[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Observations while updating CBS
Just wanted to share two thoughts as I’m updating the CBS spec: First, since “node” and “name” are no longer a thing in the token cache and the spec will indeed be completely silent about how the tokens relate to anything inside the container, we’re gaining a beautiful new capability: Tokens governing
access to features. “Most often, tokens will be scoped to the entirety of the container or to individual nodes, but a token can also be scoped to a particular
feature. This mechanism would, for instance, enable for authorization tokens to be issued and applied that unlock access to a particular feature for the partner.” Second, with the HTTP over AMQP mapping, we’re unlocking access to all the stuff defined with a hard dependency on HTTP: [Describing the new illustration] “Step (1) MAY be using the OpenID Connect 1.0 [OpenID] authentication protocol. Step (2) MAY be using the OAuth 2.0 [RFC6749] authorization framework and protocol. Either interaction
MAY be performed over the HTTP over AMQP [AMQPHTTP] mapping if available for the given servers. “
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]