Re: [OAUTH-WG] Authentication Methods
Justin Richer <jricher@mitre.org> Wed, 02 November 2011 21:09 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BECD011E8162 for <oauth@ietfa.amsl.com>; Wed, 2 Nov 2011 14:09:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uLBJb5yAv0b5 for <oauth@ietfa.amsl.com>; Wed, 2 Nov 2011 14:09:00 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 4B64011E811F for <oauth@ietf.org>; Wed, 2 Nov 2011 14:09:00 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id CA5DE21B0269; Wed, 2 Nov 2011 17:08:59 -0400 (EDT)
Received: from IMCCAS01.MITRE.ORG (imccas01.mitre.org [129.83.29.78]) by smtpksrv1.mitre.org (Postfix) with ESMTP id C485921B0185; Wed, 2 Nov 2011 17:08:59 -0400 (EDT)
Received: from [129.83.50.1] (129.83.31.55) by IMCCAS01.MITRE.ORG (129.83.29.78) with Microsoft SMTP Server (TLS) id 14.1.339.1; Wed, 2 Nov 2011 17:08:59 -0400
Message-ID: <1320268131.15549.20.camel@ground>
From: Justin Richer <jricher@mitre.org>
To: Elliot Cameron <elliot.cameron@covenanteyes.com>
Date: Wed, 02 Nov 2011 17:08:51 -0400
In-Reply-To: <079275cb-f23c-46de-92c6-fc308ad2e1eb@email.covenanteyes.com>
References: <079275cb-f23c-46de-92c6-fc308ad2e1eb@email.covenanteyes.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.2.1-
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Authentication Methods
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 21:09:00 -0000
Please clarify what you're asking, if you would: There are two kinds of authentication which happen with OAuth: client authentication and user authentication, and neither of which are standardized on two-way TLS. Client authentication happens at the token endpoint and is described in section 2.3, which recommends use of HTTP Basic but allows for form parameters or other, out-of-scope methods such as client assertions. User authentication happens at the authorization endpoint and is completely outside of the scope of OAuth (by design). You can use whatever means you like to authenticate the user here, from a local username/password, OpenID, SAML, NTLM, whatever. OAuth makes no assumptions about how that happens and makes no recommendations, either. -- Justin On Wed, 2011-11-02 at 16:59 -0400, Elliot Cameron wrote: > What are some common or suggested authentication methods that are used > in conjunction with OAuth 2.0? > Is TLS/SSL the only standard one or do people normally roll their own > authentication within OAuth's flows? > > Elliot Cameron > > Covenant Eyes Software Developer > > elliot.cameron@covenanteyes.com > > 810-771-8322 > > > Call 810-771-8322 > Phone to call with > Covenant Eyes > > > > Connect > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Authentication Methods Elliot Cameron
- Re: [OAUTH-WG] Authentication Methods Justin Richer
- Re: [OAUTH-WG] Authentication Methods John Bradley