Re: [OAUTH-WG] Issue: Scope parameter
Mark Mcgloin <mark.mcgloin@ie.ibm.com> Fri, 16 April 2010 13:40 UTC
Return-Path: <mark.mcgloin@ie.ibm.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 708AE3A6AD2; Fri, 16 Apr 2010 06:40:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.114
X-Spam-Level:
X-Spam-Status: No, score=-3.114 tagged_above=-999 required=5 tests=[AWL=-0.556, BAYES_00=-2.599, MIME_BASE64_BLANKS=0.041]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2+Yv9nwRk6uT; Fri, 16 Apr 2010 06:40:31 -0700 (PDT)
Received: from mtagate4.uk.ibm.com (mtagate4.uk.ibm.com [194.196.100.164]) by core3.amsl.com (Postfix) with ESMTP id 7F9EA3A68EA; Fri, 16 Apr 2010 06:33:55 -0700 (PDT)
Received: from d06nrmr1806.portsmouth.uk.ibm.com (d06nrmr1806.portsmouth.uk.ibm.com [9.149.39.193]) by mtagate4.uk.ibm.com (8.13.1/8.13.1) with ESMTP id o3GDXkYE017409; Fri, 16 Apr 2010 13:33:46 GMT
Received: from d06av06.portsmouth.uk.ibm.com (d06av06.portsmouth.uk.ibm.com [9.149.37.217]) by d06nrmr1806.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id o3GDXcci1245424; Fri, 16 Apr 2010 14:33:46 +0100
Received: from d06av06.portsmouth.uk.ibm.com (loopback [127.0.0.1]) by d06av06.portsmouth.uk.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP id o3GDXcq5015797; Fri, 16 Apr 2010 07:33:38 -0600
Received: from d06ml901.portsmouth.uk.ibm.com (d06ml901.portsmouth.uk.ibm.com [9.149.39.138]) by d06av06.portsmouth.uk.ibm.com (8.14.3/8.13.1/NCO v10.0 AVin) with ESMTP id o3GDXcHI015786; Fri, 16 Apr 2010 07:33:38 -0600
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E11257591E3F@WSMSG3153V.srv.dir.telstra.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>
X-Mailer: Lotus Notes Release 7.0 HF400 February 20, 2008
Message-ID: <OF70542F9E.35EC96CC-ON80257707.003656F0-80257707.004A7B66@ie.ibm.com>
From: Mark Mcgloin <mark.mcgloin@ie.ibm.com>
Date: Fri, 16 Apr 2010 14:33:33 +0100
X-MIMETrack: Serialize by Router on D06ML901/06/M/IBM(Release 8.0.2FP2|June 22, 2009) at 16/04/2010 14:33:38
MIME-Version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: base64
Cc: OAuth WG <oauth@ietf.org>, oauth-bounces@ietf.org
Subject: Re: [OAUTH-WG] Issue: Scope parameter
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Apr 2010 13:40:33 -0000
I know we will control scope server side based on the calling client I can see why others may want to have a scope parameter though to allow a client app to decrease the scope they request (assuming short duration access), e.g. client app is entitled to request contacts and files based on their client identifier but they only request contacts for some operation, and the user feels more secure. Is this the main reason for scope? James, how does your proposal work if the client needs access to more than one set of resources? Mark McGloin "Manger, James H" <James.H.Manger@t eam.telstra.com> Sent by: oauth-bounces@iet f.org 16/04/2010 05:43 > So, let’s say there is an Authorization Server available at http://as.com and it protects the http://foo.com and http://bar.com resources. > A client requests http://foo.com. The foo.com server responds with a WWW-Auth that contains the http://as.com URI. The client then sends an access token request to http://as.com. Is that right? > If so, then how does http://as.com know that the intended resource is http://foo.com? Foo.com should point the client at, say, http://as.com/foo/ or http://foo.as.com/ or http://as.com/?scope=foo or http://as.com/?encrypted_resource_id=273648264287642 or whatever it has agreed to with its AS. The WWW-Auth response from foo.com should not be just http://as.com. Foo is much better placed to know it shares as.com with Bar than a client is. -- James Manger_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Mark Mcgloin
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Luke Shepard
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Anthony Nadalin
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Evan Gilbert
- Re: [OAUTH-WG] Issue: Scope parameter Justin Richer
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav