Re: [OAUTH-WG] Audience parameter in authorization flow
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 21 August 2013 16:40 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D9AD11E80C5 for <oauth@ietfa.amsl.com>; Wed, 21 Aug 2013 09:40:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.849
X-Spam-Level:
X-Spam-Status: No, score=-102.849 tagged_above=-999 required=5 tests=[AWL=-0.250, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x9QCaTlJwDWb for <oauth@ietfa.amsl.com>; Wed, 21 Aug 2013 09:40:54 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) by ietfa.amsl.com (Postfix) with ESMTP id AE6F211E8107 for <oauth@ietf.org>; Wed, 21 Aug 2013 09:40:53 -0700 (PDT)
Received: from [172.16.254.200] ([195.149.218.67]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0MfAog-1VS4iX0g70-00OmxM for <oauth@ietf.org>; Wed, 21 Aug 2013 18:40:51 +0200
Message-ID: <5214ED9B.3070406@gmx.net>
Date: Wed, 21 Aug 2013 18:40:59 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8
MIME-Version: 1.0
To: Phil Hunt <phil.hunt@oracle.com>
References: <5210F714.80305@gmail.com> <1373E8CE237FCC43BCA36C6558612D2AA272E8@USCHMBX001.nsn-intra.net> <CF5728A9-5271-4B57-A2B3-40A9FC1BC983@oracle.com>
In-Reply-To: <CF5728A9-5271-4B57-A2B3-40A9FC1BC983@oracle.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:rvsWa35vErabx8g2S1iC2jJX+VM86ZcszfeFPaSHKOID9tAz7Hy 38rnbttDkYPzESo0XU0pvNNSqIx1FsKjJsEuU5dpvpVdAEFF1vSqCJV+YxvILPaoFsA7b2w q0cqbi9Rr56gIX8msn4Tb19dvUa/YxDOCagFnmJDy4VzW21lKvF0jYtecKOhRh1D44kENRY BqcFNtOzb7+3Jckuk7Xtg==
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Audience parameter in authorization flow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2013 16:40:58 -0000
That's certainly true although the referenced document did not talk about the registration phase but rather about the time when the client talks to the authorization server to obtain an access token. Maybe UMA has provided a story for this already... On 08/21/2013 06:35 PM, Phil Hunt wrote: > This could be bound up in the client registration process since oauth clients don't authorize for random "targets". > > Phil > > @independentid > www.independentid.com > phil.hunt@oracle.com > > > > > > > > On 2013-08-21, at 9:30 AM, "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> wrote: > >> Hi Sergey, >> >> The idea of the audience was to provide a way for the client to indicate the resource server it wants to talk to explicitly rather than overloading the scope field. We certainly need that capability for the MAC token work. >> >> The audience information is provided when the client interacts with the AS. >> >> Ciao >> Hannes >> >> >>> -----Original Message----- >>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf >>> Of ext Sergey Beryozkin >>> Sent: Sunday, August 18, 2013 6:32 PM >>> To: <oauth@ietf.org> >>> Subject: [OAUTH-WG] Audience parameter in authorization flow >>> >>> Hi Hannes, All, >>> >>> Regarding [1], where would you expect an audience parameter be provided >>> during the authorization flow ? >>> >>> It appears to me it should be provided during the initial redirect >>> (similarly to a parameter like redirect_uri). >>> >>> Also, would it make sense to support pre-registered audience values, >>> example, a client registers and specifies an audience during the >>> registration ? >>> >>> Thanks, Sergey >>> >>> [1] http://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Audience parameter in authorization fl… Sergey Beryozkin
- Re: [OAUTH-WG] Audience parameter in authorizatio… Justin Richer
- Re: [OAUTH-WG] Audience parameter in authorizatio… Sergey Beryozkin
- Re: [OAUTH-WG] Audience parameter in authorizatio… Phil Hunt
- Re: [OAUTH-WG] Audience parameter in authorizatio… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] Audience parameter in authorizatio… Phil Hunt
- Re: [OAUTH-WG] Audience parameter in authorizatio… Hannes Tschofenig
- Re: [OAUTH-WG] Audience parameter in authorizatio… Anthony Nadalin
- Re: [OAUTH-WG] Audience parameter in authorizatio… Phil Hunt
- Re: [OAUTH-WG] Audience parameter in authorizatio… Justin Richer