[OAUTH-WG] Authorization Request via back channel / direct communication?
Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com> Fri, 08 June 2012 22:43 UTC
Return-Path: <Adam.Lewis@motorolasolutions.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1227F11E81BC for <oauth@ietfa.amsl.com>; Fri, 8 Jun 2012 15:43:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.966
X-Spam-Level:
X-Spam-Status: No, score=-0.966 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qO4aQB9phGbA for <oauth@ietfa.amsl.com>; Fri, 8 Jun 2012 15:43:52 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe002.messaging.microsoft.com [213.199.154.205]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF3511E8091 for <oauth@ietf.org>; Fri, 8 Jun 2012 15:43:29 -0700 (PDT)
Received: from mail25-am1-R.bigfish.com (10.3.201.235) by AM1EHSOBE006.bigfish.com (10.3.204.26) with Microsoft SMTP Server id 14.1.225.23; Fri, 8 Jun 2012 22:42:37 +0000
Received: from mail25-am1 (localhost [127.0.0.1]) by mail25-am1-R.bigfish.com (Postfix) with ESMTP id 0841C2C01A4 for <oauth@ietf.org>; Fri, 8 Jun 2012 22:42:37 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:129.188.136.16; KIP:(null); UIP:(null); IPV:NLI; H:il06gsg01.am.mot-solutions.com; RD:none; EFVD:NLI
X-SpamScore: 0
X-BigFish: VPS0(zzc85fhzz1202hzz8275bh8275dhz2fh2a8h683h839hd25hf0ah)
Received-SPF: pass (mail25-am1: domain of motorolasolutions.com designates 129.188.136.16 as permitted sender) client-ip=129.188.136.16; envelope-from=Adam.Lewis@motorolasolutions.com; helo=il06gsg01.am.mot-solutions.com ; olutions.com ;
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.240.85; KIP:(null); UIP:(null); (null); H:BL2PRD0410HT004.namprd04.prod.outlook.com; R:internal; EFV:INT
Received: from mail25-am1 (localhost.localdomain [127.0.0.1]) by mail25-am1 (MessageSwitch) id 1339195354698899_24101; Fri, 8 Jun 2012 22:42:34 +0000 (UTC)
Received: from AM1EHSMHS007.bigfish.com (unknown [10.3.201.231]) by mail25-am1.bigfish.com (Postfix) with ESMTP id A54B7440239 for <oauth@ietf.org>; Fri, 8 Jun 2012 22:42:34 +0000 (UTC)
Received: from il06gsg01.am.mot-solutions.com (129.188.136.16) by AM1EHSMHS007.bigfish.com (10.3.207.107) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 8 Jun 2012 22:42:34 +0000
Received: from il06gsg01.am.mot-solutions.com (il06vts01.mot.com [129.188.137.141]) by il06gsg01.am.mot-solutions.com (8.14.3/8.14.3) with ESMTP id q58MZPca003107 for <oauth@ietf.org>; Fri, 8 Jun 2012 18:35:25 -0400 (EDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe005.messaging.microsoft.com [216.32.180.31]) by il06gsg01.am.mot-solutions.com (8.14.3/8.14.3) with ESMTP id q58MZO9I003104 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <oauth@ietf.org>; Fri, 8 Jun 2012 18:35:25 -0400 (EDT)
Received: from mail142-va3-R.bigfish.com (10.7.14.246) by VA3EHSOBE002.bigfish.com (10.7.40.22) with Microsoft SMTP Server id 14.1.225.23; Fri, 8 Jun 2012 22:42:32 +0000
Received: from mail142-va3 (localhost [127.0.0.1]) by mail142-va3-R.bigfish.com (Postfix) with ESMTP id BB2284C0420 for <oauth@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Fri, 8 Jun 2012 22:42:31 +0000 (UTC)
Received: from mail142-va3 (localhost.localdomain [127.0.0.1]) by mail142-va3 (MessageSwitch) id 1339195349709792_26999; Fri, 8 Jun 2012 22:42:29 +0000 (UTC)
Received: from VA3EHSMHS031.bigfish.com (unknown [10.7.14.244]) by mail142-va3.bigfish.com (Postfix) with ESMTP id 9E2E32003F for <oauth@ietf.org>; Fri, 8 Jun 2012 22:42:29 +0000 (UTC)
Received: from BL2PRD0410HT004.namprd04.prod.outlook.com (157.56.240.85) by VA3EHSMHS031.bigfish.com (10.7.99.41) with Microsoft SMTP Server (TLS) id 14.1.225.23; Fri, 8 Jun 2012 22:42:29 +0000
Received: from BL2PRD0410MB363.namprd04.prod.outlook.com ([169.254.3.212]) by BL2PRD0410HT004.namprd04.prod.outlook.com ([10.255.99.39]) with mapi id 14.16.0164.004; Fri, 8 Jun 2012 22:43:20 +0000
From: Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Authorization Request via back channel / direct communication?
