On Mon, Aug 11, 2025, 3:08 PM Brian Campbell <[email protected]> wrote:
> Note that I hope/plan to do an actual review again (it's been awhile) for > this WGCL but did want to jump in on one point below. > > On Mon, Aug 11, 2025 at 3:01 PM Watson Ladd <[email protected]> wrote: > >> I have some concerns: >> >> - Requiring the requesting service to be in the Trust Domain of the >> token seems backwards to me. Surely we want these tokens to cross >> trust domains. >> > > No, I believe transaction tokens are, and have been since their inception, > appropriately scoped to be an "internal" construct for use within a single > trust domain. > Maybe the term trust domain has a connotation I'm missing but I would think that we're creating these precisely because service A can't be given unfettered access to all the things service B has access to, hence different trust domain. But maybe what I mean is not what was meant by trust domain. > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.*
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
