Re: [OAUTH-WG] Scope parameter values for "authorization_code" and "client_credentials" based access tokens
Bill Mills <wmills_92105@yahoo.com> Sun, 16 February 2014 04:30 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2E9E1A034D for <oauth@ietfa.amsl.com>; Sat, 15 Feb 2014 20:30:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.046
X-Spam-Level:
X-Spam-Status: No, score=-2.046 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nkh6nRBuvQlq for <oauth@ietfa.amsl.com>; Sat, 15 Feb 2014 20:30:23 -0800 (PST)
Received: from nm50-vm2.bullet.mail.bf1.yahoo.com (nm50-vm2.bullet.mail.bf1.yahoo.com [216.109.115.221]) by ietfa.amsl.com (Postfix) with ESMTP id AA33F1A034A for <oauth@ietf.org>; Sat, 15 Feb 2014 20:30:22 -0800 (PST)
Received: from [98.139.212.153] by nm50.bullet.mail.bf1.yahoo.com with NNFMP; 16 Feb 2014 04:30:20 -0000
Received: from [98.139.212.206] by tm10.bullet.mail.bf1.yahoo.com with NNFMP; 16 Feb 2014 04:30:20 -0000
Received: from [127.0.0.1] by omp1015.mail.bf1.yahoo.com with NNFMP; 16 Feb 2014 04:30:20 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 453658.32554.bm@omp1015.mail.bf1.yahoo.com
Received: (qmail 20146 invoked by uid 60001); 16 Feb 2014 04:30:20 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1392525020; bh=G3MZHetHpgAuyww5ADWRMbWQ/BKhcHWzSNUgb2I/Tbs=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=K1uqNXwpfisQlvUCxNcISEeQ38zr4ycNMqQsYUr3esqJrEkVkeMnaLqch72ngfKVclmDhUw8fQedsh+426Uxah8CiDIpdv+VBwyxlB4HuXYCyMl7vTK7CdqpTTJqWFaG3g0MxCMzFC49yPbz8ekq9ytYemJPA1mbXQhIiGvBp84=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=VzRr3uqp0AJX0aLdcJQKZmnZlntITq0hnERol2T43Mxu4Ylknt00ygqqTieV+BMQbu6KllyMolU8UJ+z9ZB/6Bc7yil5tvuFE+oW1ALAi2GG4esA1BKclBvvFWJWGQP0P+LhJ3kgCLyGZDnaj9ttL1VzbwUCiDj3KLpyY+QP/GA=;
X-YMail-OSG: DoameloVM1ninSDiYKE823yi9748FFVL4rmgwvlEtyDwF5_ oQgfkMGU7rqKEea4CZxYBZxl1m7fR1tOhjo6md26qqMTqdc5h5vTclVdz_bn qmcaUsu7NJd12vp31TliGsWwGlsHqOceHZK7BgW9_u5SysDN3JNnRoO98MoO SyRblmLNDmDzAln9ikuSgkR_SVyGtDrc3i2_P_VWkDvSvYZwHCa03XAk8i.o X_kZmeVMnDDT77DpiGzTnF8AUL_cGy9hgN.Z6ctog_szcDuekGnXpIWehxqS 6ggrz.WaJBKCfh_pvC4pWHLZF4Q9SLCfGEhMXbEhOJHt55EN99UGzbMIRSlt VijcqsgOSr3IBcXYhSDVsxs6oEYNO0S1kntP0s6vfbhL9CBVbOkCXJM3NgTv a04H8idU9EFPj6XAX6htCmIYjx4qfmtTS26rd9Eiw.5OMfWQkReX6m7I16iS jHRhpO3K9KmVulesgNJDWsOLZZuO8IEicarbxDzky5i_M4qJVxPl9tbNmrTK zEHwUPYB7lo698RPoXbyo6k52xoYj6W4fnUjXknPKr8njs9Vri4RA.rBkIMu Ua7sJlJkJpWiVQLE-
Received: from [99.31.212.42] by web142801.mail.bf1.yahoo.com via HTTP; Sat, 15 Feb 2014 20:30:20 PST
X-Rocket-MIMEInfo: 002.001, VG8gdG9rZW5zIHRoZW1zZWx2ZXMgZG9uJ3QgZGlmZmVyIGJhc2VkIG9uIGhvdyB0aGV5IGFyZSBvYnRhaW5lZCB1bmxlc3MgeW91IHdhbnQgdGhlbSB0by4gwqBObyByZXF1aXJlbWVudCB0byBtYXRjaCBzY29wZSB0byB0aGUgY2xpZW50IElEIGVpdGhlciwgYnV0IGFnYWluIGl0J3MgdXAgdG8geW91LgoKWW91IGRvIHdhbnQgdG8gZ2V0IHRoaXMgcmlnaHQuIMKgVGhlIGNoYWxsZW5nZSBoZXJlIGlzIHRoYXQgeW91ciByZXNvdXJjZSBzZXJ2ZXJzIGhhdmUgdG8gZ2V0IHVwZGF0ZWQgdG8gc3VwcG9ydCBuZXcBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.177.636
References: <002301cf2ac2$f0053990$d00facb0$@reminetworks.com>
Message-ID: <1392525020.7390.YahooMailNeo@web142801.mail.bf1.yahoo.com>
Date: Sat, 15 Feb 2014 20:30:20 -0800
From: Bill Mills <wmills_92105@yahoo.com>
To: Donald Coffin <donald.coffin@reminetworks.com>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <002301cf2ac2$f0053990$d00facb0$@reminetworks.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="469468616-1506815308-1392525020=:7390"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/FYrM_UdMFQBaKtYGghoJvWScISg
Cc: greenbutton-dev <greenbutton-dev@googlegroups.com>
Subject: Re: [OAUTH-WG] Scope parameter values for "authorization_code" and "client_credentials" based access tokens