Thread-Index: Ac1FyBd3lOmctaVIR/OLtuzN7H7cRQ==
Date: Fri, 08 Jun 2012 22:43:19 +0000
Message-ID: <59E470B10C4630419ED717AC79FCF9A90AED9537@BL2PRD0410MB363.namprd04.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [150.130.26.74]
Content-Type: multipart/alternative; boundary="_000_59E470B10C4630419ED717AC79FCF9A90AED9537BL2PRD0410MB363_"
MIME-Version: 1.0
X-MS-Exchange-CrossPremises-AuthAs: Internal
X-MS-Exchange-CrossPremises-AuthMechanism: 04
X-MS-Exchange-CrossPremises-AuthSource: BL2PRD0410HT004.namprd04.prod.outlook.com
X-MS-Exchange-CrossPremises-SCL: -1
X-MS-Exchange-CrossPremises-messagesource: StoreDriver
X-MS-Exchange-CrossPremises-BCC:
X-MS-Exchange-CrossPremises-rules-execution-history: Sample Spam Submissions
X-MS-Exchange-CrossPremises-processed-by-journaling: Journal Agent
X-MS-Exchange-CrossPremises-ContentConversionOptions: False; 00160000; True; ; iso-8859-1
X-OrganizationHeadersPreserved: BL2PRD0410HT004.namprd04.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%1294$Dn%IETF.ORG$RO%2$TLS%3$FQDN%msgate.mot-solutions.com$TlsDn%
X-CFilter-Loop: Reflected
X-OriginatorOrg: motorolasolutions.com
Subject: [OAUTH-WG] Authorization Request via back channel / direct communication?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jun 2012 22:43:55 -0000
Hi, I have a historical question around front channel / back channel (direct) communications and Authorization Requests. Both the code-flow and implicit-flow utilize a front channel communication through the UA. This makes sense for the delegated credentials case (e.g. shutterfly accessing photos on facebook). I'm in the native app / client market, and the RO password credentials flow fits really well ... expect it's limited to passwords. I've been well educated (by lots of folks on this list) about the "best practices" to enable native clients to use the code flow, e.g. registering a custom callback URI and register my native app ass the handler for that URI. But ... (and not knowing the history behind all this), it seems that OAuth was designed for confidential clients, and was "retro-fitted" to make native apps work. And it just feels a bit like a hack to me (albeit a workable one), the whole custom callback URI thing, to get it to work. The RO password credentials seems like a much better fit for native apps, since it has no need for the UA and can use back channel / direction communication to talk to the AS and obtain and access token. But that limits me to a password and eliminates any chance of strong authentication. It would seem more straight forward to define a back channel flow such that a native client could send off an authorization request with response=token (or id_token in the Connect case), respond to a challenge from the AS for authentication, and obtain a response containing the access_token / id_token and use it for its RESTful API communications with the RS/RP. This would enable strong authentication methods not possible using just RO passwords. Has anybody else ever expressed interest in such back channel calls between for native clients? Was it previously considered and dropped? Tx! adam
- [OAUTH-WG] Authorization Request via back channel… Lewis Adam-CAL022
- Re: [OAUTH-WG] Authorization Request via back cha… Richer, Justin P.
- Re: [OAUTH-WG] Authorization Request via back cha… John Bradley
- Re: [OAUTH-WG] Authorization Request via back cha… Lewis Adam-CAL022
- Re: [OAUTH-WG] Authorization Request via back cha… Chuck Mortimore