[OAUTH-WG] Dynamic Registration and Resource API Targeting
Phil Hunt <phil.hunt@oracle.com> Tue, 04 June 2013 23:11 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60D8021F9649 for <oauth@ietfa.amsl.com>; Tue, 4 Jun 2013 16:11:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.56
X-Spam-Level:
X-Spam-Status: No, score=-5.56 tagged_above=-999 required=5 tests=[AWL=1.039, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M3tEpkSc769U for <oauth@ietfa.amsl.com>; Tue, 4 Jun 2013 16:11:18 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id C2C3F21F8F83 for <oauth@ietf.org>; Tue, 4 Jun 2013 16:11:13 -0700 (PDT)
Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r54NB4cr003160 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <oauth@ietf.org>; Tue, 4 Jun 2013 23:11:05 GMT
Received: from userz7022.oracle.com (userz7022.oracle.com [156.151.31.86]) by ucsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r54NB6iD012584 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <oauth@ietf.org>; Tue, 4 Jun 2013 23:11:06 GMT
Received: from abhmt120.oracle.com (abhmt120.oracle.com [141.146.116.72]) by userz7022.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r54NB5YU012576 for <oauth@ietf.org>; Tue, 4 Jun 2013 23:11:06 GMT
Received: from [192.168.1.89] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 04 Jun 2013 16:11:02 -0700
MIME-Version: 1.0
Message-ID: <613FC93E-332D-4EE1-B0AA-28AEA5AD8ABD@oracle.com>
Date: Tue, 04 Jun 2013 16:11:00 -0700
From: Phil Hunt <phil.hunt@oracle.com>
To: "oauth@ietf.org WG" <oauth@ietf.org>
X-Mailer: Apple Mail (2.1283)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Source-IP: ucsinet22.oracle.com [156.151.31.94]
Subject: [OAUTH-WG] Dynamic Registration and Resource API Targeting
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jun 2013 23:11:24 -0000
How is targeting achieved in dynamic registration? Or in other words how do we know what API is referred to within the scope? Is the registration endpoint generic or to be matched with each resource API? For example, in google's manual registration system, they ask which APIs the clients will access. This keeps scope from getting complex later on. I'm worried about attempting to overload scope for this purpose during registration. I suppose if a client can only register for one API at a time, then the usual OAuth2 techniques for targeting would apply. Phil @independentid www.independentid.com phil.hunt@oracle.com