Grant Management and Incremental Authorization
Issue #316
resolved
Some purposes of "Grant Management for OAuth 2.0" are similar to ones of "OAuth 2.0 Incremental Authorization". How are the two specifications related? Is "Grant Management for OAuth 2.0" trying to replace "OAuth 2.0 Incremental Authorization" or become complementary to each other?
Comments (5)
-
-
no changes on the draft-ietf-oauth-incremental-authz spec. I suggest to move forward with out spec and close this ticket.
@Takahiko Kawasaki ok with you?
-
@Takahiko Kawasaki we are planning to close this one tomorrow in the FAPI call. Let us know if there are any objections.
-
- changed status to resolved
Question answered
-
Question answered
- Log in to comment
Very good question!
Grant management is a super set of draft-ietf-oauth-incremental-authz. We discussed to build grant management as extension of draft-ietf-oauth-incremental-authz but realized the parameter include_granted_scopes does not force the AS to include the already scopes (update). The text states “the authorization server SHOULD include previously granted scopes“, which means the client cannot determine whether the parameter will be put into effect or not. We discussed this with the editor of draft-ietf-oauth-incremental-authz (William Dennis). He agreed regarding the interpretation of the spec language and promised to consider to make it a MUST. We are still waiting for conformation/change of draft.