Difference between revisions of "Purpose for Access Request"
From MgmtWiki
(→Current Standard Request Messages) |
(→Current Standard Request Messages) |
||
Line 20: | Line 20: | ||
These are all call [[Authorization]] Requests rather than Access Requests, which is the typical current transaction type. | These are all call [[Authorization]] Requests rather than Access Requests, which is the typical current transaction type. | ||
===JAR=== | ===JAR=== | ||
− | [https://datatracker.ietf.org/doc/html/rfc9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request] IETF RFC 9102(2021-08-21 | + | [https://datatracker.ietf.org/doc/html/rfc9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request] IETF RFC 9102(2021-08-21] <blockquote></blockquote> |
===PAR=== | ===PAR=== | ||
− | [https://datatracker.ietf.org/doc/html/rfc9126 OAuth 2.0 Pushed Authorization Requests] 2021-09 IETF RFC 9126 | + | [https://datatracker.ietf.org/doc/html/rfc9126 OAuth 2.0 Pushed Authorization Requests] 2021-09 IETF RFC 9126<blockquote>This document defines the pushed authorization request (PAR) endpoint, which allows clients to push the payload of an OAuth 2.0 authorization request to the authorization server via a direct request and provides them with a request URI that is used as reference to the data in a subsequent call to the authorization endpoint.</blockquote> |
===RAR=== | ===RAR=== | ||
− | [https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-12 OAuth 2.0 Rich Authorization Requests] draft-ietf-oauth-rar-12 2022-05-05 | + | [https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-12 OAuth 2.0 Rich Authorization Requests] draft-ietf-oauth-rar-12 2022-05-05<blockquote></blockquote> |
==References== | ==References== | ||
[[Category: Consent]] | [[Category: Consent]] |
Revision as of 16:12, 14 July 2022
Contents
Full Title
This is a discussion of the purpose for which a Relying Party or Verifier is requesting User Private Information.
Context
The goal of this discussion is the creation of a display to the holder of a request for some details needed to create a transaction between the holder and the Verifier.
- The request must reflect:
- The sort of transaction for which data is required.
- Any information required to complete the transaction and whether it is to be retained by the verifier.
- Any optional information that the verifier wishes that is not required by the immediate transaction.
- It is the responsibility of the User Agent to:
- Display the information to the holder in a language that the user can understand.
- Input the holder's response
Taxonomy
- Holder
- User Agent
- Verifier
Current Standard Request Messages
These are all call Authorization Requests rather than Access Requests, which is the typical current transaction type.
JAR
The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request IETF RFC 9102(2021-08-21]PAR
OAuth 2.0 Pushed Authorization Requests 2021-09 IETF RFC 9126This document defines the pushed authorization request (PAR) endpoint, which allows clients to push the payload of an OAuth 2.0 authorization request to the authorization server via a direct request and provides them with a request URI that is used as reference to the data in a subsequent call to the authorization endpoint.