Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBD5E1F0CA6 for ; Tue, 29 Nov 2011 12:59:17 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -16.995 X-Spam-Level: X-Spam-Status: No, score=-16.995 tagged_above=-999 required=5 tests=[AWL=0.603, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15] Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oY1db2kc74zD for ; Tue, 29 Nov 2011 12:59:13 -0800 (PST) Received: from nm27-vm0.bullet.mail.bf1.yahoo.com (nm27-vm0.bullet.mail.bf1.yahoo.com [98.139.213.139]) by ietfa.amsl.com (Postfix) with SMTP id 73B751F0CAB for ; Tue, 29 Nov 2011 12:59:13 -0800 (PST) Received: from [98.139.215.141] by nm27.bullet.mail.bf1.yahoo.com with NNFMP; 29 Nov 2011 20:59:10 -0000 Received: from [98.139.212.236] by tm12.bullet.mail.bf1.yahoo.com with NNFMP; 29 Nov 2011 20:59:10 -0000 Received: from [127.0.0.1] by omp1045.mail.bf1.yahoo.com with NNFMP; 29 Nov 2011 20:59:10 -0000 X-Yahoo-Newman-Property: ymail-3 X-Yahoo-Newman-Id: 451124.75707.bm@omp1045.mail.bf1.yahoo.com Received: (qmail 32957 invoked by uid 60001); 29 Nov 2011 20:59:09 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1322600349; bh=2iW5F3qlnA+oPeyxw42VOBpzUN2ZML1dMrY9ZdML+lk=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=Vp3nnJPNHXwoUc4B4ImwaA6qy17GBb0ZvimPU/K56ofYlDVGg0O4OuSsYjGEyuv2LmWFfPae3jml5+ff/LZTceOhZMw4a3DBXB3mRVAmArvWXhNpomgLdQWC3wwIHblfbgACJp2szLcJy00hnhg4II1qyhHSZ5FMnR21UC3C1+g= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=sjbAmKkjtWTBmfkLDhbrpk+NBbihRGU4JCk0oIz6ZH3BYiYXpUTkJsSiqv/4uoi3dtDcxqTvMeLAzVwPOx350pbR8Bh3t50QkYqB49H9acFbwWQ9BLxKeUImIg+oPk4ncqwwws8nzOphG+gXNsLu7Pe/GfSU1a5i7QTEjcViQ54=; X-YMail-OSG: nVgJ_qwVM1kfIGGV0rmZ4dBEWIpv8bI8q0MakvtNEl8PFF1 _s3Nd00wm0gzcGYBTi3YjPUXk6LB9jjenxCTXukG5tpixoCaR7cBN2Cidthz JM0CZ_qakhB9oI3Rt1T_GcGlyAfX6C78Z4iCg7e337V7028FTDww30xcQlgS YRVkFNh2isvatlIHG1RwgXFdVYgVL1aa2CnsSEMK7THgKEpMTA4S2hCnTe9f SizIB4Dpe.0aP4IeEreBBZPnUca4taUWs3gm3mfjLunCzgKzchrVzyLtCQC2 x9NcxNjitbiVRstk1azVJd4ch9QzrFimaGXs0Bih34OCAuk529mtHmSOfCoR xCTziQr1yPt9XzdnA4Q0Y4V0BxVRhh2nKuk208IFTlQoX9xvUCIARt5ib5Lx qwm8xU.5Y64R4ZIq4Vmc12sNfxaZ3.WjMY8vn Received: from [209.131.62.115] by web31804.mail.mud.yahoo.com via HTTP; Tue, 29 Nov 2011 12:59:09 PST X-RocketYMMF: william_john_mills X-Mailer: YahooMailWebService/0.8.116.331537 References: <90C41DD21FB7C64BB94121FBBC2E723452856C6DBE@P3PW5EX1MB01.EX1.SECURESERVER.NET> Message-ID: <1322600349.22998.YahooMailNeo@web31804.mail.mud.yahoo.com> Date: Tue, 29 Nov 2011 12:59:09 -0800 (PST) From: William Mills To: Brian Hawkins , "oauth@ietf.org" In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="835683298-611104942-1322600349=:22998" Subject: Re: [OAUTH-WG] 2 Leg with OAuth 2.0 X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: William Mills List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2011 20:59:17 -0000 --835683298-611104942-1322600349=:22998 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable This isn't really OAuth, this is a trust relationship between A and B.=A0 O= Auth is providing an avenue for the user to approve access because the user= owns the resource.=A0 That's why this doesn't really fit what you are tryi= ng to do.=0A=0A=0AYou could use MAC signatures to secure the transactions w= ith a shared secret, sure.=A0 Just decide on a single (or pair) of secrest = to use in all cases one for the client and one for the "user" secret, which= isn't really a user secret, it's your global shared secret.=0A=0A-bill=0A= =0A=0A=0A________________________________=0A From: Brian Hawkins =0ATo: "oauth@ietf.org" =0ASent: Tuesday, Novemb= er 29, 2011 12:27 PM=0ASubject: Re: [OAUTH-WG] 2 Leg with OAuth 2.0=0A =0A= =0AMaybe I'm making this harder then it should be. =A0=0A=0AHere is the sit= uation: =A0Site A and B both trust each other. =A0Site A needs to update us= er information at site B.=0A=0AWith OAuth 1.0 Site A would use it's consume= r key and secret to sign the update call to Site B (no access token involve= d). =A0Only one message is sent.=0A=0AThe closest I can come to the above w= ith OAuth 2.0 is to use the MAC token scheme and sign the request with the = consumer secret. =A0Is that valid? =A0I kind of get the idea that the proto= col doesn't care.=0A=0AIt feels like the bearer scheme just doesn't work fo= r what I'm trying to do.=0A=0AThanks=0A=0ABrian=0A=0A=0AOn Tue, Nov 29, 201= 1 at 1:06 PM, Eran Hammer-Lahav wrote:=0A=0AThis func= tionality can be implemented in two main ways:=0A>=A0=0A>1.=A0=A0=A0=A0=A0= =A0 Using the client credentials flow to get an access token, then using th= e protocol as usual=0A>2.=A0=A0=A0=A0=A0=A0 Just using the Bearer (over SSL= ) or MAC token schemes without the rest of OAuth=0A>=A0=0A>EHL=0A>=A0=0A>Fr= om:oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Bria= n Hawkins=0A>Sent: Tuesday, November 29, 2011 11:49 AM=0A>To: oauth@ietf.or= g=0A>Subject: [OAUTH-WG] 2 Leg with OAuth 2.0=0A>=A0=0A>I'm having trouble = finding information on how to do 2leg authentication with OAuth 2.0. =A0Doe= s it even support it?=0A>=A0=0A>Thanks=0A>Brian=0A=0A______________________= _________________________=0AOAuth mailing list=0AOAuth@ietf.org=0Ahttps://w= ww.ietf.org/mailman/listinfo/oauth --835683298-611104942-1322600349=:22998 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable
This isn't really OAuth, this is a trust relationship between A and B.&nb= sp; OAuth is providing an avenue for the user to approve access because the= user owns the resource.  That's why this doesn't really fit what you = are trying to do.

Yo= u could use MAC signatures to secure the transactions with a shared secret,= sure.  Just decide on a single (or pair) of secrest to use in all cas= es one for the client and one for the "user" secret, which isn't really a u= ser secret, it's your global shared secret.

-bill

= From: Brian Hawkins <b= rian@lingotek.com>
To:<= /b> "oauth@ietf.org" <oauth@ietf.org>
Sent: Tuesday, November 29, 2011 12:27 PM
Subject: Re: [OAUTH-WG] 2 Leg wi= th OAuth 2.0
=0A
Maybe I'm making = this harder then it should be.  

Here is the situat= ion:  Site A and B both trust each other.  Site A needs to update= user information at site B.

With OAuth 1.0 Site A= would use it's consumer key and secret to sign the update call to Site B (= no access token involved).  Only one message is sent.
=0A=0A
=
The closest I can come to the above with OAuth 2.0 is to use= the MAC token scheme and sign the request with the consumer secret.  = Is that valid?  I kind of get the idea that the protocol doesn't care.=
=0A=0A

It feels like the bearer scheme just doesn'= t work for what I'm trying to do.

Thanks

Brian

On Tue= , Nov 29, 2011 at 1:06 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:=0A=0A
This functionality can be implemented in two main ways:
=0A=0A
 
1.       = Using the client credentials flow to get an access token, then using t= he protocol as usual
=0A=0A
2.&= nbsp;      Just using = the Bearer (over SSL) or MAC token schemes without the rest of OAuth=
=0A=0A
 
EHL
=0A=0A
 
=0A=0A
From: oauth-bounces@i= etf.org [mailto:oauth-bounc= es@ietf.org] On Behalf Of Brian Hawkins
=0A=0ASent: Tu= esday, November 29, 2011 11:49 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] 2 Leg with OAuth 2.0
=0A=0A 
I'm having trouble finding information on how to do = 2leg authentication with OAuth 2.0.  Does it even support it?
=0A=0A 
Thanks
Brian=

=0A
_______________________________________________
OAuth mailing lis= t
OA= uth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

<= br> --835683298-611104942-1322600349=:22998--