Grant Management and Incremental Authorization

Issue #316 resolved
Takahiko Kawasaki created an issue

Some purposes of "Grant Management for OAuth 2.0" are similar to ones of "OAuth 2.0 Incremental Authorization". How are the two specifications related? Is "Grant Management for OAuth 2.0" trying to replace "OAuth 2.0 Incremental Authorization" or become complementary to each other?

Comments (5)

  1. Torsten Lodderstedt

    Very good question!

    Grant management is a super set of draft-ietf-oauth-incremental-authz. We discussed to build grant management as extension of draft-ietf-oauth-incremental-authz but realized the parameter include_granted_scopes does not force the AS to include the already scopes (update). The text states “the authorization server SHOULD include previously granted scopes“, which means the client cannot determine whether the parameter will be put into effect or not. We discussed this with the editor of draft-ietf-oauth-incremental-authz (William Dennis). He agreed regarding the interpretation of the spec language and promised to consider to make it a MUST. We are still waiting for conformation/change of draft.

  2. Torsten Lodderstedt

    no changes on the draft-ietf-oauth-incremental-authz spec. I suggest to move forward with out spec and close this ticket.

    @Takahiko Kawasaki ok with you?

  3. Dima Postnikov

    @Takahiko Kawasaki we are planning to close this one tomorrow in the FAPI call. Let us know if there are any objections.

  4. Log in to comment