IETF Logo Mail Archive

Re: [OAUTH-WG] Client cannot specify the token type it needs

William Mills <wmills_92105@yahoo.com> Mon, 21 January 2013 05:45 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA72521F8777 for <oauth@ietfa.amsl.com>; Sun, 20 Jan 2013 21:45:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.298
X-Spam-Level:
X-Spam-Status: No, score=-1.298 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1F+dJ3ddLGg8 for <oauth@ietfa.amsl.com>; Sun, 20 Jan 2013 21:45:02 -0800 (PST)
Received: from nm13.bullet.mail.bf1.yahoo.com (nm13.bullet.mail.bf1.yahoo.com [98.139.212.172]) by ietfa.amsl.com (Postfix) with SMTP id 867F521F8620 for <oauth@ietf.org>; Sun, 20 Jan 2013 21:44:47 -0800 (PST)
Received: from [98.139.212.146] by nm13.bullet.mail.bf1.yahoo.com with NNFMP; 21 Jan 2013 05:44:46 -0000
Received: from [98.139.215.228] by tm3.bullet.mail.bf1.yahoo.com with NNFMP; 21 Jan 2013 05:44:46 -0000
Received: from [127.0.0.1] by omp1068.mail.bf1.yahoo.com with NNFMP; 21 Jan 2013 05:44:46 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 940504.5786.bm@omp1068.mail.bf1.yahoo.com
Received: (qmail 46794 invoked by uid 60001); 21 Jan 2013 05:44:46 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1358747086; bh=QkXGGRj1HYyNwGwAGu04uz2RrbBsi8B8g0PprPuNLw4=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=kgOPKWyqsa1bl6UENt89Znhc6lHtF9aDgInx88z8Z2AOSNEIQwe5BlhLwS2vQ+jmLhp6L7lYknl26yEqOYsjvGyabYBfel4qxWofM2szWJrP+Xm1idJiuHPM1QgOMYvxM028hbEvpEU2fd3T8ehAPX0F16Y0qJxKJsAJ2RL6dls=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=SFziQAWcDcTpthrLEcGQlVOoM0eLQmpMydOmZmS75R1KtDcv74MHtUKxpWJ7M0WurP5A7ivnc+WoXbTEsurWi3Y/jF2n2q9nu7pQAxiCckkEM49XSupi67+dQ5r1u3bfYeFtARcCWu580TMjAv/ufwDTiCs8wC2aWB+wzd5Jnhc=;
X-YMail-OSG: bindHnkVM1lvGSqMavgrlazJXFO1ygXZBwFm6pawzWMNk5A T9fdbcjf.9W2wzUQzOqxwZ63wqI44pCO_mxYcraOG6R8b8EQSCogJ20prvzK MzqvVfFnLHm6WIadJ_8gzL25ORRRUjQndU._sRisszZS2GPt3BF1z.v7POh1 2eYPRwCU7gX_7A2YpzLC0PsIKYusaDJpS72xfSFPP9ubBL4_UdaQJ2foT6H6 EWhu3jg_bhoPysQSC9fdnCXs1Gf8aeVwudIZ8LJudq5QDI5qwVh7Fejnp6u_ m1j7VMWJQS.pIGzjeiRs8DIeAWhC5.M1Uv51YXCEGlc5P1ttfBc1vp7B2L9i VsaopOQFFZfhoVrk9N0vc.RCIWGOICnvOs2pHzXZf4X_Wo03s917FatA1ePJ vhCcP64iAp0JZYuwqGEYjyFvXshmw9usHjRZEb4L1mMHcYuKKxGvYfaWSAPz 8dBSKobrFxSW4nNxONZWujMnmp8VmeBivtbgN5V4BBrY0tL4h7JGfCBc4NAu ubEYnM8HREwER1nyLASzbVO.tdOTaDScATivmh35cf5kbe9FIOt4gJ9iWZNg lrmQ6dAzjGD4ZuIAVgpWXDmu9b7r3vzWgYrKZhZwQUjQNFPRhajxlcBGJ9Qu hlTV5d2M87L26xC8qtsu.
Received: from [99.31.212.42] by web31809.mail.mud.yahoo.com via HTTP; Sun, 20 Jan 2013 21:44:45 PST
X-Rocket-MIMEInfo: 001.001, Tm90IGEgcHJvYmxlbSBmb3IgdGhlIGNsaWVudCB0byByZXF1ZXN0IGEgdHlwZSwgYnV0IGl0IG1heSBub3QgZ2V0IGl0LgoKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCiBGcm9tOiAiemhvdS5zdWppbmdAenRlLmNvbS5jbiIgPHpob3Uuc3VqaW5nQHp0ZS5jb20uY24.ClRvOiBQcmFiYXRoIFNpcml3YXJkZW5hIDxwcmFiYXRoQHdzbzIuY29tPiAKQ2M6ICJvYXV0aEBpZXRmLm9yZyBXRyIgPG9hdXRoQGlldGYub3JnPjsgV2lsbGlhbSBNaWxscyA8d21pbGxzXzkyMTA1QHlhaG9vLmNvbT4gClMBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.130.496
References: <CAJV9qO-D=9-Dbi8Rp8fdXYSYOMeNhfVbSmk2_u3z=Vy3tiyzLw@mail.gmail.com> <OF0057633A.B16D5C4E-ON48257AFA.001EACB5-48257AFA.001F07AC@zte.com.cn>
Message-ID: <1358747085.35324.YahooMailNeo@web31809.mail.mud.yahoo.com>
Date: Sun, 20 Jan 2013 21:44:45 -0800
From: William Mills <wmills_92105@yahoo.com>
To: "zhou.sujing@zte.com.cn" <zhou.sujing@zte.com.cn>, Prabath Siriwardena <prabath@wso2.com>
In-Reply-To: <OF0057633A.B16D5C4E-ON48257AFA.001EACB5-48257AFA.001F07AC@zte.com.cn>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1395015409-211105913-1358747085=:35324"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Client cannot specify the token type it needs
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2013 05:45:12 -0000

Not a problem for the client to request a type, but it may not get it.


________________________________
 From: "zhou.sujing@zte.com.cn" <zhou.sujing@zte.com.cn>
To: Prabath Siriwardena <prabath@wso2.com> 
Cc: "oauth@ietf.org WG" <oauth@ietf.org>; William Mills <wmills_92105@yahoo.com> 
Sent: Sunday, January 20, 2013 9:38 PM
Subject: Re: Re: Re: [OAUTH-WG] Client cannot specify the token type it needs
 


Well, if RS could specify token type,
then Client could transfer it to AS,  
I think, but it is not a good idea for
client itself to specify the token type.  


Prabath Siriwardena <prabath@wso2.com> 写于
2013-01-21 13:29:05:

> Think about a distributed setup. You have single Authorization 
> Server and multiple Resource Servers. 
> 
> Although OAuth nicely decouples AS from RS - AFAIK there is no 
> standard established for communication betweens AS and RS - how to 
> declare metadata between those. 
> 
> Also there can be Resource Servers which support multiple token 
> types. It could vary on APIs hosted in a given RS. 
> 
> Thanks & regards, 
> -Prabath 
> 
> On Mon, Jan 21, 2013 at 10:48 AM, <zhou.sujing@zte.com.cn> wrote: 
> 
> The token type shoulbe decided by resource server, which consumes 
> access token. 
> Client just re-tell the requested token type to AS. 
> Client should not specify the token type. 
> 
> 
> oauth-bounces@ietf.org 写于 2013-01-21 13:08:39: 
> 
> 
> > This is true.  It's possible for the AS to vary it's behavior
on 
> > scope name, but it's presumed the AS and RS have an agreement
of 
> > what token type is in play.  Likely a good extension to
the spec. 
> 
> >  
> > From: Prabath Siriwardena <prabath@wso2.com>
> > To: "oauth@ietf.org WG" <oauth@ietf.org> 
> > Sent: Sunday, January 20, 2013 7:28 PM
> > Subject: [OAUTH-WG] Client cannot specify the token type it needs 
> 
> > 
> > Although token type is extensible according to the OAuth core 
> > specification - it is fully governed by the Authorization Server. 
> > 
> > There can be a case where a single AS supports multiple token
types 
> > based on client request. 
> > 
> > But currently we don't have a way the client can specify (or
at 
> > least suggest) which token type it needs in the OAuth access
tokenrequest ?
> > 
> > Is this behavior intentional ? or am I missing something... 
> > 
> > Thanks & Regards,
> > Prabath 
> > 
> > Mobile : +94 71 809 6732 
> > 
> > http://blog.facilelogin.com
> > http://RampartFAQ.com 
> > 
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> > 
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth 
> 
 
> 
> -- 
> Thanks & Regards,
> Prabath 
> 
> Mobile : +94 71 809 6732 
> 
> http://blog.facilelogin.com
> http://RampartFAQ.com

v2.23.0 | Report a Bug | By Email