IETF Logo Mail Archive

Re: [OAUTH-WG] resource server id needed?

Luke Shepard <lshepard@facebook.com> Thu, 15 July 2010 05:59 UTC

Return-Path: <lshepard@facebook.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F2243A6A0A for <oauth@core3.amsl.com>; Wed, 14 Jul 2010 22:59:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.101
X-Spam-Level:
X-Spam-Status: No, score=-1.101 tagged_above=-999 required=5 tests=[AWL=1.299, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uFb+aQjvSWKO for <oauth@core3.amsl.com>; Wed, 14 Jul 2010 22:59:08 -0700 (PDT)
Received: from mx-out.facebook.com (outmail004.snc1.tfbnw.net [69.63.178.163]) by core3.amsl.com (Postfix) with ESMTP id 606033A69F6 for <oauth@ietf.org>; Wed, 14 Jul 2010 22:59:07 -0700 (PDT)
Received: from [10.18.255.131] ([10.18.255.131:25913] helo=mail.thefacebook.com) by mta025.snc1.facebook.com (envelope-from <lshepard@facebook.com>) (ecelerity 2.2.2.45 r(34067)) with ESMTP id 95/14-05162-3B3AE3C4; Wed, 14 Jul 2010 22:59:15 -0700
Received: from SC-MBX06.TheFacebook.com ([169.254.5.94]) by sc-hub03.TheFacebook.com ([fe80::1cfe:1f6b:8b35:cf7f%11]) with mapi; Wed, 14 Jul 2010 22:59:14 -0700
From: Luke Shepard <lshepard@facebook.com>
To: Ivan Pulleyn <ivan.pulleyn@gmail.com>
Thread-Topic: [OAUTH-WG] resource server id needed?
Thread-Index: AQHLI6MNM1sZjSQrmUirO3QaOcvB4JKxeEsAgAAAogCAAHglgIAAAYSAgAABLgA=
Date: Thu, 15 Jul 2010 05:59:12 +0000
Message-ID: <032F9645-1006-440B-B684-A3932F213C68@facebook.com>
References: <4C3E389D.5080300@lodderstedt.net> <AANLkTilbBWMoMj5DIJ7IMYzlBGgZHni7xCYHyAzz_XK4@mail.gmail.com> <95C3FB14-F5C4-4ECB-91EF-9ED988C367DE@hueniverse.com> <6345F9F9-2EDD-4199-9C90-339CB1757B0A@lodderstedt.net> <AANLkTinipZXpkw-FeksCQxJYS4NFetu0KFHCSRJ5mmoa@mail.gmail.com>
In-Reply-To: <AANLkTinipZXpkw-FeksCQxJYS4NFetu0KFHCSRJ5mmoa@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: multipart/alternative; boundary="_000_032F96451006440BB684A3932F213C68facebookcom_"
MIME-Version: 1.0
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] resource server id needed?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2010 05:59:18 -0000

Yeah ... seems like OAuth is definitely suited for different resource services - as written, scope takes care of that. For instance Facebook offers messages, photos, and a bunch of other services, across two different APIs (the Graph and REST) and we distinguish permissions using scope.

As others have asked, why can't you just have a bunch of different scopes like read_mail, read_webstorage, read_phone, etc?


On Jul 14, 2010, at 10:54 PM, Ivan Pulleyn wrote:



On Wed, Jul 14, 2010 at 10:49 PM, Torsten Lodderstedt <torsten@lodderstedt.net<mailto:torsten@lodderstedt.net>> wrote:
Did I get you right? Your answer is: Oauth is not suited for deployments with different resource servers which rely in a single authz server?

I don't know why you categorize this as  "complex". Is it so unusual to have let's say mail, webstorage, telephony, and payment services?

At Deutsche Telekom, we operate such a deployment (with much more different resource servers) and I had hoped to move our token service towards OAuth v2.

So would you recommend me zo stick to our proprietary protocol?


I'm confused why scope isn't sufficient for your needs.

Ivan...


_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

v2.35.0 | Report a Bug | By Email | System Status