Roles and protocol endpoints

91 views
Skip to first unread message

Jan Algermissen

unread,
Nov 27, 2012, 4:08:32 AM11/27/12
to oz-pr...@googlegroups.com
Eran,

can you list the roles and protocol endpoints that form the basis of OZ? That would help (at least me).

Jan

Eran Hammer

unread,
Nov 29, 2012, 3:06:58 AM11/29/12
to Jan Algermissen, oz-pr...@googlegroups.com

The roles are simple:

 

Application is the client, the role making API calls.

User is the resource owner, the role granting access.

Server or Service provider is the API host.

 

Right now I have sketched three endpoints but this list is clearly incomplete and will evolve/change in the next few weeks:

 

/app – use Basic auth over TLS to exchange app credentials for app ticket. Mobile apps will not have a password, but looking for other ways to improve their authentication (though not guarantee it as that is not possible).

 

/rsvp – there is still no endpoint to obtain an rsvp (a token representing user approval), but this endpoint will take an rsvp and return a ticket scoped for the same access approved.

 

/reissue – send a ticket, get back a new ticket with same scope. Optional parameter to reissue for another app (if allowed).

 

EH

--
 
 

Reply all
Reply to author
Forward
0 new messages