Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2015-11-26

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
01:29 MegaMatt joined #openam
03:38 auke- joined #openam
04:35 ramteid joined #openam
07:37 ilbot3 joined #openam
07:37 Topic for #openam is now Chat about the OpenAM project - https://backstage.forgerock.com/#/downloads - OpenAM 12.0.2 is out! OpenAM 11.0.3 is out! Channel logs at: http://irclog.perlgeek.de/openam/today
07:53 KermitTheFragger joined #openam
07:56 jjpp joined #openam
08:05 balo joined #openam
08:11 kala_ joined #openam
09:09 aldaris joined #openam
09:32 kala_ joined #openam
09:38 ghormoon joined #openam
12:20 prasannaa joined #openam
12:21 prasannaa hi all
12:21 prasannaa need some of your views
12:22 asyd hello
12:28 prasannaa i am try to use custom properties
12:28 prasannaa abc.com|URl
12:33 prasannaa is this abc.com used in construction of the goto url?
12:43 amaramrahul1 joined #openam
12:44 amaramrahul1 hi
12:44 amaramrahul1 I have a quick question related to access token replay
12:44 amaramrahul1 anyone there ?
12:44 aldaris yeah
12:45 amaramrahul1 I have a client , auth server (openam) and resource server.
12:45 amaramrahul1 let us assume there are two resources
12:46 amaramrahul1 now the client initially authenticates against openam and recieves a token
12:48 amaramrahul1 now while trying to access the resource it sends the access token to the resouce server, which using the access token given by the client(user), checks against the OpenAM server if the client is permitted access to the resource.
12:48 amaramrahul1 now let us say that the resource server 1 which hosts resource 1 is compromised.
12:49 amaramrahul1 now why can't the resource server 1 use access token to access resource 2 on resource server 2 ?
12:49 amaramrahul1 have I expressed my doubt clearly ?
12:52 amaramrahul1 aldaris, you there ?
12:52 aldaris yepp, just enjoying my lunch :)
12:52 amaramrahul1 oh .. k :)
12:52 amaramrahul1 when should i ping you back ?
12:52 MegaMatt joined #openam
12:56 aldaris well
12:56 aldaris I'm not sure if the spec has any solutions for that
12:56 aldaris an access token can be used to retrieve details about the user
12:57 aldaris I guess one way to protect against that would be to have short lifetime for the oauth2 tokens
13:01 amaramrahul1 that wouldn't help.
13:02 amaramrahul1 also I am not looking at oauth. I don't think it fits well in this case.
13:02 amaramrahul1 here we have a client/user, resource server and auth server.
13:03 amaramrahul1 in oauth, we have an application, and the user is the resource owner, who grants the application authorization to the resource.
13:03 aldaris joined #openam
13:06 aldaris1 joined #openam
13:36 amaramrahul1 left #openam
14:11 MegaMatt joined #openam
14:16 MegaMatt joined #openam
14:33 MegaMatt joined #openam
16:51 KermitTheFragger joined #openam
17:21 KermitTheFragger joined #openam
17:37 aldaris joined #openam
18:27 aldaris1 joined #openam
18:49 MegaMatt_ joined #openam
19:01 lazzurs joined #openam
19:08 dean|away joined #openam
19:10 MegaMatt joined #openam
19:10 raspbeguy joined #openam
19:11 aldaris1 joined #openam
19:11 asyd joined #openam
19:14 auke- joined #openam
19:14 CrtxReavr joined #openam
19:23 lazzurs_ joined #openam
20:36 metadaddy__ joined #openam
20:57 raspbeguy joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary