[OAUTH-WG] draft-ietf-oauth-introspection
Anthony Nadalin <tonynad@microsoft.com> Sun, 30 November 2014 18:01 UTC
Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 408731A1A4B for <oauth@ietfa.amsl.com>; Sun, 30 Nov 2014 10:01:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UfW9ljax0JVs for <oauth@ietfa.amsl.com>; Sun, 30 Nov 2014 10:01:28 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0108.outbound.protection.outlook.com [65.55.169.108]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E85411A1A4A for <oauth@ietf.org>; Sun, 30 Nov 2014 10:01:27 -0800 (PST)
Received: from BN3PR0301MB1235.namprd03.prod.outlook.com (25.161.207.23) by BN3PR0301MB0833.namprd03.prod.outlook.com (25.160.154.143) with Microsoft SMTP Server (TLS) id 15.1.26.15; Sun, 30 Nov 2014 18:01:26 +0000
Received: from BN3PR0301MB1234.namprd03.prod.outlook.com (25.161.207.22) by BN3PR0301MB1235.namprd03.prod.outlook.com (25.161.207.23) with Microsoft SMTP Server (TLS) id 15.1.26.15; Sun, 30 Nov 2014 18:01:25 +0000
Received: from BN3PR0301MB1234.namprd03.prod.outlook.com ([25.161.207.22]) by BN3PR0301MB1234.namprd03.prod.outlook.com ([25.161.207.22]) with mapi id 15.01.0026.003; Sun, 30 Nov 2014 18:01:25 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: draft-ietf-oauth-introspection
Thread-Index: AdAMxAKwZxroeEnvQECE1qCS/1bO3A==
Date: Sun, 30 Nov 2014 18:01:24 +0000
Message-ID: <BN3PR0301MB12348944618D97E9C2B87E6EA67C0@BN3PR0301MB1234.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [50.46.126.7]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB1235;UriScan:;
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:; SRVR:BN3PR0301MB1235;
x-forefront-prvs: 04111BAC64
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(199003)(189002)(21056001)(77156002)(62966003)(54606007)(19580395003)(101416001)(15202345003)(46102003)(97736003)(2501002)(50986999)(54356999)(66066001)(31966008)(20776003)(16236675004)(15975445006)(33656002)(54206007)(74316001)(19625215002)(106356001)(120916001)(92726001)(92566001)(95666004)(99286002)(99396003)(230783001)(86362001)(122556002)(107046002)(107886001)(2351001)(229853001)(40100003)(86612001)(110136001)(450100001)(19300405004)(76576001)(2656002)(4396001)(87936001)(77096004)(105586002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0301MB1235; H:BN3PR0301MB1234.namprd03.prod.outlook.com; FPR:; SPF:None; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_BN3PR0301MB12348944618D97E9C2B87E6EA67C0BN3PR0301MB1234_"
MIME-Version: 1.0
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BN3PR0301MB0833;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/VEJlTV_zDAQlqdXb9nfsE9n-fo8
Subject: [OAUTH-WG] draft-ietf-oauth-introspection
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Nov 2014 18:01:36 -0000
Comments Intro "about the authentication conext", not sure what this is since there is no authentication context in Oauth Use of Oauth2, mixed with use of Oauth, pick one "allows holder of a token to query" so anything/anyone that has a token can use this endpoint? Introspection Endpoint Use of Oauth2, mixed with use of Oauth, pick one Introspection Request The endpoint SHOULD also require some form of authentication", what about some form of authorization ? Why do we have to have another endpoint that we have to manage and then have a management API draft?] Token - is this any type of token ? how does the endpoint know that it can deal with this token type? So endpoint has to try to lookup token to determine if it can maybe find out something about the token? Can the one use the authorization code or does one have to get a token first? Can I send a encrypted token and expect a proper response ? What about a Proof of Possession Token? Introspection Response What is "active" mean ? Is this up to the server to determine ? "scope OPTIONAL", is this the scope in the token or is this the scope that the introspection endpoint sources may have ? It's unclear if all these return values are from the token or from the introspection endpoint sources ? What error codes/conditions are there? Just the 400 (bad request)? Can the endpoint return a encrypted response ? What about PII such as user_id, aud ?
- Re: [OAUTH-WG] draft-ietf-oauth-introspection Justin Richer
- [OAUTH-WG] draft-ietf-oauth-introspection Anthony Nadalin
- Re: [OAUTH-WG] draft-ietf-oauth-introspection Anthony Nadalin
- Re: [OAUTH-WG] draft-ietf-oauth-introspection Justin Richer
- Re: [OAUTH-WG] draft-ietf-oauth-introspection Anthony Nadalin