Re: [OAUTH-WG] Transaction Authorization with OAuth
George Fletcher <gffletch@aol.com> Mon, 22 April 2019 19:04 UTC
Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A42771202CC for <oauth@ietfa.amsl.com>; Mon, 22 Apr 2019 12:04:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=aol.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DvyHQSW_BmPT for <oauth@ietfa.amsl.com>; Mon, 22 Apr 2019 12:04:01 -0700 (PDT)
Received: from sonic307-2.consmr.mail.bf2.yahoo.com (sonic307-2.consmr.mail.bf2.yahoo.com [74.6.134.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFBBD1200E9 for <oauth@ietf.org>; Mon, 22 Apr 2019 12:04:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aol.com; s=a2048; t=1555959840; bh=GRSKeTrhahn7XNpiE2Vzxq1o5Z/O5xdQLEWrBC3j1K4=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From:Subject; b=l/2aGW6weKmzz7B2yGuAVrnhNuUKAiIwklUJuVOOOFYDmKmmozMxmCj2d/LzRDlb41iwpBMveSbjzWM1mlnrk4l8TLqyBZ7ZAlMDJvQ89v5bVbzaxSSBPaENX+onHMrrH5vc11TObw9RH8677BXz2pKmksle5fV7jv/Y0NnHCU5tSBR2uuuPYUfT+fzoskzOCYWa46yktzhTI/7EBwUTwZdpEO6zzE+V7NBHr69q2wqSrHZLwQ1L5HfOA1m8L3ScA01cDWZ0jBdryeCzNNq/bahp6cBekDEq8gg7/AjUT2Pz/4OvD+7QyAyTSv4RJiTcKrGTL3QdqKvqmtrVPKJ1dw==
X-YMail-OSG: G5fno4EVM1mKvzLlPm2.AqzKvS2U8SHO0rOV.GZO8VhKCatO6XkbudL1TAVXM07 haM.1_uwxSM7SW9wrph0TRrLU88xAOlxczaYSeis1ychQS6lV00lJY86xAVh5HXb8Y2dAhyW5NXz Xp7Rmc6lBWTQICP0djTNAS6r77AnCHpWoTOfUGv7M_9qkciDFPCWrJVJK_Een_EmKieQbNlhgzpt 8xpkmAFfx_pPIpyM_OBMyoGRe5O15NgdA2EigsD1qQC8SeXNBcYmfkuEbvhRgnIRfOncJF2w1Bpf uQqryWJZs.49SW8LKtvAn4X9bVFheSpKylPF.xjOp3Nuzt6P.RDI9wFwXd2a5j.6cx1eWn4tElSR ETSx09x9r9UuHVYJ6oL6ma3GGQFl2XXpG9_AQKxdjTM54jtRmuJYs5QG7KLkwgnofOfxJX.jz7U_ 5JfTUKkNcQGfl3pLQW1TKiL7B6a3QhLOpTeCVe6f_4KmDndjRaXuQBe6KOUVnN3BmhZP2jS88xBV wzkdVm_Mmzk3xvqXKHFR9D6R27fTKNl2msmrSrGz4AIK.3BH_jdgD2i8xvu2sZFVGrxxha_5vzpk x0dQDTKYpb6HpsmJzFX.yDFLwjiv7dKsfJdqGQW6w4sXc1w6FXjsHKd.zgSo3eiRo837apJJJMXr o7SAqHhslb7IbhBfJJ2dJYSH9SW4SOAZ8yqSwhhKdMcaM._1BcDKMMVJSgzl7cjkV4HQiw3avBCl bHEErbPEbbO.pVVPSl7qISkMINXhG6HvB2olNgekvzDIV8L0D7sWzhhmIVsY_nTd28PITOwDKXDJ WHSwY8TN1YnTcepB9fcnd25iRYWKzKFIjzLKSuxGWHpFQIp1cpARMWJjxmn_fs57qWZ9VH3fmvOJ 42ri7aXS_oYvLFShgMgrQ5uQAsvybW95CfEgJzEAsDSl8P024Muda_2_3VHpq5h5NNs26ghwbrp_ bOBMNo.iQEAoP6AHV3VeWgvNKIy7Q4wGR1rjLLM4cOmr35rEWThwWYQa6NORxeeNCKjr.2hdCwCi 0yPogrPqE8q.8TRdTO_ta.y02sZWjfWSkzB2NJo9woujzP8knQK2t6ol8o3GWRDuOlsRyzrMILSv 0sQ5tMk.u11HvynEm4JEYhXA-
Received: from sonic.gate.mail.ne1.yahoo.com by sonic307.consmr.mail.bf2.yahoo.com with HTTP; Mon, 22 Apr 2019 19:04:00 +0000
Received: from nat-vpn-users2.cfw-a-gci.net.buffalo.office.oath (EHLO [172.135.130.101]) ([184.165.8.97]) by smtp422.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 16d9096f5b98410da78d7c1feb52d8cf; Mon, 22 Apr 2019 19:03:58 +0000 (UTC)
To: Torsten Lodderstedt <torsten@lodderstedt.net>, Pedro Igor Silva <psilva@redhat.com>
Cc: oauth <oauth@ietf.org>
References: <8E2628D6-282A-4284-97E3-94466D71A75A@lodderstedt.net> <CAJrcDBfmhR5Fx1okJv7xdgATytDTA8rhBZNJJviY39WGK06uPw@mail.gmail.com> <2261EA43-063D-4EA5-A55B-15235D5E525E@lodderstedt.net> <CAJrcDBcm0x6zzWYBxjh4B8EJQozFC1ciyx5_j2rnW8DBLGqUCg@mail.gmail.com> <B41AFDAE-CE92-4477-8489-F47C05A4DD3E@lodderstedt.net>
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
Message-ID: <7483a5f0-b3c1-c944-02fa-79e5a1ecc490@aol.com>
Date: Mon, 22 Apr 2019 15:03:57 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <B41AFDAE-CE92-4477-8489-F47C05A4DD3E@lodderstedt.net>
Content-Type: multipart/alternative; boundary="------------B0A643BD2B36C04136FB6042"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/5AI8V0g5-fuWNFjPY06MsiWtIcc>
