IETF Logo Mail Archive

[OAUTH-WG] Refresh Tokens

Anthony Nadalin <tonynad@microsoft.com> Thu, 11 August 2011 17:40 UTC

Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B9495E800A for <oauth@ietfa.amsl.com>; Thu, 11 Aug 2011 10:40:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.466
X-Spam-Level:
X-Spam-Status: No, score=-7.466 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2eIsvHXUr1Gp for <oauth@ietfa.amsl.com>; Thu, 11 Aug 2011 10:40:21 -0700 (PDT)
Received: from smtp.microsoft.com (smtp.microsoft.com [131.107.115.214]) by ietfa.amsl.com (Postfix) with ESMTP id 311795E8001 for <oauth@ietf.org>; Thu, 11 Aug 2011 10:40:21 -0700 (PDT)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (157.54.79.180) by TK5-EXGWY-E803.partners.extranet.microsoft.com (10.251.56.169) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 11 Aug 2011 10:40:56 -0700
Received: from ch1outboundpool.messaging.microsoft.com (157.54.51.113) by mail.microsoft.com (157.54.79.180) with Microsoft SMTP Server (TLS) id 14.1.323.7; Thu, 11 Aug 2011 10:40:56 -0700
Received: from mail7-ch1-R.bigfish.com (216.32.181.168) by CH1EHSOBE003.bigfish.com (10.43.70.53) with Microsoft SMTP Server id 14.1.225.22; Thu, 11 Aug 2011 17:40:55 +0000
Received: from mail7-ch1 (localhost.localdomain [127.0.0.1]) by mail7-ch1-R.bigfish.com (Postfix) with ESMTP id 217EE5A04B1 for <oauth@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Thu, 11 Aug 2011 17:40:55 +0000 (UTC)
X-SpamScore: 3
X-BigFish: PS3(zzc85fhzz1202h1082kzz8275bh8275dhz31h2a8h668h839h65h)
X-Spam-TCS-SCL: 4:0
X-Forefront-Antispam-Report: CIP:207.46.4.139; KIP:(null); UIP:(null); IPV:SKI; H:SN2PRD0302HT011.namprd03.prod.outlook.com; R:internal; EFV:INT
Received-SPF: softfail (mail7-ch1: transitioning domain of microsoft.com does not designate 207.46.4.139 as permitted sender) client-ip=207.46.4.139; envelope-from=tonynad@microsoft.com; helo=SN2PRD0302HT011.namprd03.prod.outlook.com ; .outlook.com ;
Received: from mail7-ch1 (localhost.localdomain [127.0.0.1]) by mail7-ch1 (MessageSwitch) id 1313084454691186_28467; Thu, 11 Aug 2011 17:40:54 +0000 (UTC)
Received: from CH1EHSMHS031.bigfish.com (snatpool1.int.messaging.microsoft.com [10.43.68.249]) by mail7-ch1.bigfish.com (Postfix) with ESMTP id A4385D4004F for <oauth@ietf.org>; Thu, 11 Aug 2011 17:40:54 +0000 (UTC)
Received: from SN2PRD0302HT011.namprd03.prod.outlook.com (207.46.4.139) by CH1EHSMHS031.bigfish.com (10.43.70.31) with Microsoft SMTP Server (TLS) id 14.1.225.22; Thu, 11 Aug 2011 17:40:52 +0000
Received: from SN2PRD0302MB137.namprd03.prod.outlook.com ([169.254.5.250]) by SN2PRD0302HT011.namprd03.prod.outlook.com ([10.27.90.157]) with mapi id 14.01.0225.064; Thu, 11 Aug 2011 17:40:52 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Thread-Topic: Refresh Tokens
Thread-Index: AcxYTQ8Url5GUfgWROGRaafg4jY5WA==
Date: Thu, 11 Aug 2011 17:40:50 +0000
Message-ID: <B26C1EF377CB694EAB6BDDC8E624B6E723B89B68@SN2PRD0302MB137.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [131.107.0.76]
Content-Type: multipart/alternative; boundary="_000_B26C1EF377CB694EAB6BDDC8E624B6E723B89B68SN2PRD0302MB137_"
MIME-Version: 1.0
X-OrganizationHeadersPreserved: SN2PRD0302HT011.namprd03.prod.outlook.com
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%59$Dn%IETF.ORG$RO%2$TLS%6$FQDN%131.107.125.5$TlsDn%
X-OriginatorOrg: microsoft.com
X-CrossPremisesHeadersPromoted: TK5EX14MLTC102.redmond.corp.microsoft.com
X-CrossPremisesHeadersFiltered: TK5EX14MLTC102.redmond.corp.microsoft.com
Subject: [OAUTH-WG] Refresh Tokens
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Aug 2011 17:40:22 -0000

Nowhere in the specification is there explanation for refresh tokens, The reason that the Refresh token was introduced was for anonymity. The scenario is that a client asks the user for access. The user wants to grant the access but not tell the client the user's identity. By issuing the refresh token as an 'identifier' for the user (as well as other context data like the resource) it's possible now to let the client get access without revealing anything about the user. Recommend that the above explanation be included so developers understand why the refresh tokens are there.

v2.23.0 | Report a Bug | By Email