Hi IDEL WG,
Sorry I'll miss the Tuesday morning WG meeting, though I plan to remotely
join the FedSec meeting later in the day if possible. In prior IDEL WG
meetings I promised a draft spec on OAuth2 certificate delegation in
MyProxy. I invite your comments on our v0.1 draft:
http://redmine.ogf.org/dmsf_files/13113 - Word version
http://goo.gl/VnMKXS - public Google Doc version
http://goo.gl/T6VOty - editable Google Doc (contact me for edit access)
It uses the OpenID Connect UserInfo endpoint to deliver information about
the certificate subject and defines a GetCert endpoint for obtaining the
certificate, using the OAuth authorization code flow supporting refresh
tokens.
It's a work in progress. We haven't released any code that implements it
yet. Ideally it can be generalized to not be so MyProxy-focused. I think
others are already doing something similar, so I'm curious to learn how it
compares to other approaches.
Thanks,
Jim
