- The Requester uses the OAuth token of the AM obtained above to call the AM Requester API.
- The AM in turn will call the Host Requester API of the Host in question
- The Host returns a token for accessing the protected resource to the AM
- The AM passes this token to the Requester
- The Requester now can access the protected resource on the Host.
- How do the APIs look like?
- What data needs to be presented to those APIs?
- AM Requester API:
- which resource on the server to access
- later: terms?
- Host Requester API
- which Requester is knocking on the door?
- for which resource?
- later: terms? policies? (latter might be defined on the AM)