Add OAuth2 as a potential authorization layer - Githubissues

w3c-ccg / webkms

A mechanism for performing remote cryptographic key operations including key creation, signing, encryption, and decryption.

http://w3c-ccg.github.io/webkms/

Other

10 stars 2 forks source link

Add OAuth2 as a potential authorization layer #7

Open awoie opened 4 years ago

awoie commented 4 years ago

I suggest to support other authorization schemas as well. OAuth2 is still the most prevalent mechanism for web services. OAuth2 support should be added. A similar approach to SDS could be taken.

From the SDS spec:

The system is expected to specify one mandatory authorization scheme, but also allow other alternate authorization schemes. Examples of authorization schemes include OAuth2, Web Access Control, and [ZCAP]s (Authorization Capabilities).

@msporny @dlongley @OR13 can you please clarify whether you intend to support ZCAPs only.

OR13 commented 4 years ago

Its easy to add support for OAuth2, its handled the same way ZCaps are handled... in the http request pre handler (or some similar function depending on the framework).

I think from a spec perspective, we could easily support both, assuming someone contributed the OAuth2 spec material.