Re: [OAUTH-WG] draft-ietf-tls-oob-pubkey: My summary

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 13 July 2012 11:46 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32F4521F85E1 for <oauth@ietfa.amsl.com>; Fri, 13 Jul 2012 04:46:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.484
X-Spam-Level:
X-Spam-Status: No, score=-102.484 tagged_above=-999 required=5 tests=[AWL=0.115, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iOu135uoB543 for <oauth@ietfa.amsl.com>; Fri, 13 Jul 2012 04:46:36 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id EF91E21F86FC for <oauth@ietf.org>; Fri, 13 Jul 2012 04:46:35 -0700 (PDT)
Received: (qmail invoked by alias); 13 Jul 2012 11:47:11 -0000
Received: from unknown (EHLO [10.255.128.232]) [194.251.119.201] by mail.gmx.net (mp039) with SMTP; 13 Jul 2012 13:47:11 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX18z1kQg6gQz/m1JJ0PyGc9/Te/lp/ZT5SProeziNk k8IZnuxAsyExcw
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E114F7AB4406@WSMSG3153V.srv.dir.telstra.com>
Date: Fri, 13 Jul 2012 14:47:07 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <D5BDA808-3A5A-44F7-9D57-9EF0BC1EC16E@gmx.net>
References: <213AE838-274D-4809-B841-CCCC51C7B3CD@gmx.net> <255B9BB34FB7D647A506DC292726F6E114F7AB4406@WSMSG3153V.srv.dir.telstra.com>
To: "Manger, James H" <James.H.Manger@team.telstra.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-ietf-tls-oob-pubkey: My summary
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Jul 2012 11:46:38 -0000

Hi James, 

> 
> So the OAuth client completes a TLS handshake with a protected resource using a raw key, but the protected resource doesn't get any authorization for that raw key until it sees an access_token which appear where? In an HTTP header somewhere in the App Data some time after the TLS handshake finishes?
> 
The access token is conveyed in the HTTP exchange (similar to what bearer does). As such, the authorization decision would be done when the resource server receives the access token. 

Ciao
Hannes

> --
> James Manger