IETF Logo Mail Archive

Re: [OAUTH-WG] Device profile usage

Todd W Lainhart <lainhart@us.ibm.com> Wed, 29 May 2013 17:28 UTC

Return-Path: <lainhart@us.ibm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01BAE21F91BF for <oauth@ietfa.amsl.com>; Wed, 29 May 2013 10:28:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VZVUZHRS+Qyu for <oauth@ietfa.amsl.com>; Wed, 29 May 2013 10:28:06 -0700 (PDT)
Received: from e39.co.us.ibm.com (e39.co.us.ibm.com [32.97.110.160]) by ietfa.amsl.com (Postfix) with ESMTP id A1AC921F90F1 for <oauth@ietf.org>; Wed, 29 May 2013 10:28:06 -0700 (PDT)
Received: from /spool/local by e39.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <oauth@ietf.org> from <lainhart@us.ibm.com>; Wed, 29 May 2013 11:28:05 -0600
Received: from d01dlp02.pok.ibm.com (9.56.250.167) by e39.co.us.ibm.com (192.168.1.139) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 29 May 2013 11:28:03 -0600
Received: from d01relay07.pok.ibm.com (d01relay07.pok.ibm.com [9.56.227.147]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 82BFF6E803F; Wed, 29 May 2013 13:27:58 -0400 (EDT)
Received: from d01av05.pok.ibm.com (d01av05.pok.ibm.com [9.56.224.195]) by d01relay07.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r4THRkEl64880816; Wed, 29 May 2013 13:27:47 -0400
Received: from d01av05.pok.ibm.com (loopback [127.0.0.1]) by d01av05.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r4THRkrO006970; Wed, 29 May 2013 13:27:46 -0400
Received: from d01ml255.pok.ibm.com (d01ml255.pok.ibm.com [9.63.10.54]) by d01av05.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id r4THRkBD006967; Wed, 29 May 2013 13:27:46 -0400
In-Reply-To: <CANZRnTVcQdobaRSdNLQQR3CtLL_w=q=DLJTGdLe0Kp3-K6-q+w@mail.gmail.com>
References: <CANZRnTUyz6wo_5ZfghicGpNEm_=+Aw1=ChdNPdTvKkZS4YApNw@mail.gmail.com> <E625D418-5F83-41EB-BF65-09DEDF003C14@gmx.net> <CANZRnTUS4+_37EtA3bJFDvjWOC=iFzGk1PLHutzx1ijp9kMS_g@mail.gmail.com> <-8470720313341818373@unknownmsgid> <CANZRnTUpyaV6Vd88wkSG_g5tb9QeVGM60czSrpqDdEcqczoXSg@mail.gmail.com> <OF35A0195E.6911A37A-ON85257B7A.0049A8A1-85257B7A.0049D9F2@us.ibm.com> <CANZRnTVcQdobaRSdNLQQR3CtLL_w=q=DLJTGdLe0Kp3-K6-q+w@mail.gmail.com>
To: Vincent Tsang <vincetsang@gmail.com>
MIME-Version: 1.0
X-KeepSent: F86999E0:8F266EE6-85257B7A:005F7345; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.3FP3 November 16, 2012
Message-ID: <OFF86999E0.8F266EE6-ON85257B7A.005F7345-85257B7A.005FEB39@us.ibm.com>
From: Todd W Lainhart <lainhart@us.ibm.com>
Date: Wed, 29 May 2013 13:27:44 -0400
X-MIMETrack: Serialize by Router on D01ML255/01/M/IBM(Release 8.5.3FP2 ZX853FP2HF5|February, 2013) at 05/29/2013 13:27:46, Serialize complete at 05/29/2013 13:27:46
Content-Type: multipart/alternative; boundary="=_alternative 005FEB3985257B7A_="
X-TM-AS-MML: No
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 13052917-3620-0000-0000-000002C5215F
Cc: "oauth@ietf.org" <oauth@ietf.org>, "oauth-bounces@ietf.org" <oauth-bounces@ietf.org>
Subject: Re: [OAUTH-WG] Device profile usage
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2013 17:28:17 -0000

> The same user could run the app on multiple computers and I want to 
distinguish each running instance, so I think it's the app? 

I asked, because I wondered if the client credentials flow or the auth 
code flow was the more appropriate flow. It sounds like you want to 
identify both the client and the user, but it's unclear if it's required 
that the client authenticate.  Also, I can't tell from your use case if 
OAuth is the appropriate solution.

If it is the right solution, Justin's response sounds like the way to go.





Todd Lainhart
Rational software
IBM Corporation
550 King Street, Littleton, MA 01460-1250
1-978-899-4705
2-276-4705 (T/L)
lainhart@us.ibm.com




From:   Vincent Tsang <vincetsang@gmail.com>
To:     Todd W Lainhart/Lexington/IBM@IBMUS, 
Cc:     "oauth@ietf.org" <oauth@ietf.org>, "oauth-bounces@ietf.org" 
<oauth-bounces@ietf.org>, Nat Sakimura <sakimura@gmail.com>
Date:   05/29/2013 10:29 AM
Subject:        Re: Device profile usage



The same user could run the app on multiple computers and I want to 
distinguish each running instance, so I think it's the app? 

Thanks. 
Vincent

On Wednesday, May 29, 2013, Todd W Lainhart wrote:
On behalf of what will the access token be granted - the app (e.g. Word), 
or the user running the app?




Todd Lainhart
Rational software
IBM Corporation
550 King Street, Littleton, MA 01460-1250
1-978-899-4705
2-276-4705 (T/L)
lainhart@us.ibm.com





From:        Vincent Tsang <vincetsang@gmail.com> 
To:        Nat Sakimura <sakimura@gmail.com>, 
Cc:        "oauth@ietf.org" <oauth@ietf.org> 
Date:        05/29/2013 12:31 AM 
Subject:        Re: [OAUTH-WG] Device profile usage 
Sent by:        oauth-bounces@ietf.org 



The client is a native windows application, for instance, a document 
editor like MS Word. 
The editor can upload copies to the cloud (e.g. Amazon S3), then record 
the version history and notes associated with each cloud copy to our cloud 
service via our cloud application API (to be secured by OAuth access 
tokens). 
I think it's similar to the case with a media player application (like 
VLC/Windows Media Player) that sends playlist/history info to the cloud 
via some cloud application API. 
I'm just not sure which of the 4 scenarios described in the OAuth spec 
could fit in here... 

Thanks. 
Vincent 


On Wed, May 29, 2013 at 11:38 AM, Nat Sakimura <sakimura@gmail.com> wrote: 

A little more application and user context would help.
A use case, so to speak.

Nat

2013/05/29 12:04、Vincent Tsang <vincetsang@gmail.com> のメッセージ: 

> Hi Hannes,
>
> Thanks for your reply.
> Actually I am new to OAuth and am simply trying to search for the best 
industrial practice for granting access tokens when the client to our 
application API is a simple windows applications, which in most cases runs 
on PC's with web browser installed.
> Therefore the scenario doesn't quite match what is described in the 
document, as the user doesn't need a separate machine to perform the 
verification; it's just that the client application doesn't have internet 
browsing capability itself (in this sense it's similar to the "device" 
described in this document, though not quite) and so user needs to launch 
a separate browser application.
> I ended up on this device profile spec just because it seems to match 
closer to our scenario when compared to the 4 cases described in the OAuth 
2 spec, but it could be the case that I didn't understand it fully.
> Maybe I should rephrase my question: could someone please advice what 
should be the best practice for granting OAuth tokens to clients which are 
native windows applications?
>
> Thanks.
> Vincent
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth 
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email