Re: [OAUTH-WG] Best practices on client_id
Todd W Lainhart <lainhart@us.ibm.com> Fri, 25 January 2013 14:32 UTC
Return-Path: <lainhart@us.ibm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D67E21F8423 for <oauth@ietfa.amsl.com>; Fri, 25 Jan 2013 06:32:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.329
X-Spam-Level:
X-Spam-Status: No, score=-10.329 tagged_above=-999 required=5 tests=[AWL=0.269, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pTxTagVOdScJ for <oauth@ietfa.amsl.com>; Fri, 25 Jan 2013 06:32:11 -0800 (PST)
Received: from e7.ny.us.ibm.com (e7.ny.us.ibm.com [32.97.182.137]) by ietfa.amsl.com (Postfix) with ESMTP id 9E8BE21F841E for <oauth@ietf.org>; Fri, 25 Jan 2013 06:32:11 -0800 (PST)
Received: from /spool/local by e7.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <oauth@ietf.org> from <lainhart@us.ibm.com>; Fri, 25 Jan 2013 09:32:10 -0500
Received: from d01dlp02.pok.ibm.com (9.56.250.167) by e7.ny.us.ibm.com (192.168.1.107) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 25 Jan 2013 09:32:08 -0500
Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 0A8A66E803F; Fri, 25 Jan 2013 09:32:06 -0500 (EST)
Received: from d01av04.pok.ibm.com (d01av04.pok.ibm.com [9.56.224.64]) by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r0PEW7t3263108; Fri, 25 Jan 2013 09:32:07 -0500
Received: from d01av04.pok.ibm.com (loopback [127.0.0.1]) by d01av04.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r0PEW6n4010329; Fri, 25 Jan 2013 09:32:06 -0500
Received: from d01ml255.pok.ibm.com (d01ml255.pok.ibm.com [9.63.10.54]) by d01av04.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id r0PEW6j9010315; Fri, 25 Jan 2013 09:32:06 -0500
In-Reply-To: <5102919D.5020601@dit.upm.es>
References: <5102919D.5020601@dit.upm.es>
To: Antonio Tapiador del Dujo <atapiador@dit.upm.es>
MIME-Version: 1.0
X-KeepSent: 530F869B:95D9C743-85257AFE:004F70AA; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.3FP2 SHF22 July 19, 2012
Message-ID: <OF530F869B.95D9C743-ON85257AFE.004F70AA-85257AFE.004FD787@us.ibm.com>
From: Todd W Lainhart <lainhart@us.ibm.com>
Date: Fri, 25 Jan 2013 09:32:05 -0500
X-MIMETrack: Serialize by Router on D01ML255/01/M/IBM(Release 8.5.3FP2 ZX853FP2HF4|December 14, 2012) at 01/25/2013 09:32:06, Serialize complete at 01/25/2013 09:32:06
Content-Type: multipart/alternative; boundary="=_alternative 004FD78785257AFE_="
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 13012514-5806-0000-0000-00001EBD9FDE
Cc: "oauth@ietf.org" <oauth@ietf.org>, oauth-bounces@ietf.org
Subject: Re: [OAUTH-WG] Best practices on client_id
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jan 2013 14:32:12 -0000
There can't be any security requirements for the client_id - it serves to identify both public and confidential clients. It's only requirement be that it be a unique identifier (across public and confidential clients) in the domain of clients that the AS serves. Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) lainhart@us.ibm.com From: Antonio Tapiador del Dujo <atapiador@dit.upm.es> To: "oauth@ietf.org" <oauth@ietf.org>, Date: 01/25/2013 09:09 AM Subject: [OAUTH-WG] Best practices on client_id Sent by: oauth-bounces@ietf.org Are there any recommendations for the authorization server when generating a client_id. Any security consideration? Should the client_id be a random string or it is save being just the database primary key? Kind regards. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Best practices on client_id Antonio Tapiador del Dujo
- Re: [OAUTH-WG] Best practices on client_id Todd W Lainhart