Re: [OAUTH-WG] Mandatory-to-implement token type
William Mills <wmills@yahoo-inc.com> Fri, 02 December 2011 04:59 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4872311E80AA for <oauth@ietfa.amsl.com>; Thu, 1 Dec 2011 20:59:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.523
X-Spam-Level:
X-Spam-Status: No, score=-17.523 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MaCmrgEUHLTk for <oauth@ietfa.amsl.com>; Thu, 1 Dec 2011 20:59:03 -0800 (PST)
Received: from nm27.bullet.mail.ac4.yahoo.com (nm27.bullet.mail.ac4.yahoo.com [98.139.52.224]) by ietfa.amsl.com (Postfix) with SMTP id 4FD0611E80A6 for <oauth@ietf.org>; Thu, 1 Dec 2011 20:59:03 -0800 (PST)
Received: from [98.139.52.196] by nm27.bullet.mail.ac4.yahoo.com with NNFMP; 02 Dec 2011 04:58:56 -0000
Received: from [98.139.52.156] by tm9.bullet.mail.ac4.yahoo.com with NNFMP; 02 Dec 2011 04:58:56 -0000
Received: from [127.0.0.1] by omp1039.mail.ac4.yahoo.com with NNFMP; 02 Dec 2011 04:58:56 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 244873.34684.bm@omp1039.mail.ac4.yahoo.com
Received: (qmail 38105 invoked by uid 60001); 2 Dec 2011 04:58:55 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1322801935; bh=CX95AztNtxsJUZSjWPx5qVIdaRMzxUjtOp3wbGXR+WQ=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=p7usqffQ/b1OEAjTid4Ex84tBRyznNGPSdyqgXj8vnVUZBoBM486tWZkir/B/4KMqqQ+dmJj52uZzDEfqLRPL0tvGBnAcLHFpcHEClR7z+julqZjxUJH5u4grVN7Dfz1B7aK0PhyWlFAVsVoto1PmxYUkSqGbe1X2tL60G02eh0=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=VWbGGT6bwAPQrt/CnW/y6QUmctQhonzAUzJd8VdbDu+ipAl7DK84d6HW8dl0DeUsSWOtAQmohUd6oOoSvHjXS2qnomXqdClICi7OYrUlUsXpZaCwJMXeNckxvbCoAkmmkGeUKYxNIEE5nG02x7lFPOTjqAuGjvRDE20bFg1RvC0=;
X-YMail-OSG: YPhiwNIVM1lJBzugdlbFPBor94nnm8uDpeRJz9JyGg2m9QK sN95WyzS9Kl57dXkAaRlrnHcR3hdE_q_4p6zzTcVaYSxXwDked7bWgs96vYT SxJWacefaWIzagTqDoQpyh9hT_XSJkm_mqYCu0I0b8USpv7_b2m53UlMso0X wou0366L3IK9G.80NM_Thcz2aXs17hjhFMrtZlnVz_Rh_9YFPAK3U8O6t2WA snxp7M2cZMv6inef0hB8P.eFjxMpg_MUlqcH9kkYSCNMtgdiiux8XMxlyY42 jKSAulQphyhfPO.H0_UglHqfSuDROe3ZDb3FBeMFNdza003NbETnN0L0vF5A N9ZDuWjkn7mJs0AjvBSArZd0umeipZJ6QwaUOGU2Yd6RiD5dF7tm_Dxckp1a AMiFlURejyXSGMem.fFJ2YKw-
Received: from [99.31.212.42] by web31806.mail.mud.yahoo.com via HTTP; Thu, 01 Dec 2011 20:58:55 PST
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.116.331537
References: <CALaySJJ+2au5rxEQmSSpXO42KmgCu=NhiLPBCx-3AH0hud=5CQ@mail.gmail.com> <CAH-8B6sjim_tcBkTPFWc1SnjhtHDQTR7sVT+aOjnYv7cs8JssA@mail.gmail.com> <4ED82D62.3070800@cs.tcd.ie> <CAH-8B6toCiYMeMAe-ZiHCdPCLa_Xz5aa92JjkWh=p0tkRXNnhQ@mail.gmail.com>
Message-ID: <1322801935.94232.YahooMailNeo@web31806.mail.mud.yahoo.com>
Date: Thu, 01 Dec 2011 20:58:55 -0800
From: William Mills <wmills@yahoo-inc.com>
To: Michael D Adams <mike@automattic.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <CAH-8B6toCiYMeMAe-ZiHCdPCLa_Xz5aa92JjkWh=p0tkRXNnhQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1055047407-1613328379-1322801935=:94232"
Cc: Barry Leiba <barryleiba@computer.org>, oauth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Mandatory-to-implement token type
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Dec 2011 04:59:04 -0000
The problem is that token type AWESOME may have different mechanics for submission. The client has to know how to use it. I do agree we have a disconnect here, and that what we have right now leans completely on "reading the service documentation" for the Auth and RP endpoints you want to use. ________________________________ From: Michael D Adams <mike@automattic.com> To: Stephen Farrell <stephen.farrell@cs.tcd.ie> Cc: Barry Leiba <barryleiba@computer.org>; oauth WG <oauth@ietf.org> Sent: Thursday, December 1, 2011 6:14 PM Subject: Re: [OAUTH-WG] Mandatory-to-implement token type On Thu, Dec 1, 2011 at 5:44 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > On 12/02/2011 01:38 