You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Jim Willeke (JIRA)" <ji...@apache.org> on 2018/04/09 16:30:00 UTC

[jira] [Commented] (CXF-7274) Improve OAuth2 incremental authorization support

    [ https://issues.apache.org/jira/browse/CXF-7274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16430814#comment-16430814 ] 

Jim Willeke commented on CXF-7274:
----------------------------------

Incremental authorization is a concept within Privacy Enhancing Technologies and Principle of least privilege where as an entity is only granted the privileges required.

There is an Internet Draft [https://tools.ietf.org/id/draft-wdenniss-oauth-incremental-auth-00.html] that might be helpful and Google has support for this: [https://developers.google.com/identity/protocols/OAuth2WebServer#incrementalAuth] 

> Improve OAuth2 incremental authorization support
> ------------------------------------------------
>
>                 Key: CXF-7274
>                 URL: https://issues.apache.org/jira/browse/CXF-7274
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS, JAX-RS Security
>            Reporter: Sergey Beryozkin
>            Priority: Major
>
> It exists in some form already via the 'supportPreauthorizedTokens' property but it may be too limited



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)