W3C home > Mailing lists > Public > public-web-security@w3.org > June 2011

Re: REST-GSS I-D

From: Phil Hunt <phil.hunt@oracle.com>
Date: Wed, 8 Jun 2011 13:32:53 -0700
Cc: public-web-security@w3.org
Message-Id: <A97D0D13-2DF0-47F6-A006-1AE0C03713F9@oracle.com>
To: Nico Williams <nico@cryptonector.com>
Nico,

I've been reading your draft and attended your presentation at W3C. Trying to understand how this compares and/or complements OAuth.

While different (and interesting), it still seems to involve multiple request/response exchanges much like OAuth 2-leg flows.

There also seems to be an implication that the REST endpoint must be relative to the resource being accessed. OAuth's token and authorization end-points can be decoupled allowing for centralization of token services.  OAuth seems to have more flexibility and a broader pattern.

Thoughts?

Phil

@independentid
www.independentid.com
phil.hunt@oracle.com





On 2011-06-06, at 7:03 PM, Nico Williams wrote:

> http://www.ietf.org/id/draft-williams-rest-gss-00.txt
> 
Received on Wednesday, 8 June 2011 21:33:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:26:19 UTC