[OAUTH-WG] OBO Flow
Lee McGovern <Lee_McGovern@swissre.com> Mon, 08 July 2019 08:24 UTC
Return-Path: <Lee_McGovern@swissre.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A007D120127 for <oauth@ietfa.amsl.com>; Mon, 8 Jul 2019 01:24:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qH5caFsRPglJ for <oauth@ietfa.amsl.com>; Mon, 8 Jul 2019 01:24:43 -0700 (PDT)
Received: from mail1.bemta25.messagelabs.com (mail1.bemta25.messagelabs.com [195.245.230.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD5BB1200B6 for <oauth@ietf.org>; Mon, 8 Jul 2019 01:24:42 -0700 (PDT)
Received: from [46.226.52.104] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-2.bemta.az-a.eu-west-1.aws.symcld.net id 09/56-11177-8CDF22D5; Mon, 08 Jul 2019 08:24:40 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrKKsWRWlGSWpSXmKPExsVy8Nv7NN0Tf5V iDfacFrE4+fYVmwOjx5IlP5kCGKNYM/OS8isSWDNOfPjCWtCoXPH35B22Bsbv8l2MXBxCAmsY JXr+NTBCOOsZJSZ/usEE4RxglNh59Tp7FyMnB5uArsTmXUfAbBEBVYl9R6+A2cICghLb581kg oiLSbxcfIwFwtaTuNW6kxHEZhFQkfizYzoriM0r4C5xdd9SNhCbEaj++6k1YL3MAuISt57MB7 MlBAQkluw5zwxhi0q8fPyPFeQgXoG7LBJzF/2AKjKQ2Lp0HwuELSexftZ8NgjbTKJnw0xmiKE 5Eu+OL2KCWCwocXLmE7B6IaAHFv9qAarnAKq3kPh1nmMCo9gsJGfMQtI9C0k3RFxHYsHuT2wQ trbEsoWvmWHsMwceMyGLL2BkX8VokVSUmZ5RkpuYmaNraGCga2hopGtoaaprZGSgl1ilm6iXW qpbnlpcomuol1herFdcmZuck6KXl1qyiREYsykFh+/sYHw2643eIUZJDiYlUd6QVPlYIb6k/J TKjMTijPii0pzU4kOMMhwcShK88/8oxQoJFqWmp1akZeYA0wdMWoKDR0mEd+tvoDRvcUFibnF mOkTqFKMrx4SXcxcxcxw8Og9Ivvu5GEh+XLUESH4HkUIsefl5qVLivAdBZguANGeU5sGNhqW+ S4yyUsK8jAwMDEI8BalFuZklqPKvGMU5GJWEeQVApvBk5pXAXfAK6DgmoOPqIsGOK0lESEk1M C1mMJUJmjBLuOL7lobVyskrsp4VOx2N/Ou9L28Hs3GK8vRPrzeLCrlzrVn7ICfnFWPRTJ2w/V VzbVq/LuROXbqmtPvV/cWPJPfe9y2x/5Z05iHvUb3CF0Lts9vK6zqsbm9Q9srWuy4a657anxX sG+z01PpAqEXN787gWb9mLPnm8uD7qn0iZjIs7/7PMPFteh0kKPD42tmfRxYKX+9i2G3Rba43 NeGRbHPGn4PZPxa8yvoUMePV1/06ZpedVv7Ye3nZgnfXT2ZJChTN9nDKDDvuuJS3aXqN6xudH bf8J7O/+FK/V+blvQdPQ7zWWcVd3T65aKtdk66414cZZ00qqhcbXV744XCZktrsuYsPrqlTYi nOSDTUYi4qTgQA3ZbZTvgDAAA=
X-Env-Sender: Lee_McGovern@swissre.com
X-Msg-Ref: server-15.tower-268.messagelabs.com!1562574279!726533!1
X-Originating-IP: [193.246.239.102]
X-SYMC-ESS-Client-Auth: outbound-route-from=pass
X-StarScan-Received:
X-StarScan-Version: 9.43.9; banners=swissre.com,-,-
X-VirusChecked: Checked
Received: (qmail 1062 invoked from network); 8 Jul 2019 08:24:40 -0000
Received: from edge.swissre.com (HELO edge.swissre.com) (193.246.239.102) by server-15.tower-268.messagelabs.com with ECDHE-RSA-AES256-SHA384 encrypted SMTP; 8 Jul 2019 08:24:40 -0000
Received: from CHRP5009.corp.gwpnet.com (10.53.1.44) by edge.swissre.com (193.246.239.102) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Jul 2019 10:24:38 +0200
Received: from CHRP5009.corp.gwpnet.com (10.53.1.44) by CHRP5009.corp.gwpnet.com (10.53.1.44) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Jul 2019 10:24:38 +0200
