Re: [OAUTH-WG] Why OAuth it self is not an authentication framework ?
Paul Madsen <paul.madsen@gmail.com> Tue, 05 February 2013 21:12 UTC
Return-Path: <paul.madsen@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06F3621F84FC for <oauth@ietfa.amsl.com>; Tue, 5 Feb 2013 13:12:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.151
X-Spam-Level:
X-Spam-Status: No, score=-0.151 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HOST_EQ_CPE=0.979, HOST_EQ_MODEMCABLE=1.368, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J6MW2jtUdDKl for <oauth@ietfa.amsl.com>; Tue, 5 Feb 2013 13:12:14 -0800 (PST)
Received: from mail-ia0-x233.google.com (mail-ia0-x233.google.com [IPv6:2607:f8b0:4001:c02::233]) by ietfa.amsl.com (Postfix) with ESMTP id 164F621F84C8 for <oauth@ietf.org>; Tue, 5 Feb 2013 13:12:14 -0800 (PST)
Received: by mail-ia0-f179.google.com with SMTP id x24so688892iak.10 for <oauth@ietf.org>; Tue, 05 Feb 2013 13:12:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:date:from:user-agent:mime-version:to:cc :subject:references:in-reply-to:content-type; bh=NirnajTTKJAtwJng2XXF+IWZdpWWcQVwtuiI3G4TX50=; b=ENAxkgxuMfHsdmAWi33rYE0XWz+Fkibdgtfoj/fkcr+rVw4zF3MVGVbAL2BAlZlmcp 1rEz5zbC9YBTUlQum92/PK32MuJ4/AiALkAn66NN5xeRHvno1917axq6qb3yosvkpksx uWA20V4Z+lMDzYMVfm9/6jqFelznUy2DwF932ItJUbtEKWtz5VB44/G+T3WAMaCM8Fzh fmj+mmamNDeLYJ3hhyASiw1yMI/8zrrKlUS+7vpjwgYpQ+lW4hB4ASufk2jWhvHHWNtK cnAkjgcd3CmtpXjKE8Gk6YsRS3nlECReWZIE6xleZb1gXTGOuSacd/fIURziU9kXaYtL vmew==
X-Received: by 10.50.214.67 with SMTP id ny3mr1086183igc.13.1360098733690; Tue, 05 Feb 2013 13:12:13 -0800 (PST)
Received: from pmadsen-mbp.local (CPE0022b0cb82b4-CMbc1401e98fa0.cpe.net.cable.rogers.com. [99.240.72.98]) by mx.google.com with ESMTPS id fa6sm24532030igb.2.2013.02.05.13.12.11 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 05 Feb 2013 13:12:12 -0800 (PST)
Message-ID: <511175AA.9030301@gmail.com>
Date: Tue, 05 Feb 2013 16:12:10 -0500
From: Paul Madsen <paul.madsen@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130107 Thunderbird/17.0.2
MIME-Version: 1.0
To: John Bradley <ve7jtb@ve7jtb.com>
References: <CAJV9qO_J1-AhGB=XST0R-kwAd-9hjUbCJ4ieBPoE_OMe760mqg@mail.gmail.com> <73B7EC23-AA93-42EE-B3EB-35BA1B82558F@ve7jtb.com>
In-Reply-To: <73B7EC23-AA93-42EE-B3EB-35BA1B82558F@ve7jtb.com>
Content-Type: multipart/alternative; boundary="------------030803020409040005010306"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Why OAuth it self is not an authentication framework ?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Feb 2013 21:12:15 -0000
why pigeonhole it? OAuth can be deployed with no authz semantics at all (or at least as little as any authn mechanism), e.g client creds grant type with no scopes I agree that OAuth is not an *SSO* protocol. On 2/5/13 3:36 PM, John Bradley wrote: > OAuth is an Authorization protocol as many of us have pointed out. > > The post is largely correct and based on one of mine. > > John B. > > On 2013-02-05, at 12:52 PM, Prabath Siriwardena <prabath@wso2.com > <mailto:prabath@wso2.com>> wrote: > >> FYI and for your comments.. >> >> http://blog.facilelogin.com/2013/02/why-oauth-it-self-is-not-authentication.html >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com <http://blog.facilelogin.com/> >> http://RampartFAQ.com <http://rampartfaq.com/> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Why OAuth it self is not an authentica… Prabath Siriwardena
- Re: [OAUTH-WG] Why OAuth it self is not an authen… John Bradley
- Re: [OAUTH-WG] Why OAuth it self is not an authen… Justin Richer
- Re: [OAUTH-WG] Why OAuth it self is not an authen… Paul Madsen
- Re: [OAUTH-WG] Why OAuth it self is not an authen… William Mills
- Re: [OAUTH-WG] Why OAuth it self is not an authen… Tim Bray
- Re: [OAUTH-WG] Why OAuth it self is not an authen… Lewis Adam-CAL022
- Re: [OAUTH-WG] Why OAuth it self is not an authen… John Bradley
- Re: [OAUTH-WG] Why OAuth it self is not an authen… William Mills
- Re: [OAUTH-WG] Why OAuth it self is not an authen… Lewis Adam-CAL022
- Re: [OAUTH-WG] Why OAuth it self is not an authen… John Bradley
- Re: [OAUTH-WG] Why OAuth it self is not an authen… Nat Sakimura