IETF Logo Mail Archive

Re: [OAUTH-WG] Draft -12 feedback deadline

Marius Scurtescu <mscurtescu@google.com> Wed, 16 February 2011 18:58 UTC

Return-Path: <mscurtescu@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 072423A6D33 for <oauth@core3.amsl.com>; Wed, 16 Feb 2011 10:58:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.977
X-Spam-Level:
X-Spam-Status: No, score=-105.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aba-2RJJq5uI for <oauth@core3.amsl.com>; Wed, 16 Feb 2011 10:58:25 -0800 (PST)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by core3.amsl.com (Postfix) with ESMTP id 0A7073A6D2A for <oauth@ietf.org>; Wed, 16 Feb 2011 10:58:23 -0800 (PST)
Received: from hpaq3.eem.corp.google.com (hpaq3.eem.corp.google.com [172.25.149.3]) by smtp-out.google.com with ESMTP id p1GIwqcb009782 for <oauth@ietf.org>; Wed, 16 Feb 2011 10:58:52 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1297882732; bh=T7WaPRqqk5l+Lnw6E/47BO5XOWY=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=pjFyeXrL/XgqdsBtBcDsJ34qv6p7eWohrMPjSWin791tpNHpHicCGC3HLf+7xeSnl XRbCWJVBGGdOq2XmDSj+Q==
Received: from yie19 (yie19.prod.google.com [10.243.66.19]) by hpaq3.eem.corp.google.com with ESMTP id p1GIwfsW021547 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <oauth@ietf.org>; Wed, 16 Feb 2011 10:58:50 -0800
Received: by yie19 with SMTP id 19so823476yie.31 for <oauth@ietf.org>; Wed, 16 Feb 2011 10:58:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ScJDYE8xRett9pU0CSKGQowDZDSoXXO04i7Y3NQ/Cp0=; b=AfGAgakLpu09oPPiKrKK9X96NgIMQkWXX94YBI1EWj526orfyuLLLp1efS/Iiqz9+C f3fI2TjhyAhCVA5ovOWg==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=fTdBUY4vANEfDuNHdWa/o/KFkrVlbXVo8gHc8Cn1X5MOw+IYjsOpwCX2uGjNSSuAq8 zWZJnpbL0w7gXtVLSRJw==
Received: by 10.101.182.16 with SMTP id j16mr364456anp.232.1297882730075; Wed, 16 Feb 2011 10:58:50 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.12.3 with HTTP; Wed, 16 Feb 2011 10:58:29 -0800 (PST)
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723445A91D3F44@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E723445A8D6254D@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTinMjQW26mLkoN7oMdLWLGAHp0_O9LbVi13RpMJB@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723445A91D3EE9@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTimjWkO8o+z+P=AKpyYkSjTh6oS7uM9N0JwR_vR6@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723445A91D3F44@P3PW5EX1MB01.EX1.SECURESERVER.NET>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Wed, 16 Feb 2011 10:58:29 -0800
Message-ID: <AANLkTi=tvwsR=_EhPRkYEwC+ERwRCNN2aAWDqRDvwx8B@mail.gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-System-Of-Record: true
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Draft -12 feedback deadline
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Feb 2011 18:58:26 -0000

On Wed, Feb 16, 2011 at 10:43 AM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
>
>
>> -----Original Message-----
>> From: Marius Scurtescu [mailto:mscurtescu@google.com]
>> Sent: Wednesday, February 16, 2011 9:05 AM
>
>> Yes, I understand. But Native Apps have no appropriate flow now, and they
>> started the whole protocol.
>
> I am not sure "they started the whole protocol" (it was more like OpenID in Twitter API), but either way, why can't they use the implicit grant type? That's where the specification is guiding them towards.

That would be the old User-Agent flow?

That's terrible for native apps, native apps need long lived credentials.

Marius

v2.23.0 | Report a Bug | By Email