Re: [OAUTH-WG] Cross Platform Authentication - OAuth 2.0 Device Flow - WWW-Authenticate to advertise OAuth 2.0 support
Nat Sakimura <sakimura@gmail.com> Sat, 14 May 2016 15:37 UTC
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B0BA12D11A for <oauth@ietfa.amsl.com>; Sat, 14 May 2016 08:37:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.789
X-Spam-Level:
X-Spam-Status: No, score=-0.789 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ZZAATtDYr2i for <oauth@ietfa.amsl.com>; Sat, 14 May 2016 08:37:52 -0700 (PDT)
Received: from mail-qk0-x234.google.com (mail-qk0-x234.google.com [IPv6:2607:f8b0:400d:c09::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F10EA127058 for <oauth@ietf.org>; Sat, 14 May 2016 08:37:51 -0700 (PDT)
Received: by mail-qk0-x234.google.com with SMTP id n63so75568845qkf.0 for <oauth@ietf.org>; Sat, 14 May 2016 08:37:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=HYBnCBSV3y/eOZN5AbNNhvEH45GfhMGTAuS3mYYOJ7Y=; b=KWx5dEh+uPp7RI0+7WRn+13nxku3J+2aAZRZdUCp+Du/ylLjkY9t+RLMuQHWSTN+0p UEqzgjmZADV1+6Mcr3iR42Lb/d1l1dHBJgSMikUP+3S48pWzpl7SAlCAoxDQiRH++R+s 6LkSdNCGIZ7k/nBQdy5uhfMSGHh3dwbALyDydYf0TBqEMkR6hDA78eSnGCwloR6DHlVK APfOONCu220R7kkhnzC/U+fesLrXJKaZDKmANWPrwPFpqJG4Unn17NYPEqwvKu/+/QX8 Qy1Co7BeuUDOETGwmo/3EEmvJHnrdT9QZmPPeo/kPnMN/qvCradpbE/4wrSuxSEvRMPM KOEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=HYBnCBSV3y/eOZN5AbNNhvEH45GfhMGTAuS3mYYOJ7Y=; b=lm1aWeSk4bRp+E0IoJ5gQdxPXm8Zg9LHosZs4U8h9fRmWr0BWfxrDJ/pO/1B+r7RIZ Mmw3TW2BhVQsIPt89YjCEtUs50kwrL/IoTDG8m0bYWIGFHqyZ0/ixtunOlAtRLj2UFOB RH+/NCmXBdA6PNIUYadnwQupUzKI6LnvphaqD3UzD+1rOVYRlMcPTBhN0vOaHsvkNOf2 H0Ou6MWJIVOB5tiCCswO4Pr2uDfgnYSN+t7EKqf3srBruEO1i7KmX0WVPvDeDH2PJZ81 PTTem5kI7awpYndLkjVbZo0q46puu6HOlr5IMharSXHixz91j0sPelKH3WnShunpRYTv tJBw==
X-Gm-Message-State: AOPr4FVLtywPz+UpWnN10M7n24KJz2vwLjSHhSst81UbvfmnIv9j+96qit/2gSGchE5zVOyZ5S8K+XRzdvOFpA==
X-Received: by 10.55.74.9 with SMTP id x9mr21514557qka.81.1463240270973; Sat, 14 May 2016 08:37:50 -0700 (PDT)
MIME-Version: 1.0
References: <255B9BB34FB7D647A506DC292726F6E13BD166320F@WSMSG3153V.srv.dir.telstra.com>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E13BD166320F@WSMSG3153V.srv.dir.telstra.com>
From: Nat Sakimura <sakimura@gmail.com>
Date: Sat, 14 May 2016 15:37:41 +0000
Message-ID: <CABzCy2D4KVoUHjV67wcjtzUWauyGSAL+KFXix4NoQZkE=0k_ZQ@mail.gmail.com>
To: "Manger, James" <James.H.Manger@team.telstra.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>, "barroco@ebu.ch" <barroco@ebu.ch>
Content-Type: multipart/alternative; boundary="001a11488a7892b79b0532cf2c55"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/WJp2eZpX5uxi5DR1IzePIdD2xrw>
Subject: Re: [OAUTH-WG] Cross Platform Authentication - OAuth 2.0 Device Flow - WWW-Authenticate to advertise OAuth 2.0 support
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 May 2016 15:37:54 -0000
Hi James, Does not the section 3 of RFC6750 talk about it? If you are talking about uri parameter that represents the AS, then, yes, I think it is a good idea to have one, though IMHO it is better to be returned in a link header. Best, Nat On Fri, May 13, 2016 at 04:04 Manger, James <James.H.Manger@team.telstra.com> wrote: > Hi Michael & OAuth-ers, > > > > The EBU Cross Platform Auth spec has defined their own "CPA" scheme for > the WWW-Authenticate HTTP response header to advertise OAuth 2.0 capability > [section 7.7.1 "Authentication challenge" in > https://tech.ebu.ch/docs/tech/tech3366.pdf]. > > > > WWW-Authenticate: CPA version="1.0" > > name="Example Authorization Provider" > > uri="https://ap.example.com/cpa" > > modes="client,user" > > > > It is a shame that there isn’t a standard OAuth way to do this without > needing a CPA-specific scheme. > > > > P.S. This CPA example is invalid. It needs commas between attributes [ > https://tools.ietf.org/html/rfc7235#appendix-C]. > > > > -- > > James Manger > > > > -----Original Message----- > From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig > Sent: Wednesday, 11 May 2016 8:48 PM > To: oauth@ietf.org > Subject: [OAUTH-WG] OAuth 2.0 for broadcasters > > > > Hi all, > > > > End of April I had the chance to talk to Michael Barroco (from the > European Broadcasting Union) and to Chris Needham (from the BBC) regarding > their use of OAuth 2.0 for broadcasters. > > > > In March Michael dropped a mail to the OAuth mailing list to make us aware > of their work, see > https://www.ietf.org/mail-archive/web/oauth/current/msg15969.html > > > > The specification they are working on is based on the OAuth Device flow. > > > > Michael and Chris walked me through a slide deck offering me more > background regarding their work. (I will upload the slide deck to our Wiki > but the IETF meeting site seems to be down at the moment.) > > > > In addition to the specification code and tutorials have been developed > and you can find them here: > > https://github.com/ebu/cpa-tutorial > > https://tech.ebu.ch/code > > > > I gave Chris & Michael an update of what we are doing in the OAuth working > group since I believe some of our currently chartered items could be > relevant for them, such as the native apps BCP or the PoP/Token Binding > work. I also mentioned that we are looking for feedback from their group on > the Device Flow specification. > > > > Ciao > > Hannes > > > > > > From: "Barroco, Michael" <barroco at ebu.ch> > > To: "oauth at ietf.org" <oauth at ietf.org> > > Cc: "tvp-cpa at list.ebu.ch" <tvp-cpa at list.ebu.ch> > > Date: Mon, 7 Mar 2016 08:43:56 +0000 > > Dear all, > > > > > > We are contacting you because we noticed that you recently restarted the > work on OAuth 2.0 Device Flow. We are in the process of publishing an ETSI > standard [1] specifying a protocol with very similar goals. This has been > developed by an EBU (European Broadcasting Union) working group involving > broadcasters, such as BBC, SRG-RTS, VRT, RTVE, TVP, Global Radio UK, and > device manufacturers. > > > > > > Our work on the “Cross Platform Authentication” protocol targets media > devices, such as connected TVs and radio receivers. It is based on the > early OAuth 2.0 Device Flow draft, but includes additional features driven > by broadcast industry requirements. These include: dynamic registration of > clients, dynamic discovery of the authorization provider, and issuing of > access tokens without requiring association with a user account in order to > provide device-based authentication that does not require user sign-in or > pairing. Our draft protocol specification is available here [2]. > > > > > > Cross Platform Authentication also specifies several aspects left open to > implementers in OAuth 2.0, such as endpoint URL paths, to facilitate > interoperability. Also note that reference implementations are available > [3]. > > > > > > We would be very interested in working together with you to explain our > design requirements and try to align our protocol designs. > > > > > > With best regards, > > > > > > The EBU Cross Platform Authentication group > > > > https://tech.ebu.ch/cpa > > > > > > > > [1] > https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI_ID=47970 > > > > > > [2] https://tech.ebu.ch/docs/tech/tech3366.pdf > > > > [3] https://tech.ebu.ch/code/cpa > > > ------------------------------------------------------------------------------ > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Nat Sakimura Chairman of the Board, OpenID Foundation Trustee, Kantara Initiative
- Re: [OAUTH-WG] Cross Platform Authentication - OA… Manger, James
- Re: [OAUTH-WG] Cross Platform Authentication - OA… Nat Sakimura
- Re: [OAUTH-WG] Cross Platform Authentication - OA… Manger, James