Re: [OAUTH-WG] Flowchart for legs of OAuth
Phil Hunt <phil.hunt@oracle.com> Wed, 23 March 2011 18:10 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A853628C0EB for <oauth@core3.amsl.com>; Wed, 23 Mar 2011 11:10:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.561
X-Spam-Level:
X-Spam-Status: No, score=-6.561 tagged_above=-999 required=5 tests=[AWL=0.037, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, UNPARSEABLE_RELAY=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KqwAd2UYulT5 for <oauth@core3.amsl.com>; Wed, 23 Mar 2011 11:10:24 -0700 (PDT)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id 6BCC928C0D6 for <oauth@ietf.org>; Wed, 23 Mar 2011 11:10:24 -0700 (PDT)
Received: from rcsinet15.oracle.com (rcsinet15.oracle.com [148.87.113.117]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id p2NIBuNR021385 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 23 Mar 2011 18:11:57 GMT
Received: from acsmt357.oracle.com (acsmt357.oracle.com [141.146.40.157]) by rcsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id p2NIBtB3027283 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 23 Mar 2011 18:11:55 GMT
Received: from abhmt007.oracle.com (abhmt007.oracle.com [141.146.116.16]) by acsmt357.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id p2NIBtQC021253; Wed, 23 Mar 2011 13:11:55 -0500
Received: from dhcp-rmdc-twvpn-1-vpnpool-10-159-15-134.vpn.oracle.com (/10.159.15.134) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 23 Mar 2011 11:11:54 -0700
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <4D84F7E2.6090305@redhat.com>
Date: Wed, 23 Mar 2011 11:11:54 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <16B9A882-6204-4CBD-B7E3-1D806AF5056C@oracle.com>
References: <22FB565B-A701-4502-818F-15164D9E201A@oracle.com> <AANLkTimGjiCGk5dpA=YVzq5vDkLR2+caSz=pZ5WiZO9H@mail.gmail.com> <3C84AD7A-F00F-43EC-AAD3-AD2DCFB46B0E@oracle.com> <90C41DD21FB7C64BB94121FBBC2E7234464F432BB0@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4D84F7E2.6090305@redhat.com>
To: Anil Saldhana <Anil.Saldhana@redhat.com>, Eran Hammer-Lahav <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1084)
X-Source-IP: acsmt357.oracle.com [141.146.40.157]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090201.4D8A37EC.004B,ss=1,fgs=0
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Flowchart for legs of OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Mar 2011 18:10:25 -0000
FYI. I have posted a new version of the flows on my blog showing the new terminology as discussed here. Feedback appreciated. http://independentidentity.blogspot.com/2011/03/oauth-flows-extended.html Phil phil.hunt@oracle.com On 2011-03-19, at 11:37 AM, Anil Saldhana wrote: > I agree. "2 party oauth", "3 party oauth" tells what it is, rather than > "3 legged oauth". > > On 03/18/2011 07:20 PM, Eran Hammer-Lahav wrote: >> The legs terminology is just plain awful. I prefer parties, roles, anything else. >> >> EHL >> >>> -----Original Message----- >>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf >>> Of Phillip Hunt >>> Sent: Friday, March 18, 2011 5:07 PM >>> To: David Primmer >>> Cc: OAuth WG >>> Subject: Re: [OAUTH-WG] Flowchart for legs of OAuth >>> >>> I agree with what you are saying. We were having trouble understanding legs >>> too, so I came up with the diagram. The diagram does show the parties >>> aspect. But I remain uncomfortable about the terminology. >>> >>> Phil >>> >>> Sent from my phone. >>> >>> On 2011-03-18, at 15:55, David Primmer<primmer@google.com> wrote: >>> >>>> Hi Phil, >>>> >>>> I actually think this rephrasing of the rule of thumb is not really >>>> helpful based on how the word "legs" has been used in my experience of >>>> discussing and teaching OAuth. I actually tried to be pretty explicit >>>> about this topic in a talk I did at Google I/O last year because we >>>> have lots of questions about 2 versus 3 legged OAuth since the launch >>>> of the Google Apps Marketplace. >>>> http://www.youtube.com/watch?v=0L_dEOjhADQ. I speak about 17mins >>> in. >>>> We have traditionally used the terms two legged OAuth and three legged >>>> OAuth to describe the trust relationships involved in the grant. I >>>> think your interpretation is very different and not a common way to >>>> use the terms 'legs' in relation to OAuth and will simply confuse >>>> people. 2LO involves a client authenticating itself to a server. 3LO >>>> involves those two previous actors, plus a user/resource owner who >>>> delegates permissions to the client. In everyday use, 2LO is 'server >>>> to server' auth with out of band permissions and user identity and 3LO >>>> involves an individual grant where the user's grant is identified by a >>>> token given to the client and passed to the server on access. Another >>>> way to look at it is 2LO is just HTTP request signing. >>>> >>>> davep >>>> >>>> On Mon, Feb 21, 2011 at 4:45 PM, Phil Hunt<phil.hunt@oracle.com> wrote: >>>>> FYI. I published a blog post with a flow-chart explaining the legs of OAuth. >>>>> http://independentidentity.blogspot.com/2011/02/does-oauth-have- >>> legs. >>>>> html >>>>> >>>>> Please let me know if any corrections should be made, or for that matter, >>> any improvements! >>>>> Phil >>>>> phil.hunt@oracle.com >>>>> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Anthony Nadalin
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth David Primmer
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phillip Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Eran Hammer-Lahav
- Re: [OAUTH-WG] Flowchart for legs of OAuth Anil Saldhana
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Kris Selden
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Kris Selden
- Re: [OAUTH-WG] Flowchart for legs of OAuth Anthony Nadalin
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] Flowchart for legs of OAuth Justin Richer
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth torsten
- Re: [OAUTH-WG] Flowchart for legs of OAuth Justin Richer
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phillip Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Chuck Mortimore
- Re: [OAUTH-WG] Flowchart for legs of OAuth Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth torsten
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Justin Richer
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phillip Hunt