Re: [OAUTH-WG] Oauth Server to Server
Justin Richer <jricher@mitre.org> Thu, 26 September 2013 13:40 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA1A821E8096 for <oauth@ietfa.amsl.com>; Thu, 26 Sep 2013 06:40:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PHghhZdH3iyL for <oauth@ietfa.amsl.com>; Thu, 26 Sep 2013 06:40:51 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 68BD721E809B for <oauth@ietf.org>; Thu, 26 Sep 2013 06:40:39 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 6D3F21F0623; Thu, 26 Sep 2013 09:40:32 -0400 (EDT)
Received: from IMCCAS02.MITRE.ORG (imccas02.mitre.org [129.83.29.79]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 51CD21F061F; Thu, 26 Sep 2013 09:40:32 -0400 (EDT)
Received: from [10.146.15.13] (129.83.31.56) by IMCCAS02.MITRE.ORG (129.83.29.79) with Microsoft SMTP Server (TLS) id 14.3.158.1; Thu, 26 Sep 2013 09:40:32 -0400
Message-ID: <52443944.6040308@mitre.org>
Date: Thu, 26 Sep 2013 09:40:20 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
MIME-Version: 1.0
To: Antonio Sanso <asanso@adobe.com>
References: <832FA2A6-D0DD-45D0-9107-7EE02B6793B7@adobe.com>
In-Reply-To: <832FA2A6-D0DD-45D0-9107-7EE02B6793B7@adobe.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [129.83.31.56]
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Oauth Server to Server
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2013 13:40:56 -0000
From what I read, it sounds like you want either the assertion flow (which is defined in extensions) or the client credentials flow (not the resource owner password flow). In either of these, the client authenticates on its own behalf and gets a token directly with no user involved, and both are fully specified. -- Justin On 09/24/2013 08:08 AM, Antonio Sanso wrote: > Hi *, > > apologis to be back to this argument :). > > Let me try to better explain one use case that IMHO would be really good to have in the OAuth specification family :) > > At the moment the only "OAuth standard" way I know to do OAuth server to server is to use [0] namely Resource Owner Password Credentials Grant. > > Let me tell I am not a big fun of this particular flow :) (but this is another story). > > An arguable better way to solve this scenario is to user (and why not to standardise :S?) the method used by Google (or a variant of it) see [1]. > > Couple of more things: > > - I do not know if Google would be interested to put some effort to standardise it (is anybody from Google lurking :) e.g.Tim Bray :D ) > - I am not too familiar with IETF process. Would the OAuth WG take in consideration such proposal draft?? > > Thanks and regards > > Antonio > > [0] http://tools.ietf.org/html/rfc6749#section-4.3 > [1] https://developers.google.com/accounts/docs/OAuth2ServiceAccount > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Brian Campbell
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Chuck Mortimore
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Bill Mills
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Phil Hunt
- Re: [OAUTH-WG] Oauth Server to Server Chuck Mortimore
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Chuck Mortimore
- Re: [OAUTH-WG] Oauth Server to Server Sergey Beryozkin
- Re: [OAUTH-WG] Oauth Server to Server Justin Richer
- Re: [OAUTH-WG] Oauth Server to Server Todd W Lainhart
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Sergey Beryozkin
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso