Adding authorization requirements to metadata

openid / sharedsignals

OpenID Shared Signals Working Group Repository

45 stars 11 forks source link

Adding authorization requirements to metadata #5

Open timcappalli opened 2 years ago

timcappalli commented 2 years ago

Should we add an authorization object to the transmitter metadata to describe things like token type, scopes, etc that are required?

FragLegs commented 2 years ago

Is the goal of this metadata to enable headless use of the SSE framework? As it currently stands, there is some out-of-band agreement between the transmitter and receiver that communicates:

the bearer token
the audience claim

Are we trying to replace that external agreement so so that anyone can sign up and be a receiver? If so, how would that work?

timcappalli commented 1 year ago

on 2023-03-21: defer for later discussion, old topic but may still be revelant