Re: [OAUTH-WG] Change grant_type="none" to something less confusing
Eran Hammer-Lahav <eran@hueniverse.com> Tue, 20 July 2010 04:34 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 65A8C3A69B3 for <oauth@core3.amsl.com>; Mon, 19 Jul 2010 21:34:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.495
X-Spam-Level:
X-Spam-Status: No, score=-2.495 tagged_above=-999 required=5 tests=[AWL=0.104, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DnHTsXQgaYh5 for <oauth@core3.amsl.com>; Mon, 19 Jul 2010 21:34:13 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id 476AD3A68A3 for <oauth@ietf.org>; Mon, 19 Jul 2010 21:33:51 -0700 (PDT)
Received: (qmail 12687 invoked from network); 20 Jul 2010 04:33:46 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.19) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 20 Jul 2010 04:33:46 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT001.EX1.SECURESERVER.NET ([72.167.180.19]) with mapi; Mon, 19 Jul 2010 21:33:46 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>, OAuth WG <oauth@ietf.org>
Date: Mon, 19 Jul 2010 21:33:50 -0700
Thread-Topic: [OAUTH-WG] Change grant_type="none" to something less confusing
Thread-Index: AcsnicRurGipo9LwR6iF/u6jNWkW2gAFpz1wAAkQ9NA=
Message-ID: <90C41DD21FB7C64BB94121FBBC2E72343B3EEBDE73@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <1279297826.11628.61.camel@localhost.localdomain> <AANLkTinRE0My8GRTVrBM9cwyCWgrpeYQzul3YBp_Z-8A@mail.gmail.com> <AANLkTim_GpxKx2G6FQN9TGwMYxnRv4N7pOo7Yo3g2s6c@mail.gmail.com> <AANLkTinDwGDYq4IYA9BKJakdEMnR8FbruTqR4i_zS88p@mail.gmail.com> <AANLkTinbbIJ03UPFWibPJC569ckseU33Tnyf-1BYRGj2@mail.gmail.com> <AANLkTimfdpugQSgTMUPtLy-xOMIB-dJ4E8IMzB5EwU6R@mail.gmail.com> <AANLkTintmqhY1PY51h4DcXEI0r3FQmIB92pP3vykPQrw@mail.gmail.com> <3AF1FD6F-2178-42ED-833C-D93C534DDA8A@hueniverse.com> <AANLkTindn2UOcqWz410_UnyAORe58_XpXQKcy5sMt_pF@mail.gmail.com> <AA83846D-1817-4B51-9F3E-CA9DD91862D6@facebook.com> <AANLkTinrz-KCjHpeUCnDpJhRGRCHoY_nl3fKgNgivoxi@mail.gmail.com> <81CECB0D-6AFE-4E21-9211-86648FC6EAA8@hueniverse.com> <1279559831.6181.17.camel@localhost.localdomain> <AANLkTiliwXhXDmhW2Va_VZ_LPlPj0Ryg12QzHPtH7xCP@mail.gmail.com> <255B9BB34FB7D647A506DC292726F6E11266423B3A@WSMSG3153V.srv.dir.telstra.com>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E11266423B3A@WSMSG3153V.srv.dir.telstra.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Change grant_type="none" to something less confusing
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2010 04:34:21 -0000
I don't have anything against this approach but I suspect others might. I think a few examples would be useful to demonstrate these ideas. EHL > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Manger, James H > Sent: Monday, July 19, 2010 6:26 PM > To: OAuth WG > Subject: Re: [OAUTH-WG] Change grant_type="none" to something less > confusing > > grant_type=client_credential sounds ok. > An even better approach to addressing the discussions about grant_type and > assertions would be to focus on the *token response* as a standalone media > type, instead of focusing on a common token endpoint. > > I don't think requiring the same token endpoint for the different flows is > actually that helpful for anyone -- and it has caused confusion/complexity by > *coupling* a variety of quite disparate flows (with a continuing debate on > what is core vs extension). > > Any particular app is likely to only be interested in one section 4 flow > ("Obtaining an access token"). > Services are free to use a common base URI for any section 4 flows even if > that commonality isn't required by the spec. > > A common token URI might help if there was a single way to discover it for all > flows. So far there isn't, and I doubt there needs to be, nor should be. > Discovering a token endpoint by itself is not that useful. A client needs to > know which flows work at that endpoint. Was discovery mentions a specific > flow, it may as well provide the endpoint for that flow. > > * The token endpoint to send an authorization code could be "discovered" > from the code itself (make the code a URI). > * The token endpoint for an assertion flow could be discovered in the same > place that describes the required assertion profile -- perhaps WS- > MetadataExchange? > * The token endpoint to refresh a token should be discovered when the > token is initially provided (ie as part of the token response media type -- > make the token info self-descriptive). > * The token endpoint for a client to use on its own behalf should be provided > as part of the signal that says the client needs to make this swap (eg a WWW- > Auth response, either the same or different from the WWW-Auth response > signalling user-delegation is supported). > > > draft-campbell-oauth-saml, for instance, could define an HTTP request with > assertion_type and assertion parameters, and state that the result uses the > token response media type. The media type is a cleaner dividing line > between draft-campbell-oauth-saml and OAuth2 core. > > > -- > James Manger > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Change grant_type="none" to something … Justin Richer
- Re: [OAUTH-WG] Change grant_type="none" to someth… Marius Scurtescu
- Re: [OAUTH-WG] Change grant_type="none" to someth… Brian Eaton
- Re: [OAUTH-WG] Change grant_type="none" to someth… Brian Campbell
- Re: [OAUTH-WG] Change grant_type="none" to someth… Brian Eaton
- Re: [OAUTH-WG] Change grant_type="none" to someth… Torsten Lodderstedt
- Re: [OAUTH-WG] Change grant_type="none" to someth… David Recordon
- Re: [OAUTH-WG] Change grant_type="none" to someth… Brian Eaton
- Re: [OAUTH-WG] Change grant_type="none" to someth… Brian Campbell
- Re: [OAUTH-WG] Change grant_type="none" to someth… Eran Hammer-Lahav
- Re: [OAUTH-WG] Change grant_type="none" to someth… Eran Hammer-Lahav
- Re: [OAUTH-WG] Change grant_type="none" to someth… Brian Eaton
- Re: [OAUTH-WG] Change grant_type="none" to someth… Eran Hammer-Lahav
- Re: [OAUTH-WG] Change grant_type="none" to someth… Brian Eaton
- Re: [OAUTH-WG] Change grant_type="none" to someth… Brian Eaton
- Re: [OAUTH-WG] Change grant_type="none" to someth… Luke Shepard
- Re: [OAUTH-WG] Change grant_type="none" to someth… Eran Hammer-Lahav
- Re: [OAUTH-WG] Change grant_type="none" to someth… Brian Eaton
- Re: [OAUTH-WG] Change grant_type="none" to someth… Brian Eaton
- Re: [OAUTH-WG] Change grant_type="none" to someth… Eran Hammer-Lahav
- Re: [OAUTH-WG] Change grant_type="none" to someth… Dick Hardt
- Re: [OAUTH-WG] Change grant_type="none" to someth… Justin Richer
- Re: [OAUTH-WG] Change grant_type="none" to someth… Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] Change grant_type="none" to someth… Brian Eaton
- Re: [OAUTH-WG] Change grant_type="none" to someth… Manger, James H
- Re: [OAUTH-WG] Change grant_type="none" to someth… Eran Hammer-Lahav