IETF Logo Mail Archive

Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-resource-indicators-01.txt

"torsten@lodderstedt.net" <torsten@lodderstedt.net> Tue, 05 April 2016 15:42 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71FB912D6C8 for <oauth@ietfa.amsl.com>; Tue, 5 Apr 2016 08:42:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.621
X-Spam-Level:
X-Spam-Status: No, score=-2.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u4Gwa3Z1mWmf for <oauth@ietfa.amsl.com>; Tue, 5 Apr 2016 08:42:15 -0700 (PDT)
Received: from smtprelay06.ispgateway.de (smtprelay06.ispgateway.de [80.67.31.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3DE2412D67C for <oauth@ietf.org>; Tue, 5 Apr 2016 08:42:00 -0700 (PDT)
Received: from [80.187.80.144] (helo=[10.133.89.241]) by smtprelay06.ispgateway.de with esmtpsa (TLSv1.2:DHE-RSA-AES128-GCM-SHA256:128) (Exim 4.84) (envelope-from <torsten@lodderstedt.net>) id 1anT76-00059V-QK; Tue, 05 Apr 2016 17:41:57 +0200
Date: Tue, 05 Apr 2016 12:41:51 -0300
Message-ID: <ttie4nq0eyyhyf2dhgseauug.1459870911686@com.syntomo.email>
In-Reply-To: <CA+k3eCSzUcrfhwuBUL1Zh0tb69x1FGw1o919TNptSg=LfYVYZw@mail.gmail.com>
References: <20160321173103.31961.76817.idtracker@ietfa.amsl.com> <CAAX2Qa2kovVmCoByJc0HsE9a3ZS6Lm+9F2bzgynBoahttcv8Zw@mail.gmail.com> <CA+k3eCSOMkm+1_0+77+RONTVMbS=y9KpPWaO4jAEU0CfiiGF-Q@mail.gmail.com> <7CDE7D76-4E6C-4060-A0AB-C7D0FE8C9246@lodderstedt.net> <CA+k3eCSzUcrfhwuBUL1Zh0tb69x1FGw1o919TNptSg=LfYVYZw@mail.gmail.com>
From: "torsten@lodderstedt.net" <torsten@lodderstedt.net>
To: bcampbell@pingidentity.com
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="--_com.syntomo.email_1639641050344420"
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/I8TmbTtjYK3BbN3i0ovnH-XXLxc>
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-resource-indicators-01.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2016 15:42:18 -0000

Hi Brian,

I assume resource server ids or URIs to be a names namespace for scope values or that scope values are be bound to certain resource servers. It seems you have less coupling in mind?

Best regards,
Torsten.

Sent by MailWise – See your emails as clean, short chats.

-------- Originalnachricht --------
Betreff: Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-resource-indicators-01.txt
Von: Brian Campbell <bcampbell@pingidentity.com>
An: Torsten Lodderstedt <torsten@lodderstedt.net>
Cc: oauth <oauth@ietf.org>

>Sorry for the slow response, Torsten, I was on vacation last week with my
>family.
>
>The omission of scope values in the example requests wasn't really
>intentional so much as just an initial desire to have a minimal amount of
>stuff in the examples. Adding a scope parameter to the example
>authorization request (Figure 1) would probably be a good thing to do. I'll
>make a note to do so.
>
>As far as the relationship between scope and resource. Scope is *what*
>access is being requested/granted. And resource is about *where* a
>particular access token will be used. I envision resource as allowing for
>scope to
>
>Note that, as currently written anyway, resource is unlike scope in that
>it's not something that the end-user approves or denies access to and it's
>not something that is persisted with the grant. It only informs the access
>token being requested at the time. So it'd be used at the token endpoint
>when getting an access token. And only at the authorization endpoint when
>an access token will come back directly in the authorization response
>(implicit flows).
>
>Currently, yes, multiple resources are allowed by the draft to indicate
>multiple RSs.  Though there's a note in there questioning it because it
>complicates things in some situations where different token content or
>encryption is needed for different RSs that are asked for in the same
>request.
>
>
>
>On Sat, Apr 2, 2016 at 8:04 AM, Torsten Lodderstedt <torsten@lodderstedt.net
>> wrote:
>
>> Hi Brian,
>>
>> did you intentionally omit scope values in your example requests? I would
>> like to know what you envision to be the relationshop between scope and
>> resource.
>>
>> As you draft says, we today use scope values to indicate to the AS, which
>> ressource servers the clients wants to access. I think we nearly
>> exclusively use it for that purpose and only seldomly to request certain
>> access rights. One of the advantages is, we can request access to multiple
>> resource servers simple by putting multiple scope values into the scope
>> parameter. Will this be possible with the extension you are proposing?
>>
>> Best regards,
>> Torsten.
>>
>> Am 21.03.2016 um 18:41 schrieb Brian Campbell <bcampbell@pingidentity.com
>> >:
>>
>> Very minor update to this draft before the deadline that moves Hannes from
>> Acknowledgements to Authors in acknowledgment of his similar work a few
>> years ago. Also fleshed out the IANA section with the formal registration
>> requests.
>>
>>
>> ---------- Forwarded message ----------
>> From: <internet-drafts@ietf.org>
>> Date: Mon, Mar 21, 2016 at 11:31 AM
>> Subject: New Version Notification for
>> draft-campbell-oauth-resource-indicators-01.txt
>> To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Hannes Tschofenig <
>> Hannes.Tschofenig@gmx.net>, Brian Campbell <brian.d.campbell@gmail.com>,
>> John Bradley <ve7jtb@ve7jtb.com>
>>
>>
>>
>> A new version of I-D, draft-campbell-oauth-resource-indicators-01.txt
>> has been successfully submitted by Brian Campbell and posted to the
>> IETF repository.
>>
>> Name:           draft-campbell-oauth-resource-indicators
>> Revision:       01
>> Title:          Resource Indicators for OAuth 2.0
>> Document date:  2016-03-21
>> Group:          Individual Submission
>> Pages:          8
>> URL:
>> https://www.ietf.org/internet-drafts/draft-campbell-oauth-resource-indicators-01.txt
>> Status:
>> https://datatracker.ietf.org/doc/draft-campbell-oauth-resource-indicators/
>> Htmlized:
>> https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-01
>> Diff:
>> https://www.ietf.org/rfcdiff?url2=draft-campbell-oauth-resource-indicators-01
>>
>> Abstract:
>>    This straw-man specification defines an extension to The OAuth 2.0
>>    Authorization Framework that enables the client and authorization
>>    server to more explicitly to communicate about the protected
>>    resource(s) to be accessed.
>>
>>
>>
>>
>> Please note that it may take a couple of minutes from the time of
>> submission
>> until the htmlized version and diff are available at tools.ietf.org.
>>
>> The IETF Secretariat
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>

v2.23.0 | Report a Bug | By Email