Re: [OAUTH-WG] Client cannot specify the token type it needs

Prabath Siriwardena <prabath@wso2.com> Mon, 21 January 2013 07:28 UTC

Return-Path: <prabath@wso2.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23AF521F8783 for <oauth@ietfa.amsl.com>; Sun, 20 Jan 2013 23:28:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.452
X-Spam-Level:
X-Spam-Status: No, score=-0.452 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fc16PwW8VSOl for <oauth@ietfa.amsl.com>; Sun, 20 Jan 2013 23:28:01 -0800 (PST)
Received: from mail-ea0-f171.google.com (mail-ea0-f171.google.com [209.85.215.171]) by ietfa.amsl.com (Postfix) with ESMTP id 3E21F21F8775 for <oauth@ietf.org>; Sun, 20 Jan 2013 23:27:58 -0800 (PST)
Received: by mail-ea0-f171.google.com with SMTP id c13so1711150eaa.16 for <oauth@ietf.org>; Sun, 20 Jan 2013 23:27:57 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=yAkMNpAzRAW1RjFS557VIiAjjePXHWsbOC77Sj7Fi7s=; b=YjYlRtGHfxeHp1eyxNcWecnuANL+UH+imBa2defXqxxsMIYVgh7+r9WSlk8ry9NCmE rKvgvV/GyBxqldMkhL6RgPog+aGYBVBDDKvmRRsHYVzcJjIfvkri5wEYfFBw9Okin0Af /8dwayH8LPfdGW6wTGddN8zYx5BY2eLrXcuMjECDSCjhPAHfOVV7VTbEdUjTaq2jIn63 iL1F5nypdiSynsY+2rcJIgpzM35sVizyXFiFOV0DSbynOyOuAeiApJx3hcNfyaTPYkvz 0d2Qj/57GUKXtO5+ehLWNIw5XmB5LuSfaPvL9tc131wr9qtHa+XEyx78vDH4oX10JEkN 630g==
MIME-Version: 1.0
X-Received: by 10.14.3.195 with SMTP id 43mr57228786eeh.36.1358753277161; Sun, 20 Jan 2013 23:27:57 -0800 (PST)
Received: by 10.223.194.4 with HTTP; Sun, 20 Jan 2013 23:27:57 -0800 (PST)
In-Reply-To: <OFF3C7A7AE.CD29B473-ON48257AFA.00278DE4-48257AFA.0027BC35@zte.com.cn>
References: <1358747085.35324.YahooMailNeo@web31809.mail.mud.yahoo.com> <OFF3C7A7AE.CD29B473-ON48257AFA.00278DE4-48257AFA.0027BC35@zte.com.cn>
Date: Mon, 21 Jan 2013 12:57:57 +0530
Message-ID: <CAJV9qO_b7WsgDSEG7N52TjOGKMPSRy8+xFWDwux9e_S5sUQj3A@mail.gmail.com>
From: Prabath Siriwardena <prabath@wso2.com>
To: zhou.sujing@zte.com.cn
Content-Type: multipart/alternative; boundary=047d7b66f2396c31b204d3c76688
X-Gm-Message-State: ALoCoQmAPTX/5toqGKnGD7+MABygxLPPpTTbTVMtDFFEIl/J84fi8BKycy7cew75M9yo/tc70RrB
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Client cannot specify the token type it needs
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2013 07:28:02 -0000

I guess that is a pattern used many scenarios. Requesting client can
suggest - but its up to the AS to honor it or not...

Thanks & regards,
-prabath

On Mon, Jan 21, 2013 at 12:43 PM, <zhou.sujing@zte.com.cn> wrote:

>
> William Mills <wmills_92105@yahoo.com> 写于 2013-01-21 13:44:45:
>
>
> > Not a problem for the client to request a type, but it may not get it.
>
> I don't object client requesting a type, but I think it is meaningful only
> when the requested type is specified by a RS,
> and client just relay that request to AS.
>
> >
> > From: "zhou.sujing@zte.com.cn" <zhou.sujing@zte.com.cn>
> > To: Prabath Siriwardena <prabath@wso2.com>
> > Cc: "oauth@ietf.org WG" <oauth@ietf.org>; William Mills
> > <wmills_92105@yahoo.com>
> > Sent: Sunday, January 20, 2013 9:38 PM
> > Subject: Re: Re: Re: [OAUTH-WG] Client cannot specify the token type it
> needs
> >
> >
> > Well, if RS could specify token type, then Client could transfer it to
> AS,
> > I think, but it is not a good idea for client itself to specify the
> > token type.
> >
> >
> > Prabath Siriwardena <prabath@wso2.com> 写于 2013-01-21 13:29:05:
> >
> > > Think about a distributed setup. You have single Authorization
> > > Server and multiple Resource Servers.
> > >
> > > Although OAuth nicely decouples AS from RS - AFAIK there is no
> > > standard established for communication betweens AS and RS - how to
> > > declare metadata between those.
> > >
> > > Also there can be Resource Servers which support multiple token
> > > types. It could vary on APIs hosted in a given RS.
> > >
> > > Thanks & regards,
> > > -Prabath
> > >
> > > On Mon, Jan 21, 2013 at 10:48 AM, <zhou.sujing@zte.com.cn> wrote:
> > >
> > > The token type shoulbe decided by resource server, which consumes
> > > access token.
> > > Client just re-tell the requested token type to AS.
> > > Client should not specify the token type.
> > >
> > >
> > > oauth-bounces@ietf.org 写于 2013-01-21 13:08:39:
> > >
> > >
> > > > This is true.  It's possible for the AS to vary it's behavior on
> > > > scope name, but it's presumed the AS and RS have an agreement of
> > > > what token type is in play.  Likely a good extension to the spec.
> > >
> > > >
> > > > From: Prabath Siriwardena <prabath@wso2.com>
> > > > To: "oauth@ietf.org WG" <oauth@ietf.org>
> > > > Sent: Sunday, January 20, 2013 7:28 PM
> > > > Subject: [OAUTH-WG] Client cannot specify the token type it needs
> > >
> > > >
> > > > Although token type is extensible according to the OAuth core
> > > > specification - it is fully governed by the Authorization Server.
> > > >
> > > > There can be a case where a single AS supports multiple token types
> > > > based on client request.
> > > >
> > > > But currently we don't have a way the client can specify (or at
> > > > least suggest) which token type it needs in the OAuth access
> > tokenrequest ?
> > > >
> > > > Is this behavior intentional ? or am I missing something...
> > > >
> > > > Thanks & Regards,
> > > > Prabath
> > > >
> > > > Mobile : +94 71 809 6732
> > > >
> > > > http://blog.facilelogin.com
> > > > http://RampartFAQ.com
> > > >
> > > > _______________________________________________
> > > > OAuth mailing list
> > > > OAuth@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/oauth
> > > >
> > > > _______________________________________________
> > > > OAuth mailing list
> > > > OAuth@ietf.org
> > > > https://www.ietf.org/mailman/listinfo/oauth
> > >
> >
> > >
> > > --
> > > Thanks & Regards,
> > > Prabath
> > >
> > > Mobile : +94 71 809 6732
> > >
> > > http://blog.facilelogin.com
> > > http://RampartFAQ.com
> >
>



-- 
Thanks & Regards,
Prabath

Mobile : +94 71 809 6732

http://blog.facilelogin.com
http://RampartFAQ.com