Received: from CHRP5009.corp.gwpnet.com ([fe80::39a1:59b8:2e6a:5da6]) by CHRP5009.corp.gwpnet.com ([fe80::39a1:59b8:2e6a:5da6%15]) with mapi id 15.00.1473.003; Mon, 8 Jul 2019 10:24:38 +0200
From: Lee McGovern <Lee_McGovern@swissre.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OBO Flow
Thread-Index: AdU1ZjJ6jhtWavl2ShC7aP4dgKcQaA==
Date: Mon, 08 Jul 2019 08:24:38 +0000
Message-ID: <3a0d6d1dd94240b9ad1e1f53dd7fe417@CHRP5009.corp.gwpnet.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_90c2fedb-0da6-4717-8531-d16a1b9930f4_Enabled=True; MSIP_Label_90c2fedb-0da6-4717-8531-d16a1b9930f4_SiteId=45597f60-6e37-4be7-acfb-4c9e23b261ea; MSIP_Label_90c2fedb-0da6-4717-8531-d16a1b9930f4_Owner=Lee_McGovern@swissre.com; MSIP_Label_90c2fedb-0da6-4717-8531-d16a1b9930f4_SetDate=2019-07-08T08:24:36.0988705Z; MSIP_Label_90c2fedb-0da6-4717-8531-d16a1b9930f4_Name=Internal; MSIP_Label_90c2fedb-0da6-4717-8531-d16a1b9930f4_Application=Microsoft Azure Information Protection; MSIP_Label_90c2fedb-0da6-4717-8531-d16a1b9930f4_Extended_MSFT_Method=Automatic; Sensitivity=Internal
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.62.28.9]
x-rcom-deduphash: 3ba13f93-363b-4d80-8778-82777fe4bd38
Content-Type: multipart/alternative; boundary="_000_3a0d6d1dd94240b9ad1e1f53dd7fe417CHRP5009corpgwpnetcom_"
MIME-Version: 1.0
X-GBS-PROC: Cp/xjltkJtKf69q45xWNxM3LJvUebDXGbVZfKwNID58=
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/U1z1OjXvQtCGw55_Mo26ijTU-bA>
Subject: [OAUTH-WG] OBO Flow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 08:24:46 -0000
Does it appear strange that Microsoft have called their token exchange flow implementation (https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow) On-Behalf-Of flow? I was under the impression that delegation was the core use case for oauth development i.e. when Yelp wants access to your Google contacts a scope is defined and consent is granted for that client to act on your behalf... Best, Lee McGovern | IAM Architect | Lee_McGovern@swissre.com<mailto:Lee_McGovern@swissre.com> This e-mail, including attachments, is intended for the person(s) or company named and may contain confidential and/or legally privileged information. Unauthorized disclosure, copying or use of this information may be unlawful and is prohibited. If you are not the intended recipient, please delete this message and notify the sender. All incoming and outgoing e-mail messages are stored in the Swiss Re Electronic Message Repository. If you do not wish the retention of potentially private e-mails by Swiss Re, we strongly advise you not to use the Swiss Re e-mail account for any private, non-business related communications.
- [OAUTH-WG] OBO Flow Lee McGovern
- Re: [OAUTH-WG] OBO Flow CARLIER Bertrand