IETF Logo Mail Archive

Re: [OAUTH-WG] Dynamic client registration and the audience (resource) indicators

Justin Richer <jricher@mit.edu> Mon, 28 November 2016 18:47 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5F831293F2 for <oauth@ietfa.amsl.com>; Mon, 28 Nov 2016 10:47:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.698
X-Spam-Level:
X-Spam-Status: No, score=-5.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.497, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RWYRAPU9nm61 for <oauth@ietfa.amsl.com>; Mon, 28 Nov 2016 10:47:07 -0800 (PST)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C425212947C for <oauth@ietf.org>; Mon, 28 Nov 2016 10:47:07 -0800 (PST)
X-AuditID: 1209190f-6b7ff70000001116-1f-583c7ba972d8
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id A6.1C.04374.9AB7C385; Mon, 28 Nov 2016 13:47:05 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id uASIl5Et005693; Mon, 28 Nov 2016 13:47:05 -0500
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id uASIl3ia010334 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 28 Nov 2016 13:47:04 -0500
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <c607334a-edcd-2be6-1796-7b31e070bad0@gmail.com>
Date: Mon, 28 Nov 2016 13:47:03 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <BFE837C1-C2A8-4393-A6E1-3F56E45AC12C@mit.edu>
References: <c607334a-edcd-2be6-1796-7b31e070bad0@gmail.com>
To: Sergey Beryozkin <sberyozkin@gmail.com>
X-Mailer: Apple Mail (2.3124)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrFIsWRmVeSWpSXmKPExsUixCmqrLuy2ibC4FmHhcXJt6/YLP4ttXdg 8tg56y67x5IlP5kCmKK4bFJSczLLUov07RK4Mh7s/cRU8JW7YsfmY+wNjDc5uxg5OSQETCSW ta1n7mLk4hASaGOSmHPhMTuEs5FR4v/ETlYI5yGTxKOW1WwgLcwC6hJ/5l1iBrF5BfQkNq1/ ywRiCwtESWyYtAishk1AVWL6mhagOAcHp4CtRNtuVZAwC1D44ZRfrCBhkDHtJ10gJmpLLFv4 GmqilcTyPRfZQWwhARuJZ02NYNNFgGouvr7FDnG0rMSTk4tYJjAKzEJy0CwkB81CMnYBI/Mq RtmU3Crd3MTMnOLUZN3i5MS8vNQiXRO93MwSvdSU0k2M4CCV5N/BOKfB+xCjAAejEg/vDiub CCHWxLLiytxDjJIcTEqivNPdgEJ8SfkplRmJxRnxRaU5qcWHGCU4mJVEeMOqgHK8KYmVValF +TApaQ4WJXHe/25fw4UE0hNLUrNTUwtSi2CyMhwcShK880AaBYtS01Mr0jJzShDSTBycIMN5 gIYrgw0vLkjMLc5Mh8ifYlSUEudtrwRKCIAkMkrz4HpBSSTh7WHTV4ziQK8I8xaAtPMAExBc 9yugwUxAg9++tgYZXJKIkJJqYJxmcvTakjt+txqfK6z28NNt73Cd+P7M7p6b8Ze5N6jOufDv A++Z9ovPKvrrLmbNPBZvZn+liP1jz6ISoeSFnIennS5zFJz7oNauQaVG9vrWKb+F1l2Uu/m1 JaXXMWNvv/z36Q/W/2v4+OLrbY9P105wnHbVW6mdZsu2o+74ymDVnAXNyiKtUtVKLMUZiYZa zEXFiQCL1IbA/QIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/JzLZjTA3gIWS1e4uYEOuULXv0k0>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Dynamic client registration and the audience (resource) indicators
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2016 18:47:10 -0000

I would consider that a totally reasonable extension. You will need to define what the behavior is if the client doesn’t provide a value for that field: is there a default? Are there no resources available to the client?

 — Justin

> On Nov 28, 2016, at 12:21 PM, Sergey Beryozkin <sberyozkin@gmail.com> wrote:
> 
> Hi All
> 
> Our AS allows for the manual client registration with the UI offering an option to assign the audience/resource URIs to a given Client registration with all the associated future access tokens inheriting them.
> 
> The client will not have to follow the resource indicator registration as recommended at [1] - the administrator who registers the clients sets the audiences.
> 
> We'd like to achieve the same with the dynamic client registration but my colleague noted the client metadata in the dynamic registration request has no 'audience' property.
> 
> We will consider supporting either an 'audience' or 'resource' property - does it sound reasonable ?
> 
> By the way, as far as [1] is concerned, should a 'resource' property support an array of audiences ? (To support a case a client needed to talk to several RSs to complete a given action)
> 
> Thanks, Sergey
> 
> [1] https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.43.4 | Report a Bug | By Email | System Status