Re: [decade] An open issue for "An HTTP-based DECADE Resource Protocol".
Hongqiang Harry Liu <lampson0505@gmail.com> Wed, 12 September 2012 13:55 UTC
Return-Path: <lampson0505@gmail.com>
X-Original-To: decade@ietfa.amsl.com
Delivered-To: decade@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0581421F860F for <decade@ietfa.amsl.com>; Wed, 12 Sep 2012 06:55:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.69
X-Spam-Level:
X-Spam-Status: No, score=-1.69 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_ILLEGAL_IP=1.908, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cbs28jcwv-pi for <decade@ietfa.amsl.com>; Wed, 12 Sep 2012 06:55:03 -0700 (PDT)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by ietfa.amsl.com (Postfix) with ESMTP id D012121F8600 for <decade@ietf.org>; Wed, 12 Sep 2012 06:55:02 -0700 (PDT)
Received: by dadf8 with SMTP id f8so1029471dad.31 for <decade@ietf.org>; Wed, 12 Sep 2012 06:55:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=hsNAmXJIf851wRkf46XZBF/u4E2V07QJR+VChDWcS4Y=; b=Ayf/ciiX+vKxOQU7u2uLxqd6y3t2vtQBP0QQJ6Kp4neyBmOled4BByacZbXvTWE0f8 STprAEKbTx1os5yWi3tYM32jwI+2S0YI/bjGGvkzAFIMLBZax9S3n8Eznz5p2GQlMJjK 0VJZSJOH1C1qE5i8q8q1Q8d1ivt0U3gwUFryL/Y0RX/4Tmq9ET4sE2hA1fM5UNaFvtBb mwOucEVJPn/TOSbT611Qb9WHfQvgx/gl1P409b0zXNJjfSbkg9inFtjEDDuBYeOY+zAG bacxnGm8QcF5NSDNobWcb68z/5aH9YvAfaAz869NgybqO4d05et9EfAzn9XDUonjL6Sb owjg==
Received: by 10.68.134.228 with SMTP id pn4mr16806627pbb.147.1347458102602; Wed, 12 Sep 2012 06:55:02 -0700 (PDT)
Received: from [223.82.202.196] ([223.82.202.196]) by mx.google.com with ESMTPS id ps2sm5264187pbb.0.2012.09.12.06.55.00 (version=SSLv3 cipher=OTHER); Wed, 12 Sep 2012 06:55:01 -0700 (PDT)
Message-ID: <50509431.8000500@gmail.com>
Date: Wed, 12 Sep 2012 09:54:57 -0400
From: Hongqiang Harry Liu <lampson0505@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:15.0) Gecko/20120827 Thunderbird/15.0
MIME-Version: 1.0
To: decade@ietf.org
References: <AFD688AF30E249418739DBDC55B9C75B34D77B27@SZXEML507-MBS.china.huawei.com>
In-Reply-To: <AFD688AF30E249418739DBDC55B9C75B34D77B27@SZXEML507-MBS.china.huawei.com>
Content-Type: multipart/alternative; boundary="------------090108010808020104000807"
Subject: Re: [decade] An open issue for "An HTTP-based DECADE Resource Protocol".
X-BeenThere: decade@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "To start the discussion on DECoupled Application Data Enroute, to discuss the in-network data storage for p2p applications and its access protocol" <decade.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/decade>, <mailto:decade-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/decade>
List-Post: <mailto:decade@ietf.org>
List-Help: <mailto:decade-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/decade>, <mailto:decade-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Sep 2012 13:55:04 -0000
Hi Danhua I agree that OAuth is a good option and starting point. Thanks Harry Liu On 08/25/2012 05:29 AM, Wangdanhua wrote: > > Hi all, > > The following is one of the open issues left for "An HTTP-based DECADE > Resource Protocol" (draft-wang-drp). We're looking forward to your > opinions and comments. > > As to access and resource control, we authors once had several > candidate protocols in our mind, they are Kerberos, AAA, and OAuth. > > 1. During the latest DECADE WG meeting in IETF 82nd Taipei, we > realized that Kerberos isn't the right solution for resource control, > since it works on the basis of "tickers" to allow nodes to prove their > identity to one another in a secure manner. > > 2. As to AAA, it is mainly used in management environment. Extending > the binary-value-pairs may be possible to grant network resources for > data access, but a text-based protocol may be preferred. > > 3. OAuth 2.0 is used to grant access to the resource owner's resources > from a third party without explicitly exposing the resource owner's > credentials. Certain grant types can be extended for access and > resource control in DECADE. > > In summary, we believe that OAuth2.0 seems to be the most suitable > protocol for DECADE access and resource control till now. Maybe it's > time for us to write a protocol using OAuth 2.0 and see what problems > we may meet. > > Thanks a lot. > > Best wishes, > > Danhua Wang >
- [decade] An open issue for "An HTTP-based DECADE … Wangdanhua
- Re: [decade] An open issue for "An HTTP-based DEC… Songhaibin
- Re: [decade] An open issue for "An HTTP-based DEC… Hongqiang Harry Liu