[OAUTH-WG] third party applications
Dima Postnikov <dima@postnikov.net> Fri, 28 August 2020 03:26 UTC
Return-Path: <dima.postnikov@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1051B3A1511 for <oauth@ietfa.amsl.com>; Thu, 27 Aug 2020 20:26:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=postnikov-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RB4WZEjU8iqD for <oauth@ietfa.amsl.com>; Thu, 27 Aug 2020 20:26:54 -0700 (PDT)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE0F73A150F for <oauth@ietf.org>; Thu, 27 Aug 2020 20:26:54 -0700 (PDT)
Received: by mail-pj1-x1034.google.com with SMTP id 2so3672768pjx.5 for <oauth@ietf.org>; Thu, 27 Aug 2020 20:26:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=postnikov-net.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=LyAnSv0etM8nkWSutkBFiUqGsGBO2NVOSabN4ocqaps=; b=I1it2UFUEKMtMmqgLIGqFWlJD+Iz+X1I2ZGdPKjvS1y6L2buCVWxI9xnSfJhn15RHR 9rbxjkvPmiC0hQvsHsHbO8aLQenGjMgBtb5KyJ6wmz+EiTqrF3CXfTO7VQwuVB4tWWf3 mK3T3J+DpzB7kAW9CFLKJohnOAuSgN8Tz/qD+KUS0VHUuDNu4V4K+w9hy2Ld7uHABw0x OX3U/PaSAPoL4w9dLIe6C1g7dWdO/afab8NVDM5tgryzDkoVHTeFcbYrCx9KafNPx2Aw ZaSUbBKG9YbhOzx95g5qfMoLxAcz8YeNigtu8ujQDB5QmZG2PL2J/56VzG6H0niY6/YQ W3hQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=LyAnSv0etM8nkWSutkBFiUqGsGBO2NVOSabN4ocqaps=; b=kCi4L1WGBx2rZsYlmgSfd0HyZYsj9R1Jq77Ajg/zlPCBc5XeSnGXpX6iaRbhqqzVwb qE8rhL/LFni0KT7HbO72d2IdHNyJWUEkAJ+B2zG/OwhQiHua3X0GNXnC5VGrvdB6zu9x +C6TBvRLjW7o88vd6cD0DmeRyWlTb+VvsAkFaLKa8R6Xk5ivVI/NQYbkGv3bS0/YQytl Xb8PyVttonndUZcrrpGr1OZzVkOI4V2S0cCLpAiwnAm6nPbLvIVKXXPpGxx56B3xj4y+ c4w/b5hilsn/LBPjP8IcVaAK4+CweYSTYKDEsnjTylsIe/FCURFdMxlfRRMwFAMdnAlR 5GIA==
X-Gm-Message-State: AOAM530J3kXV6f4DXDgvgwtBi6VhGiu4lqi0MmZR/1p+mBZ/cyXVLqgU vtoNjuCIKS+9ufrTBix8uxq/TjaZd3yiPd8qqjBtoU8RggYUvTTn
X-Google-Smtp-Source: ABdhPJxGw+2O6EnEuMoOQYLjIqLTUq85HxDuFsd1qclygTDXzyGn7N9qYRj4ytuEPae/ZW7qLO6TZxNd2P025zHF+Yo=
X-Received: by 2002:a17:90a:fe0e:: with SMTP id ck14mr631520pjb.218.1598585213969; Thu, 27 Aug 2020 20:26:53 -0700 (PDT)
MIME-Version: 1.0
From: Dima Postnikov <dima@postnikov.net>
Date: Fri, 28 Aug 2020 13:26:41 +1000
Message-ID: <CAEMK1uY0cSOyyU2t0N9RTOzmMeEpfMsb7K9WfQD=fQdCde9jTQ@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000d2681905ade79f78"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/Ltm9TJ2mtfNAnHYhdV0-q5mEjdc>
Subject: [OAUTH-WG] third party applications
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Aug 2020 04:05:27 -0000
Hi, Can "third-party" term be removed from the specification? The standard and associated best practices apply to other applications that act on behalf of a resource owner, too (internal, "first-party" and etc). Regards, Dima The OAuth 2.1 authorization framework enables a *third-party* application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This specification replaces and obsoletes the OAuth 2.0 Authorization Framework described in RFC 6749 <https://tools.ietf.org/html/rfc6749>.
- [OAUTH-WG] third party applications Dima Postnikov
- Re: [OAUTH-WG] third party applications Torsten Lodderstedt
- Re: [OAUTH-WG] third party applications Dick Hardt
- Re: [OAUTH-WG] third party applications Torsten Lodderstedt
- Re: [OAUTH-WG] third party applications Dick Hardt
- Re: [OAUTH-WG] third party applications Torsten Lodderstedt
- Re: [OAUTH-WG] third party applications Jim Manico
- Re: [OAUTH-WG] third party applications Jeff Craig
- Re: [OAUTH-WG] third party applications Aaron Parecki
- Re: [OAUTH-WG] third party applications Dima Postnikov
- Re: [OAUTH-WG] third party applications Denis
- Re: [OAUTH-WG] third party applications Dima Postnikov
- Re: [OAUTH-WG] third party applications William Denniss
- Re: [OAUTH-WG] third party applications Torsten Lodderstedt
- Re: [OAUTH-WG] third party applications Jeff Craig
- Re: [OAUTH-WG] third party applications Dima Postnikov