Re: [OAUTH-WG] Device profile usage
Todd W Lainhart <lainhart@us.ibm.com> Wed, 29 May 2013 17:28 UTC
Return-Path: <lainhart@us.ibm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01BAE21F91BF for <oauth@ietfa.amsl.com>; Wed, 29 May 2013 10:28:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VZVUZHRS+Qyu for <oauth@ietfa.amsl.com>; Wed, 29 May 2013 10:28:06 -0700 (PDT)
Received: from e39.co.us.ibm.com (e39.co.us.ibm.com [32.97.110.160]) by ietfa.amsl.com (Postfix) with ESMTP id A1AC921F90F1 for <oauth@ietf.org>; Wed, 29 May 2013 10:28:06 -0700 (PDT)
Received: from /spool/local by e39.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <oauth@ietf.org> from <lainhart@us.ibm.com>; Wed, 29 May 2013 11:28:05 -0600
Received: from d01dlp02.pok.ibm.com (9.56.250.167) by e39.co.us.ibm.com (192.168.1.139) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 29 May 2013 11:28:03 -0600
Received: from d01relay07.pok.ibm.com (d01relay07.pok.ibm.com [9.56.227.147]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 82BFF6E803F; Wed, 29 May 2013 13:27:58 -0400 (EDT)
Received: from d01av05.pok.ibm.com (d01av05.pok.ibm.com [9.56.224.195]) by d01relay07.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r4THRkEl64880816; Wed, 29 May 2013 13:27:47 -0400
Received: from d01av05.pok.ibm.com (loopback [127.0.0.1]) by d01av05.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r4THRkrO006970; Wed, 29 May 2013 13:27:46 -0400
Received: from d01ml255.pok.ibm.com (d01ml255.pok.ibm.com [9.63.10.54]) by d01av05.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id r4THRkBD006967; Wed, 29 May 2013 13:27:46 -0400
In-Reply-To: <CANZRnTVcQdobaRSdNLQQR3CtLL_w=q=DLJTGdLe0Kp3-K6-q+w@mail.gmail.com>
References: <CANZRnTUyz6wo_5ZfghicGpNEm_=+Aw1=ChdNPdTvKkZS4YApNw@mail.gmail.com> <E625D418-5F83-41EB-BF65-09DEDF003C14@gmx.net> <CANZRnTUS4+_37EtA3bJFDvjWOC=iFzGk1PLHutzx1ijp9kMS_g@mail.gmail.com> <-8470720313341818373@unknownmsgid> <CANZRnTUpyaV6Vd88wkSG_g5tb9QeVGM60czSrpqDdEcqczoXSg@mail.gmail.com> <OF35A0195E.6911A37A-ON85257B7A.0049A8A1-85257B7A.0049D9F2@us.ibm.com> <CANZRnTVcQdobaRSdNLQQR3CtLL_w=q=DLJTGdLe0Kp3-K6-q+w@mail.gmail.com>
To: Vincent Tsang <vincetsang@gmail.com>
MIME-Version: 1.0
X-KeepSent: F86999E0:8F266EE6-85257B7A:005F7345; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.3FP3 November 16, 2012
Message-ID: <OFF86999E0.8F266EE6-ON85257B7A.005F7345-85257B7A.005FEB39@us.ibm.com>
From: Todd W Lainhart <lainhart@us.ibm.com>
Date: Wed, 29 May 2013 13:27:44 -0400
X-MIMETrack: Serialize by Router on D01ML255/01/M/IBM(Release 8.5.3FP2 ZX853FP2HF5|February, 2013) at 05/29/2013 13:27:46, Serialize complete at 05/29/2013 13:27:46
Content-Type: multipart/alternative; boundary="=_alternative 005FEB3985257B7A_="
X-TM-AS-MML: No
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 13052917-3620-0000-0000-000002C5215F
Cc: "oauth@ietf.org" <oauth@ietf.org>, "oauth-bounces@ietf.org" <oauth-bounces@ietf.org>
Subject: Re: [OAUTH-WG] Device profile usage
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2013 17:28:17 -0000
> The same user could run the app on multiple computers and I want to distinguish each running instance, so I think it's the app? I asked, because I wondered if the client credentials flow or the auth code flow was the more appropriate flow. It sounds like you want to identify both the client and the user, but it's unclear if it's required that the client authenticate. Also, I can't tell from your use case if OAuth is the appropriate solution. If it is the right solution, Justin's response sounds like the way to go. Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) lainhart@us.ibm.com From: Vincent Tsang <vincetsang@gmail.com> To: Todd W Lainhart/Lexington/IBM@IBMUS, Cc: "oauth@ietf.org" <oauth@ietf.org>, "oauth-bounces@ietf.org" <oauth-bounces@ietf.org>, Nat Sakimura <sakimura@gmail.com> Date: 05/29/2013 10:29 AM Subject: Re: Device profile usage The same user could run the app on multiple computers and I want to distinguish each running instance, so I think it's the app? Thanks. Vincent On Wednesday, May 29, 2013, Todd W Lainhart wrote: On behalf of what will the access token be granted - the app (e.g. Word), or the user running the app? Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) lainhart@us.ibm.com From: Vincent Tsang <vincetsang@gmail.com> To: Nat Sakimura <sakimura@gmail.com>, Cc: "oauth@ietf.org" <oauth@ietf.org> Date: 05/29/2013 12:31 AM Subject: Re: [OAUTH-WG] Device profile usage Sent by: oauth-bounces@ietf.org The client is a native windows application, for instance, a document editor like MS Word. The editor can upload copies to the cloud (e.g. Amazon S3), then record the version history and notes associated with each cloud copy to our cloud service via our cloud application API (to be secured by OAuth access tokens). I think it's similar to the case with a media player application (like VLC/Windows Media Player) that sends playlist/history info to the cloud via some cloud application API. I'm just not sure which of the 4 scenarios described in the OAuth spec could fit in here... Thanks. Vincent On Wed, May 29, 2013 at 11:38 AM, Nat Sakimura <sakimura@gmail.com> wrote: A little more application and user context would help. A use case, so to speak. Nat 2013/05/29 12:04、Vincent Tsang <vincetsang@gmail.com> のメッセージ: > Hi Hannes, > > Thanks for your reply. > Actually I am new to OAuth and am simply trying to search for the best industrial practice for granting access tokens when the client to our application API is a simple windows applications, which in most cases runs on PC's with web browser installed. > Therefore the scenario doesn't quite match what is described in the document, as the user doesn't need a separate machine to perform the verification; it's just that the client application doesn't have internet browsing capability itself (in this sense it's similar to the "device" described in this document, though not quite) and so user needs to launch a separate browser application. > I ended up on this device profile spec just because it seems to match closer to our scenario when compared to the 4 cases described in the OAuth 2 spec, but it could be the case that I didn't understand it fully. > Maybe I should rephrase my question: could someone please advice what should be the best practice for granting OAuth tokens to clients which are native windows applications? > > Thanks. > Vincent > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Hannes Tschofenig
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Nat Sakimura
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Lewis Adam-CAL022
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Vincent Tsang