Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI

[David Recordon <recordond@gmail.com>]

+OAuth IETF list
-WRAP list to BCC

Hi Kevin,
OAuth 2.0 should be pretty simple for you to implement and any feedback your
team has would be really appreciated! There are already implementations in
Cocoa, Python, and Ruby list on the wiki at
http://wiki.oauth.net/OAuth-2.0and you find find the spec at
http://tools.ietf.org/html/draft-hammer-oauth2-00.

You may also be interested in the mobile web implementation we've built at
Facebook. http://developers.facebook.com/docs/guides/mobile/

I'm also cc'ing Blaine Cook who lives in Ireland and might be able to
present.

Cheers,
--David


On Tue, May 4, 2010 at 4:20 AM, Kevin Smith, Vodafone <
mrkrcsmith@googlemail.com> wrote:

> Dear OAUTH WRAP group,
>
> My name is Kevin Smith of Vodafone R&D, and I lead a cross-mobile
> operator project called OneAPI ('Open Network Enablers') [1]. The aim
> is to provide a RESTful API to expose network functions such as
> location, messaging, payments and more to developers; with the
> reckoning that this will make it far easier to mash-up Web
> applications with network capabilities and reduce the time to reach
> all mobile subscribers in a territory. Thus far we have a live pilot
> implementation across the 3 major Canadian operators [2] and a non-
> commercial test site connected to
> 12 European operators [3], and will be releasing v1.0 specifications
> backed by the OMA this month.
>
> For the first release we did not attempt to prescribe an AAA model to
> operators, instead leaving them to reuse their own SDP AAA
> implementation for OneAPI. For our second phase now underway we would
> like to provide a recommended reference implementation AAA model for
> operators who are unsure how to allow secure API access whilst
> allowing user consent and privacy to be respected. Therefore we have
> discussed OAUTH as an ideal candidate that will be well-known to Web
> developers.
>
> My question regards the suitability of WRAP for such a reference
> implementation: the decoupling of authentication is good sense and
> would be welcome by operators, however it appears that WRAP is
> deprecated and is intended to be replaced by OAUTH 2.0 - is that
> right?  Please could you provide any details on the plans for if/how
> the two will interoperate? If it's at all possible, we would very much
> welcome a member of the group to present on WRAP at one of our face-to-
> face meetings in London - if that is of interest please let me know
> and I can make arrangements.
>
> Thanks for your time and look forward to your advice.
>
> Kind regards,
> Kevin
>
> [1] http://www.gsmworld.com/oneapi
> [2] http://canada.oneapi.gsmworld.com/
> [3] http://oneapi.aepona.com/
>
> Kevin Smith
> Senior Technology Strategist, R&D
> Vodafone Technology
>
> E-mail: kevin.smith@vodafone.com
>
> --
> You received this message because you are subscribed to the Google Groups
> "OAuth WRAP WG" group.
> To post to this group, send email to oauth-wrap-wg@googlegroups.com.
> To unsubscribe from this group, send email to
> oauth-wrap-wg+unsubscribe@googlegroups.com<oauth-wrap-wg%2Bunsubscribe@googlegroups.com>
> .
> For more options, visit this group at
> http://groups.google.com/group/oauth-wrap-wg?hl=en.
>
>