Difference between revisions of "Purpose for Access Request"

From MgmtWiki
Jump to: navigation, search
(Current Standard Request Messages)
(Current Standard Request Messages)
Line 20: Line 20:
 
These are all call [[Authorization]] Requests rather than Access Requests, which is the typical current transaction type.
 
These are all call [[Authorization]] Requests rather than Access Requests, which is the typical current transaction type.
 
===JAR===
 
===JAR===
[https://datatracker.ietf.org/doc/html/rfc9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request] IETF RFC 9102(2021-08-21}
+
[https://datatracker.ietf.org/doc/html/rfc9101 The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request] IETF RFC 9102(2021-08-21] <blockquote></blockquote>
  
 
===PAR===
 
===PAR===
[https://datatracker.ietf.org/doc/html/rfc9126 OAuth 2.0 Pushed Authorization Requests] 2021-09 IETF RFC 9126
+
[https://datatracker.ietf.org/doc/html/rfc9126 OAuth 2.0 Pushed Authorization Requests] 2021-09 IETF RFC 9126<blockquote>This document defines the pushed authorization request (PAR) endpoint, which allows clients to push the payload of an OAuth 2.0 authorization request to the authorization server via a direct request and provides them with a request URI that is used as reference to the data in a subsequent call to the authorization endpoint.</blockquote>
  
 
===RAR===
 
===RAR===
[https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-12 OAuth 2.0 Rich Authorization Requests] draft-ietf-oauth-rar-12  2022-05-05
+
[https://datatracker.ietf.org/doc/html/draft-ietf-oauth-rar-12 OAuth 2.0 Rich Authorization Requests] draft-ietf-oauth-rar-12  2022-05-05<blockquote></blockquote>
  
 
==References==
 
==References==
  
 
[[Category: Consent]]
 
[[Category: Consent]]

Revision as of 15:12, 14 July 2022

Full Title

This is a discussion of the purpose for which a Relying Party or Verifier is requesting User Private Information.

Context

The goal of this discussion is the creation of a display to the holder of a request for some details needed to create a transaction between the holder and the Verifier.

  • The request must reflect:
  1. The sort of transaction for which data is required.
  2. Any information required to complete the transaction and whether it is to be retained by the verifier.
  3. Any optional information that the verifier wishes that is not required by the immediate transaction.
  1. Display the information to the holder in a language that the user can understand.
  2. Input the holder's response

Taxonomy

  • Holder
  • User Agent
  • Verifier

Current Standard Request Messages

These are all call Authorization Requests rather than Access Requests, which is the typical current transaction type.

JAR

The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request IETF RFC 9102(2021-08-21]

PAR

OAuth 2.0 Pushed Authorization Requests 2021-09 IETF RFC 9126
This document defines the pushed authorization request (PAR) endpoint, which allows clients to push the payload of an OAuth 2.0 authorization request to the authorization server via a direct request and provides them with a request URI that is used as reference to the data in a subsequent call to the authorization endpoint.

RAR

OAuth 2.0 Rich Authorization Requests draft-ietf-oauth-rar-12 2022-05-05

References