Subject: Re: [OAUTH-WG] Transaction Authorization with OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Apr 2019 19:04:03 -0000
Speaking just to the UMA side of things... ...it's possible in UMA 2 for the client to request additional scopes when interacting with the token endpoint specifically to address cases where the client knows it's going to make the following requests and wants to obtain a token with sufficient privilege for those requests. This requires a fair amount of knowledge by the client of the ecosystem but that is sometimes the case and hence this capability exists :) On 4/22/19 1:18 PM, Torsten Lodderstedt wrote: > The problem from my perspective (and my understanding of UMA) is the RS does not have any information about the context of the request. For example, the client might be calling a certain resource (list of accounts) and immediately afterwards wants to obtain the balances and initiate a payment. I think the UMA case the RS either predicts this based on policy or past behaviour of the client OR the client will need to issue several token requests. That might not be a problem in 1st party scenarios but it is in 3rd party scenarios if the AS gathers consent.
- [OAUTH-WG] Transaction Authorization with OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Vladimir Dzhuvinov
- Re: [OAUTH-WG] Transaction Authorization with OAu… Steinar Noem
- Re: [OAUTH-WG] Transaction Authorization with OAu… Pedro Igor Silva
- Re: [OAUTH-WG] Transaction Authorization with OAu… Jim Manico
- Re: [OAUTH-WG] Transaction Authorization with OAu… Pedro Igor Silva
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Pedro Igor Silva
- Re: [OAUTH-WG] Transaction Authorization with OAu… Pedro Igor Silva
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Pedro Igor Silva
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Sascha Preibisch
- Re: [OAUTH-WG] Transaction Authorization with OAu… George Fletcher
- Re: [OAUTH-WG] Transaction Authorization with OAu… Pedro Igor Silva
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Steinar Noem
- Re: [OAUTH-WG] Transaction Authorization with OAu… George Fletcher
- Re: [OAUTH-WG] Transaction Authorization with OAu… George Fletcher
- Re: [OAUTH-WG] Transaction Authorization with OAu… Sascha Preibisch
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… George Fletcher
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Sascha Preibisch
- Re: [OAUTH-WG] Transaction Authorization with OAu… Takahiko Kawasaki
- Re: [OAUTH-WG] Transaction Authorization with OAu… George Fletcher
- Re: [OAUTH-WG] Transaction Authorization with OAu… George Fletcher
- Re: [OAUTH-WG] Transaction Authorization with OAu… Brian Campbell
- Re: [OAUTH-WG] Transaction Authorization with OAu… Steinar Noem
- Re: [OAUTH-WG] Transaction Authorization with OAu… Benjamin Kaduk
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Brian Campbell
- Re: [OAUTH-WG] Transaction Authorization with OAu… Benjamin Kaduk
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt
- Re: [OAUTH-WG] Transaction Authorization with OAu… Takahiko Kawasaki
- Re: [OAUTH-WG] Transaction Authorization with OAu… George Fletcher
- Re: [OAUTH-WG] Transaction Authorization with OAu… Dave Tonge
- Re: [OAUTH-WG] Transaction Authorization with OAu… George Fletcher
- Re: [OAUTH-WG] Transaction Authorization with OAu… Nat Sakimura
- Re: [OAUTH-WG] Transaction Authorization with OAu… Torsten Lodderstedt