Re: [OAUTH-WG] Incorporate or Reference RFC8628 Device Authorization Grant?

Mike Jones <Michael.Jones@microsoft.com> Tue, 12 May 2020 21:54 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 211563A0C29 for <oauth@ietfa.amsl.com>; Tue, 12 May 2020 14:54:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.272
X-Spam-Level:
X-Spam-Status: No, score=-2.272 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.173, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xbCoVKuPZwCb for <oauth@ietfa.amsl.com>; Tue, 12 May 2020 14:54:09 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640097.outbound.protection.outlook.com [40.107.64.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45F7C3A0C28 for <oauth@ietf.org>; Tue, 12 May 2020 14:54:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gKT2rWQDD+BVtzHQczbebnRBQda0AVuwv6s6gw/0s4U1BKCgMeTn63kFJSUxvWBzDlkeWMv3s8oRZhcDKFDbJVbuE8zhPsFHGp3n2zR67xS4MkLU+KJn9JrWIRt8o5/KyeoyWga8vyo+WTLVP0H1oGmEgq1NBtZQ7sMPYSnZ14NCiF27t2er9aawhinuV6dTu2LQuVp3skIIz2axf9hjFQblyUY0R/1c2rYK3Ubp3SSv55PQlf31Q41fG7bBYKc3HxVrq5+RigH9fEBaC9N6n4JrXgg2lG//YTMm/TO2euSR/vRYphyHxSOEyfyFfZUymFFahRVWCJF9oYJJ1XiQ0g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=moruf3283WC6/uwkbv8QMy9LDDRxdJZT0cL/VPPAYbU=; b=V/vxxyHu+gcUNmfbH/A2u5TXsVDQV3TJGOHtoqwPrgO4k+AJkHxldEQru7AdOLOdrHslA1KQgHwErBpkxYgvGtyJQqtF1dZnTDetUrwGLp/iWvmtfmAEFnjKQPlkIaYByzLEU1aeQmCS1sG6l7modop2xjLSJ1cct8/u25yNmBYgzU8lCm5aDOjWXfnRSQi6Dzoj+HXpwNs6VLrVJa0oZc2qujGj4kvbBEwdu9qTUpvpvtdPELqbiscfGaLzIpOk9HbXjrb+lcIpPBoz2a35AfBD8lmVTbD3QCdMxziD2QXYHIBSyG5IdH2CQOl49QTLaN6OLLn2ckXIhiK0w/xbGw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=moruf3283WC6/uwkbv8QMy9LDDRxdJZT0cL/VPPAYbU=; b=VNE+jvJQdU/7ALf3/u3k1behUcpaC4YMAHkwh/z1RCspyPwM/5SupiIuLObz87nJxf+sCYcmcXkh04e+j0+ysd2Ryp/1E+9q6itBbTI0Bggap+5rKLRo+XseYAZ/1CcRqf9gfPtI4gY+OjuVsS49DvrKK904y9n3tRFMRvxb7iQ=
Received: from MN2PR00MB0686.namprd00.prod.outlook.com (2603:10b6:208:15f::13) by MN2PR00MB0477.namprd00.prod.outlook.com (2603:10b6:208:c6::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3035.0; Tue, 12 May 2020 21:54:07 +0000
Received: from MN2PR00MB0686.namprd00.prod.outlook.com ([fe80::68f6:b54c:8d5e:d283]) by MN2PR00MB0686.namprd00.prod.outlook.com ([fe80::68f6:b54c:8d5e:d283%7]) with mapi id 15.20.3035.000; Tue, 12 May 2020 21:54:07 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Aaron Parecki <aaron@parecki.com>, Phillip Hunt <phil.hunt@independentid.com>
CC: OAuth WG <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Incorporate or Reference RFC8628 Device Authorization Grant?
Thread-Index: AdYop9rjj577kAzWQnSdTJuvG5aAhQ==
Date: Tue, 12 May 2020 21:54:07 +0000
Message-ID: <MN2PR00MB06863577B5987174117A1B07F5BE0@MN2PR00MB0686.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=2d450927-f986-4691-b2b5-0000b4961d18; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-05-12T21:53:46Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: parecki.com; dkim=none (message not signed) header.d=none;parecki.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.47.87.252]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: e94f15fb-be54-41ce-f4a7-08d7f6befeac
x-ms-traffictypediagnostic: MN2PR00MB0477:
x-microsoft-antispam-prvs: <MN2PR00MB047700CD6ACA4F734643C102F5BE0@MN2PR00MB0477.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6108;
x-forefront-prvs: 0401647B7F
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tI0t8fOy4Dcjz7GVZ98VNXd1WE7eIp4LF9iRKvaiSvmhl+ITfw1c3TBwlbjcTahPUpPHmgyRMALDrjuZEQFC33RFhNtPDKUd3MSMJrG0sA8cgH6O1PPE2enAmipeWPOamFUXOLYhCTxMI7+FsL8x5ZNKakWgwpjBBf07lGPsCwv8z2g8bqzH9EUU6zoUeCHy6gvrB8NSXNJt41j67ZQ81l86vcxFDuHVFwYI3zdmdW6a29DIlUpy/+g6QlTZIrD83x7KN1nNhOdOY+tphwqFfZclmPO/SoGEFMoTL47ytOZc9/kc7gcItZDu8PPCFaJvqKCaNQXHKAW7ZuTApnKel9SQ9cWa3/bRrx000EVx7xgpO5hZOd+OtpG4chAKv1py6ZmMYjQoyGY4cML9vzQYmrDkMubVRPORK/BpUAlto2wipUAicIVhLDr9xZMrkKD1B09mfbOVS3gov81Xj2fX5QXmo2dkJlO6DCl/99Jbdgg=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR00MB0686.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(136003)(346002)(376002)(366004)(39860400002)(33430700001)(82960400001)(33440700001)(166002)(4326008)(9686003)(55016002)(8676002)(8936002)(2906002)(186003)(82950400001)(66946007)(5660300002)(71200400001)(66476007)(66556008)(64756008)(66446008)(76116006)(52536014)(10290500003)(478600001)(8990500004)(966005)(110136005)(86362001)(316002)(7696005)(53546011)(6506007)(26005)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: +haxOBiT+O1Z2BEHVl5PDW96Sm4abEVyrrztKYPz5jMnO9rQANQRWY7EwfyzFaehb27Lrt5cDeoHDkglkYQcJIwP3gp+W+HvTLUXdRF1RqiZLQzCxjdZmvWA1XB30JDSDpzWPTQvZeMTumJmeK5Ml0W7WZ5tKM+F21I13F2wwk5YxxihkI1REYbdTK8m730rubc9Zs51siY7bQa0Aw8+zr175c40OigGfJkBGkE1E1OiWe8eVuKmTVoLaPQ3a8j4zazcj0X3vfvDD58ejzhHMS/A16VtNdQz36AFvKT+sbga9GjyDrWXWDPsD837jQJya5HPpPIRd7NI8N/z3syHJ26Oisf3TMsONjIquHMCqIRHzpgPJ+eonYKceONUjZncVONgEIQ8RbQJ991X6+mEKumpWGpyNT9SplVQar7Cc7lWBt2eCB+08P8snVqAYaQXWnPCKlya+NGZ4tEe7i7eeblvAEPpoor45vQob9yiAuM=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR00MB06863577B5987174117A1B07F5BE0MN2PR00MB0686namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR00MB0686.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e94f15fb-be54-41ce-f4a7-08d7f6befeac
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 May 2020 21:54:07.1389 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: H2YzQ0BYlr6GEzz4qlhTrziH2Pz2iM27u42e99EwoeWmM4g7Q+YepPRsrvP2atmRmS7S3IHdZ1y8LgKDkd1U2Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR00MB0477
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/v2zVMkfs0AzgqAqOeCAwsb8pk8I>
Subject: Re: [OAUTH-WG] Incorporate or Reference RFC8628 Device Authorization Grant?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2020 21:54:11 -0000

