Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)
Torsten Lodderstedt <torsten@lodderstedt.net> Tue, 27 April 2010 05:27 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 62C783A6C4D for <oauth@core3.amsl.com>; Mon, 26 Apr 2010 22:27:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.569
X-Spam-Level:
X-Spam-Status: No, score=-1.569 tagged_above=-999 required=5 tests=[AWL=-0.127, BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, SARE_URI_CONS7=0.306, URI_NOVOWEL=0.5]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZwxSvUbYEV46 for <oauth@core3.amsl.com>; Mon, 26 Apr 2010 22:27:26 -0700 (PDT)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.31.36]) by core3.amsl.com (Postfix) with ESMTP id AAD8A3A6C55 for <oauth@ietf.org>; Mon, 26 Apr 2010 22:24:02 -0700 (PDT)
Received: from p4fff24b2.dip.t-dialin.net ([79.255.36.178] helo=[127.0.0.1]) by smtprelay02.ispgateway.de with esmtpa (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1O6dGI-000828-QF; Tue, 27 Apr 2010 07:23:10 +0200
Message-ID: <4BD674BC.9080504@lodderstedt.net>
Date: Tue, 27 Apr 2010 07:23:08 +0200
From: Torsten Lodderstedt <torsten@lodderstedt.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: Chuck Mortimore <cmortimore@salesforce.com>
References: <C7FB5107.451C%cmortimore@salesforce.com>
In-Reply-To: <C7FB5107.451C%cmortimore@salesforce.com>
Content-Type: multipart/alternative; boundary="------------010607030109080505050402"
X-Df-Sender: 141509
Cc: "Foiles, Doug" <Doug_Foiles@intuit.com>, OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Autonomous clients and resource owners (editorial)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Apr 2010 05:27:31 -0000
+1 we need the assertion flow for the same purpose. Can we add a variant of the flow to section "End User Credentials Flows"? regards, Torsten. Am 26.04.2010 23:17, schrieb Chuck Mortimore: > +1. > > Our primary use-cases for the assertion flow are for clients acting on > behalf of users, and not autonomously. I believe Eran already has > this on his list of feedback when the assertion flow gets edited. > > We also have need for a 2 legged Oauth model, and are looking at the > client credentials flow for exactly that purpose. > > -cmort > > > On 4/25/10 10:34 AM, "Foiles, Doug" <Doug_Foiles@intuit.com> wrote: > > I have a bit of confusion on the Autonomous Client Flows ... and > specifically related to Eve's comment below that suggests to me > that the autonomous client is NOT ALWAYS the resource owner. > > Can the Autonomous Client Flows support clients that ARE NOT the > actual resource owner? For example for an Assertion Flow where > the Subject of the SAML assertion is a user identity (and the > resource owner) and not that of the client. > > Is the intent of the Client Credentials Flow to support something > like Google's "OAuth for Google Apps domains" 2 Legged OAuth use > case? http://code.google.com/apis/accounts/docs/OAuth.html. > > If the Autonomous Client Flows support clients that can act on > behalf a resource owner that is not themselves ... it then seems > the resource owner must provide some level of consent outside the > OAuth specific flow. > > Thanks. > > Doug > > > *From:* oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] *On > Behalf Of *Eve Maler > *Sent:* Friday, April 23, 2010 7:21 AM > *To:* OAuth WG > *Subject:* [OAUTH-WG] Autonomous clients and resource owners > (editorial) > > > Regarding the second comment I made below: I realized last night > that Sections 3.7.1 and 3.7.2 get this more correct, by saying > that an autonomous client represents a "separate resource owner". > So Section 2.2 definitely needs a slight change, from: > > > > "...and autonomous flows where the client is acting for itself > (the client is also the resource owner)." > > > > to something like: > > > > "...and autonomous flows where the client is acting on behalf of a > different resource owner." > > > > Thanks, > > > > Eve > > > > On 21 Apr 2010, at 4:43 PM, Eve Maler wrote: > > > Tacking this response to the end of the thread for lack of a > better place to do it: The name "username" seems not quite apt in > the case of an autonomous client that isn't representing an > end-user. Would "identifier" be better? (Actually, it sort of > reminds me of SAML's "SessionIndex"...) Or would the parameter be > reserved for user-delegation flows? > > > > Speaking of autonomous clients, Section 2.2 -- among possibly > other places -- states that an autonomous client is also the > resource owner, but that's not always the case, is it? The client > might be seeking access on behalf of itself. (FWIW, I made roughly > this same comment on David's first draft on March 21, and he > agreed with my suggested fix at the time.) > > > > Eve > > > > Eve Maler > > eve@xmlgrrl.com > > http://www.xmlgrrl.com/blog > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Issue: 'username' parameter proposal Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Evan Gilbert
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Evan Gilbert
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Marius Scurtescu
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Brian Eaton
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Evan Gilbert
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Joseph Smarr
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Brian Eaton
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Brian Eaton
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Eve Maler
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: 'username' parameter propos… Eve Maler
- [OAUTH-WG] Autonomous clients and resource owners… Eve Maler
- Re: [OAUTH-WG] Autonomous clients and resource ow… Foiles, Doug
- Re: [OAUTH-WG] Autonomous clients and resource ow… Chuck Mortimore
- Re: [OAUTH-WG] Autonomous clients and resource ow… Eve Maler
- Re: [OAUTH-WG] Autonomous clients and resource ow… Torsten Lodderstedt
- Re: [OAUTH-WG] Autonomous clients and resource ow… Brian Eaton
- Re: [OAUTH-WG] Autonomous clients and resource ow… Torsten Lodderstedt
- Re: [OAUTH-WG] Autonomous clients and resource ow… Chuck Mortimore
- Re: [OAUTH-WG] Autonomous clients and resource ow… Keenan, Bill
- Re: [OAUTH-WG] Autonomous clients and resource ow… Chuck Mortimore
- Re: [OAUTH-WG] Autonomous clients and resource ow… Foiles, Doug
- Re: [OAUTH-WG] Autonomous clients and resource ow… Eran Hammer-Lahav
- Re: [OAUTH-WG] Autonomous clients and resource ow… Foiles, Doug
- Re: [OAUTH-WG] Autonomous clients and resource ow… Eran Hammer-Lahav
- Re: [OAUTH-WG] Autonomous clients and resource ow… Foiles, Doug
- Re: [OAUTH-WG] Autonomous clients and resource ow… Brian Eaton