Difference between revisions of "Authorization Service"

From MgmtWiki
Jump to: navigation, search
(Created page with "==Full Title or Meme== A service that will give a user an Authorization Code or an Access Token to a protected resource. ==Context== * ==Problems== The more challenging...")
 
(No difference)

Latest revision as of 12:45, 30 December 2018

Full Title or Meme

A service that will give a user an Authorization Code or an Access Token to a protected resource.

Context

Problems

The more challenging problem of Authorizing access to a Subject arriving over the public internet is that the level of Authentication that has been applied to the Subject may be adequate for initial access, but is insufficient for full access to all resources. It is that use case which is considered here.

Solutions

  • Where access needs to be granted over a long period, and the capability to withdraw that access before the Authorization grant expires, additional procedural steps must be implemented. One common method is to issue a refresh token that can be exchanged for a access token at the Authorization Service. In this use case the access can be revoked at the Authorization Service.

References

Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=Authorization_Service&oldid=4677"