS are optional
#4 opened by Denisthemalice