[TSG-Access-RD] Useful resource on OAuth2/OpenID Connect

[Andrew Newton]

That's a great video, and I like the idea of using those terms.

-andy
On Fri, Dec 14, 2018 at 12:13 PM Gavin Brown <gavin.brown at centralnic.com> wrote:
>
> I know we have yet to agree on a charter but I don't think there's any
> harm in starting to explore the solution space.
>
> I've been meaning to get my head around OAuth2 and OpenID Connect for
> some time, being aware of the work of Scott and Marc Blanchet of
> Viagenie on using OpenID Connect to authenticate RDAP queries.
> Suspecting that any protocol we might produce will be based on them, I
> spent some time today looking for an "idiot's guide" and found this
> video on YouTube which I think is worth an hour of your time:
>
> https://www.youtube.com/watch?v=996OiexHze0
>
> I've tried to conceptualise how the different parts of OAuth2 might map
> onto our use case:
>
> * "Resource owner" - for us, this would not be owner of the registration
> data, but the person requesting access to non-public registration data.
>
> * "Authorisation server" - this would be operated by ICANN, but could
> redirect to other authorisation servers. The might also redirect to a
> third-party authentication server.
>
> * "Resource server" - this is an RDAP server. It seems as though a way
> for ICANN and RO to agree on a client's access token is needed.
>
> * "Authorisation grants" - one difference to the traditional OAuth2
> model is that the specific permissions granted are determined by the
> authz server, not the user.
>
> Scott - any thoughts on the above?
>
> G.
>
> --
> Gavin Brown
> Chief Technology Officer
> CentralNic Group plc (LSE:CNIC)
> Innovative, Reliable and Flexible Registry Services
> for ccTLD, gTLD and private domain name registries
> https://www.centralnic.com/
> +44.7548243029
>
> CentralNic Group plc is a company registered in England and Wales with
> company number 8576358. Registered Offices: 35-39 Moorgate, London,
> EC2R 6AR.
>
>