Re: [OAUTH-WG] Device profile usage
Justin Richer <jricher@mitre.org> Wed, 29 May 2013 14:22 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51E1921F9017 for <oauth@ietfa.amsl.com>; Wed, 29 May 2013 07:22:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.357
X-Spam-Level:
X-Spam-Status: No, score=-6.357 tagged_above=-999 required=5 tests=[AWL=0.241, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KZweoq0cIiSs for <oauth@ietfa.amsl.com>; Wed, 29 May 2013 07:22:21 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id 9C31421F9060 for <oauth@ietf.org>; Wed, 29 May 2013 07:22:21 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 1E30A1F07AC; Wed, 29 May 2013 10:22:21 -0400 (EDT)
Received: from IMCCAS01.MITRE.ORG (imccas01.mitre.org [129.83.29.78]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 0D7EF1F05AA; Wed, 29 May 2013 10:22:21 -0400 (EDT)
Received: from [10.146.15.13] (129.83.31.56) by IMCCAS01.MITRE.ORG (129.83.29.78) with Microsoft SMTP Server (TLS) id 14.2.342.3; Wed, 29 May 2013 10:22:20 -0400
Message-ID: <51A60EF6.8040403@mitre.org>
Date: Wed, 29 May 2013 10:21:42 -0400
From: Justin Richer <jricher@mitre.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: Vincent Tsang <vincetsang@gmail.com>
References: <CANZRnTUyz6wo_5ZfghicGpNEm_=+Aw1=ChdNPdTvKkZS4YApNw@mail.gmail.com> <E625D418-5F83-41EB-BF65-09DEDF003C14@gmx.net> <CANZRnTUS4+_37EtA3bJFDvjWOC=iFzGk1PLHutzx1ijp9kMS_g@mail.gmail.com> <-8470720313341818373@unknownmsgid> <CANZRnTUpyaV6Vd88wkSG_g5tb9QeVGM60czSrpqDdEcqczoXSg@mail.gmail.com> <OF35A0195E.6911A37A-ON85257B7A.0049A8A1-85257B7A.0049D9F2@us.ibm.com> <CANZRnTVcQdobaRSdNLQQR3CtLL_w=q=DLJTGdLe0Kp3-K6-q+w@mail.gmail.com>
In-Reply-To: <CANZRnTVcQdobaRSdNLQQR3CtLL_w=q=DLJTGdLe0Kp3-K6-q+w@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------060804080102010908060803"
X-Originating-IP: [129.83.31.56]
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Device profile usage
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2013 14:22:34 -0000
Yes, it's the app that is granted a token on behalf of the user. This is a very classic OAuth pattern. -- Justin On 05/29/2013 10:20 AM, Vincent Tsang wrote: > The same user could run the app on multiple computers and I want to > distinguish each running instance, so I think it's the app? > > Thanks. > Vincent > > On Wednesday, May 29, 2013, Todd W Lainhart wrote: > > On behalf of what will the access token be granted - the app (e.g. > Word), or the user running the app? > > * > > > Todd Lainhart > Rational software > IBM Corporation > 550 King Street, Littleton, MA 01460-1250** > 1-978-899-4705 > 2-276-4705 (T/L) > lainhart@us.ibm.com <javascript:_e({}, 'cvml', > 'lainhart@us.ibm.com');>* > > > > > > > From: Vincent Tsang <vincetsang@gmail.com <javascript:_e({}, > 'cvml', 'vincetsang@gmail.com');>> > To: Nat Sakimura <sakimura@gmail.com <javascript:_e({}, 'cvml', > 'sakimura@gmail.com');>>, > Cc: "oauth@ietf.org <javascript:_e({}, 'cvml', > 'oauth@ietf.org');>" <oauth@ietf.org <javascript:_e({}, 'cvml', > 'oauth@ietf.org');>> > Date: 05/29/2013 12:31 AM > Subject: Re: [OAUTH-WG] Device profile usage > Sent by: oauth-bounces@ietf.org <javascript:_e({}, 'cvml', > 'oauth-bounces@ietf.org');> > ------------------------------------------------------------------------ > > > > The client is a native windows application, for instance, a > document editor like MS Word. > The editor can upload copies to the cloud (e.g. Amazon S3), then > record the version history and notes associated with each cloud > copy to our cloud service via our cloud application API (to be > secured by OAuth access tokens). > I think it's similar to the case with a media player application > (like VLC/Windows Media Player) that sends playlist/history info > to the cloud via some cloud application API. > I'm just not sure which of the 4 scenarios described in the OAuth > spec could fit in here... > > Thanks. > Vincent > > > On Wed, May 29, 2013 at 11:38 AM, Nat Sakimura > <_sakimura@gmail.com_ <javascript:_e({}, 'cvml', > 'sakimura@gmail.com');>> wrote: > A little more application and user context would help. > A use case, so to speak. > > Nat > > 2013/05/29 12:04?Vincent Tsang <_vincetsang@gmail.com_ > <javascript:_e({}, 'cvml', 'vincetsang@gmail.com');>> ??????: > > > Hi Hannes, > > > > Thanks for your reply. > > Actually I am new to OAuth and am simply trying to search for > the best industrial practice for granting access tokens when the > client to our application API is a simple windows applications, > which in most cases runs on PC's with web browser installed. > > Therefore the scenario doesn't quite match what is described in > the document, as the user doesn't need a separate machine to > perform the verification; it's just that the client application > doesn't have internet browsing capability itself (in this sense > it's similar to the "device" described in this document, though > not quite) and so user needs to launch a separate browser application. > > I ended up on this device profile spec just because it seems to > match closer to our scenario when compared to the 4 cases > described in the OAuth 2 spec, but it could be the case that I > didn't understand it fully. > > Maybe I should rephrase my question: could someone please advice > what should be the best practice for granting OAuth tokens to > clients which are native windows applications? > > > > Thanks. > > Vincent > > > > _______________________________________________ > > OAuth mailing list > > _OAuth@ietf.org_ <javascript:_e({}, 'cvml', 'OAuth@ietf.org');> > > _https://www.ietf.org/mailman/listinfo/oauth_ > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <javascript:_e({}, 'cvml', 'OAuth@ietf.org');> > https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Hannes Tschofenig
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Nat Sakimura
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Lewis Adam-CAL022
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Vincent Tsang