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Feb 2014 04:30:25 -0000
To tokens themselves don't differ based on how they are obtained unless you want them to. No requirement to match scope to the client ID either, but again it's up to you. You do want to get this right. The challenge here is that your resource servers have to get updated to support new scopes. If they support auto-updates then it's not quite as big a deal but it's still non-trivial. -bill On Saturday, February 15, 2014 7:01 PM, Donald Coffin <donald.coffin@reminetworks.com> wrote: I would like to get the views and comments of the OAuth 2.0 IETF WG on the following design and implementation question: I have an application that supports both “authorization_code” and “client_credentials” based access tokens. The application allows a client to obtain data on a nightly basis for resource owners who have granted the application access to their data. The client application retrieves energy usage information and can potentially need to retrieve data from a few accounts to several million accounts. In order to eliminate the need for the client application to request the data from the resource server one account at a time, the client application has been designed to support “client_credentials” based access tokens. Per [RFC 6749 Section 4.4 – “Client Credentials Grant”] The use of the “client_credentials” based access token will allow the client application to obtain access to the data with a single request, thus significantly reducing the amount of network traffic for both the client and the resource server. The question the design team is struggling with is what should the Scope string be for the “client_credentials” based access token and should there be a single access token or can there be multiple “client_credentials” based access tokens? The client application currently supports the following Scope definitions: · FB=4_5_15;IntervalDuration=900;BlockDuration=monthly;HistoryLength=13 · FB=4_5_16;IntervalDuration=900;BlockDuration=monthly;HistoryLength=13 There are several allowable values for the FB=, IntervalDuration=, BlockDuration=, and HistoryLength= values. At the moment, there are only two defined Scope values, but as you can see, there could easily be many more potential possibilities. The question being discussed, is does the “client_credentials” access token request Scope parameter need to match either of the above two strings or can it be something altogether different? In the event the “client_credentials” access token request Scope parameter needs to match a defined Scope string, does that mean that there MUST be multiple “client_credentials” based access tokens? Thanks in advance for helping clarify our understanding of the relationship between “authorization_code” and “client_credentials” based access tokens. Best regards, Don Donald F. Coffin Founder/CTO REMI Networks 22751 El Prado Suite 6216 Rancho Santa Margarita, CA 92688-3836 Phone: (949) 636-8571 Email: donald.coffin@reminetworks.com _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Scope parameter values for "authorizat… Donald Coffin
- Re: [OAUTH-WG] Scope parameter values for "author… Bill Mills
- Re: [OAUTH-WG] Scope parameter values for "author… Donald Coffin
- Re: [OAUTH-WG] Scope parameter values for "author… Bill Mills
- Re: [OAUTH-WG] Scope parameter values for "author… Donald Coffin
- Re: [OAUTH-WG] Scope parameter values for "author… Bill Mills
- Re: [OAUTH-WG] Scope parameter values for "author… Donald Coffin
- Re: [OAUTH-WG] Scope parameter values for "author… Bill Mills
- Re: [OAUTH-WG] Scope parameter values for "author… Donald Coffin
- Re: [OAUTH-WG] Scope parameter values for "author… Marty Burns