-
Notifications
You must be signed in to change notification settings - Fork 0
Resource Discovery
As a Client, I need the End-User to provide me with qualified claims, but I do not know the End-User's Resource Server (and maybe I don't need to know).
For example: The Client needs to know if the End-User is qualified to drive a transport truck. The Client does not know what RS to contact on behalf of the End-User (the End-User and AS know that)
The Client directs the End-User to the AS to provide their qualification to drive a transport truck. The AS authenticates the End-User and the End-User authorizes the AS to share her driving qualifications. The AS returns to the Client an access token and the RS endpoint to access to get the End-User's qualifications. Turns out it is the Ministry of Transportation in Fiji...
(end example)
There are many next steps possible outside the scope of the protocol at this point;
- The Client may have their own 'accepted' list of RS they are willing to deal with;
- The Client may perform a discovery/registration with the RS
- The RS may have a 'accepted' list of Clients they deal with
- The endpoint may be a trusted proxy to other RS servers and so on.
Admittedly this is very similar to OIDC Aggregated claims in some respects.