AM, Michael D Adams wrote: >> So an MTI token type + no client preference is equivalent to there >> only existing one token type. > > Maybe. > > However, no MTI token type + no client preference = no interop. > > So I don't get your argument. (When thinking of interop.) I think it's me that doesn't understand your argument. Suppose an authorization server implements OAuth2 and has some requirement that the MTI token type doesn't provide (as William Mills suggested), so the server implements token type AWESOME in addition to token type MTI. Whenever a token is requested, the authorization server issues one of type AWESOME. Type MTI is never issued. Why bother implementing type MTI if it's never used? Additionally, the authorization server could not implement type MTI but claim it did. There's no way for a third party to verify the claim since the authorization server never issues a token of type MTI. If tokens of type MTI are never used by this server, how does the MTI token type help interop? Is your argument that this server would say "No, we do not support OAuth2. We do, however, support OAuth2+AWESOME."? That semantic argument I understand, but I am ignorant as to how/if it fits into the RFC. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Mandatory-to-implement token type Barry Leiba
- Re: [OAUTH-WG] Mandatory-to-implement token type Justin Richer
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael Thomas
- Re: [OAUTH-WG] Mandatory-to-implement token type Eran Hammer-Lahav
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type William Mills
- Re: [OAUTH-WG] Mandatory-to-implement token type Phil Hunt
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael Thomas
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael D Adams
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type William Mills
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael D Adams
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael Thomas
- Re: [OAUTH-WG] Mandatory-to-implement token type Michael D Adams
- Re: [OAUTH-WG] Mandatory-to-implement token type Barry Leiba
- Re: [OAUTH-WG] Mandatory-to-implement token type William Mills
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Bart Wiegmans
- Re: [OAUTH-WG] Mandatory-to-implement token type Blaine Cook
- [OAUTH-WG] Fwd: Re: Mandatory-to-implement token … Justin Richer
- Re: [OAUTH-WG] Fwd: Re: Mandatory-to-implement to… André DeMarre
- Re: [OAUTH-WG] Fwd: Re: Mandatory-to-implement to… Richer, Justin P.
- Re: [OAUTH-WG] Fwd: Re: Mandatory-to-implement to… André DeMarre
- Re: [OAUTH-WG] Fwd: Re: Mandatory-to-implement to… Dan Taflin
- Re: [OAUTH-WG] Mandatory-to-implement token type Barry Leiba
- Re: [OAUTH-WG] Mandatory-to-implement token type Mike Jones
- Re: [OAUTH-WG] Mandatory-to-implement token type John Bradley
- Re: [OAUTH-WG] Mandatory-to-implement token type Anthony Nadalin
- Re: [OAUTH-WG] Mandatory-to-implement token type Paul Madsen
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Mike Jones
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Eran Hammer-Lahav
- Re: [OAUTH-WG] Mandatory-to-implement token type Eran Hammer-Lahav
- Re: [OAUTH-WG] Mandatory-to-implement token type Blaine Cook
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell
- Re: [OAUTH-WG] Mandatory-to-implement token type Justin Richer
- Re: [OAUTH-WG] Mandatory-to-implement token type Marius Scurtescu
- Re: [OAUTH-WG] Mandatory-to-implement token type Leif Johansson
- Re: [OAUTH-WG] Mandatory-to-implement token type Leif Johansson
- Re: [OAUTH-WG] Mandatory-to-implement token type William Mills
- Re: [OAUTH-WG] Mandatory-to-implement token type Blaine Cook
- Re: [OAUTH-WG] Mandatory-to-implement token type Leif Johansson
- Re: [OAUTH-WG] Mandatory-to-implement token type Barry Leiba
- Re: [OAUTH-WG] Mandatory-to-implement token type Stephen Farrell