Hi Jim, Thanks for the contributions. On 13/09/13 16:53, Basney, Jim wrote:
Hi IDEL WG,
Sorry I'll miss the Tuesday morning WG meeting, though I plan to remotely join the FedSec meeting later in the day if possible. In prior IDEL WG meetings I promised a draft spec on OAuth2 certificate delegation in MyProxy. I invite your comments on our v0.1 draft:
http://redmine.ogf.org/dmsf_files/13113 - Word version http://goo.gl/VnMKXS - public Google Doc version http://goo.gl/T6VOty - editable Google Doc (contact me for edit access)
It uses the OpenID Connect UserInfo endpoint to deliver information about the certificate subject and defines a GetCert endpoint for obtaining the certificate, using the OAuth authorization code flow supporting refresh tokens.
It's a work in progress. We haven't released any code that implements it yet. Ideally it can be generalized to not be so MyProxy-focused. I think others are already doing something similar, so I'm curious to learn how it compares to other approaches.
I'm actually in the process of putting together a MyProxy-OAuth implementation. It's early days (esp. as I'm being distracted with talks at conferences and the like). I'll be pouring over the documents as a very interested party. Cheers, Paul.