IETF Logo Mail Archive

Re: [mmox] OGP scalability concerns

Jon Watte <jwatte@gmail.com> Thu, 02 April 2009 23:11 UTC

Return-Path: <jwatte@gmail.com>
X-Original-To: mmox@core3.amsl.com
Delivered-To: mmox@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 65DDB28C146 for <mmox@core3.amsl.com>; Thu, 2 Apr 2009 16:11:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.545
X-Spam-Level:
X-Spam-Status: No, score=-2.545 tagged_above=-999 required=5 tests=[AWL=0.054, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Alt1o8LhRHzb for <mmox@core3.amsl.com>; Thu, 2 Apr 2009 16:11:07 -0700 (PDT)
Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.181]) by core3.amsl.com (Postfix) with ESMTP id 92ABB28C142 for <mmox@ietf.org>; Thu, 2 Apr 2009 16:11:07 -0700 (PDT)
Received: by wa-out-1112.google.com with SMTP id l35so427310waf.5 for <mmox@ietf.org>; Thu, 02 Apr 2009 16:12:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=0ajBoZ3ekWR+STS6nqJx/Mfu3M/fE5nrTS1SZzfyqPU=; b=NUJPjMfHOzgwRUis2sl53D0CuoFry/Njk4IyIgf5PtIWfo63hAx13wwEA6aGHR2qbc ou5r5fw58xuuV4A8Y1VIbiiLkLI7gtma0lPBQEPsAOucluzbx0awHGWgwg1oTQQvPE8a ZVaHlLIg/xCoZc8VKRN8ljpl56STgCeONUNto=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=we762VKtdCIfzoJyAyPfS7kkMko9CBSQn4TZG5b2IUhewotjHBJG2euxS72MTlZcNV guEzZm+g6LWEzpeNBM9JyDYn3VYxEOPcPV4lDzTNFKnNQGSADws/RXt2kBYEo97Pcq1F CADGdf8KZZgWIfB4WW3Kvsbv2oh202mtq7Fn4=
Received: by 10.115.22.1 with SMTP id z1mr236568wai.202.1238713929425; Thu, 02 Apr 2009 16:12:09 -0700 (PDT)
Received: from ?10.10.111.233? (smtp.forterrainc.com [208.64.184.34]) by mx.google.com with ESMTPS id l31sm2765920rvb.9.2009.04.02.16.12.08 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 02 Apr 2009 16:12:09 -0700 (PDT)
Message-ID: <49D54648.4020007@gmail.com>
Date: Thu, 02 Apr 2009 16:12:08 -0700
From: Jon Watte <jwatte@gmail.com>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: Christian Scholz <cs@comlounge.net>
References: <62BFE5680C037E4DA0B0A08946C0933D7B692E1B@rrsmsx506.amr.corp.intel.com> <CD02023C-3E7B-4E76-8429-11035C827E53@lindenlab.com> <f0b9e3410904011701i2ccb03d4r1b48d33cfe3988ea@mail.gmail.com> <49D40A06.7030708@gmail.com> <8D793BD8-6AA2-49C7-96EF-435A5B449AA6@lindenlab.com> <49D4295C.2020502@gmail.com> <52A129B8-3FC6-486A-99A5-C00BED8BDE08@lindenlab.com> <49D4E5AF.2030301@gmail.com> <49D51A7D.8000104@comlounge.net> <62BFE5680C037E4DA0B0A08946C0933D7B6934A3@rrsmsx506.amr.corp.intel.com> <49D52DCD.2000806@comlounge.net> <49D531DA.4080006@gmail.com> <49D533EA.4010301@comlounge.net>
In-Reply-To: <49D533EA.4010301@comlounge.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "mmox@ietf.org" <mmox@ietf.org>
Subject: Re: [mmox] OGP scalability concerns
X-BeenThere: mmox@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Massively Multi-participant Online Games and Applications <mmox.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/mmox>, <mailto:mmox-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmox>
List-Post: <mailto:mmox@ietf.org>
List-Help: <mailto:mmox-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmox>, <mailto:mmox-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Apr 2009 23:11:08 -0000

Christian Scholz wrote:
> The redirect setup is only one example of obtaining the OAuth token. 
> You can do it whatever way you want to (the new version of the spec 
> also makes that clearer as it starts with just the way you actually do 
> authorized requests and only explains in the second part the redirect 
> mechanism).
>

When I register as a service provider for an OAuth service, I have to 
register a callback URL. That seems pretty hard-coded into the actual 
implementation to me. That service provider won't work with a service 
that doesn't have a user-visible callbacl URL.

> But if you look at e.g. iMovie and how it uploads movies to YouTube 
> you have an example of how a desktop app can do it (although it's not 
> using OAuth I think but probably Google AuthSub but it's basically the 
> same).
>

The problem is not the desktop app not being reachable; the problem is 
the service requesting authentication not being reachable from the 
authentication provider.

>
> I am not sure though I understand the question. You might also be 
> talking about the server being behind a firewall and not reachable by 
> the client. But then I guess you need some ports open anyway for the 
> client to be able to connect any way.

The client can get to the service requesting authentication. The service 
can get to the authentication provider. The client can get to the 
authentication provider. The authentication provider can /not/ get to 
the service. Thus, any callback scheme between the services may fail. 
The current implementation of OAuth in the services I've seen uses this 
callback with a registered URL, so this is not something you can change 
by only changing the client, or only changing the requesting service AFAICT.

Sincerely,

jw

v2.23.0 | Report a Bug | By Email