Works for me

From: OAuth <oauth-bounces@ietf.org> On Behalf Of Aaron Parecki
Sent: Tuesday, May 12, 2020 2:44 PM
To: Phillip Hunt <phil.hunt@independentid.com>
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Incorporate or Reference RFC8628 Device Authorization Grant?

I have a draft I'm about to publish after our recent discussions. One of the changes is adding an appendix that lists out a bunch of existing OAuth extensions, and the device grant is in there. I also replaced the "Extension Grants" example in section 4.3 (https://tools.ietf.org/html/draft-parecki-oauth-v2-1-02#section-4.3) with the device grant since that is deployed far wider than the SAML Assertion grant that was in that example in RFC6749. This will be published as version -03 in the next few days. Do you think that would be enough?

Aaron Parecki


On Tue, May 12, 2020 at 2:39 PM Phillip Hunt <phil.hunt@independentid.com<mailto:phil.hunt@independentid.com>> wrote:
One of the use cases brought up in the ROPC thread mentioned that redirect was hard to do in some cases (like IoT). This reminded me of RFC8628, the OAuth Device Authorization Grant. I mention it because for *some* of the cases who say redirection is hard may be able to use the Device Authz Grant.

Would it be worth including a section in OAuth 2.1 referencing RFC8628 or, possibly incorporating it?

Phil Hunt
@independentid
phil.hunt@independentid.com<mailto:phil.hunt@independentid.com>



_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth