Re: RAR resources? from Brian Richter on 2021-07-12 (public-credentials@w3.org from July 2021)

From: Brian Richter <brian@aviary.tech>
Date: Mon, 12 Jul 2021 11:09:35 -0700
To: Justin Richer <jricher@mit.edu>
Cc: "W3C Credentials CG (Public List)" <public-credentials@w3.org>
Message-ID: <CAPUZd8upqz=aeTw7m8_y3vuHK8_1+UGX7sX28i_BGgydy-hpDg@mail.gmail.com>

Excellent, thank you Justin I will take a look at those 2.

As soon as I clicked send I also found this PR into keycloak
https://github.com/tnorimat/keycloak/pull/24

Brian

On Mon, Jul 12, 2021 at 11:06 AM Justin Richer <jricher@mit.edu> wrote:

> RAR has been implemented and is available in Authlete (and supporting
> libraries):
>
> https://www.authlete.com/developers/relnotes/2.2.8/
>
> And in Connect2ID (and supporting libraries):
>
> https://connect2id.com/blog/connect2id-server-12
>
> I know there are others out there, too, but these I’ve worked with.
>
> But ultimately I think the “newness” argument is red herring here from a
> spect that is, itself, much newer than RAR, and I would argue more narrowly
> focused as well.
>
> Interoperability would not be hindered by its adoption for one simple
> reason: interoperability (at the same level) will be completely undefined
> without it, as every implementation would need to come up with its own set
> of scopes, RAR types, or other methods to describe access.
>
>  — Justin
>
> On Jul 12, 2021, at 1:50 PM, Brian Richter <brian@aviary.tech> wrote:
>
> Hello list,
>
> As I've been digging into RAR a little bit and trying to see how it might
> fit within the VC-HTTP-API work I have found some great resources speaking
> about what RAR, PAR and JAR are.
>
>    -
>    https://medium.com/oauth-2/rich-oauth-2-0-authorization-requests-87870e263ecb
>    -
>    https://pt.slideshare.net/TorstenLodderstedt/rich-authorization-requests
>    - https://datatracker.ietf.org/doc/html/draft-lodderstedt-oauth-rar
>    - https://youtu.be/g_aVPdwBTfw?t=1240
>
> It seems like these have yet to make it into anything available from Auth0
> or Okta and I have not found anything available on github..
>
> I was wondering if anybody knows of any open source implementations out
> there or are these things simply too new? RAR does instinctively feel like
> a good fit for the work in question however I share the concerns Orie and
> others do regarding including something that nobody has experience with..
>
> Doing so would likely hinder widespread interoperability.
>
> If anybody can speak to some real world implementations I would love to
> hear about it.
>
> Thanks,
> Brian
>
>
>

Received on Monday, 12 July 2021 18:10:59 UTC