Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-resource-indicators-01.txt
Brian Campbell <bcampbell@pingidentity.com> Tue, 05 April 2016 14:52 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F4D812D110 for <oauth@ietfa.amsl.com>; Tue, 5 Apr 2016 07:52:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=pingidentity.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PP4mY6cLNnF2 for <oauth@ietfa.amsl.com>; Tue, 5 Apr 2016 07:52:14 -0700 (PDT)
Received: from mail-ig0-x22b.google.com (mail-ig0-x22b.google.com [IPv6:2607:f8b0:4001:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7A4B12D0E0 for <oauth@ietf.org>; Tue, 5 Apr 2016 07:52:13 -0700 (PDT)
Received: by mail-ig0-x22b.google.com with SMTP id gy3so56537797igb.0 for <oauth@ietf.org>; Tue, 05 Apr 2016 07:52:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pingidentity.com; s=gmail; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=BXSlQiHxwqcjGMM5OgqA/7wh3W9FvxaMO4jDF57ltDk=; b=VcuWwdKeLgfYBuSlywqK2CO4RCCPnMiI3dh75pUkrYdE4MUybpFiPow8ngA70cL1mL 5/WubFdlfOV1WoZlHejMLnREFFM43DTuut0+TGPmuIp/h3QEJ9ao5CpXxrB1pxQ9Xw42 TCzJccdX7zJjaaGLqJptAgw+/3lUL56LXBsi0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=BXSlQiHxwqcjGMM5OgqA/7wh3W9FvxaMO4jDF57ltDk=; b=ktNc/jhqg71lfk7MMXlgAr2Jpv4Hzz1IbXTsWLznom0vq2XcnDzklCvW6s6t5DZTIZ KSdwHio66gB8iwQUFaWrjPE0idKQ4Px8X1qzKbArl4xewCBbrw4HWCCDGhadtHuJI/N/ k/gz3rViFxLch/B3XeMK4Hu6QzQOJ0INitDRn5QyXvE6DPirokFI9B2wJEeuwaiEJvAk M86X5gw+OHswniY8bc4ET9Zyp8pPacA/eHU+ZGdri4/hV2WPzARfJGj/NJ2WpCUTAjtF vhS/gQFj9wug57RuqKvLI3uNIBhUaQ7uA5gEWdNiiQq0pSA4teNxtYd4BRULLBnVNbfy UToA==
X-Gm-Message-State: AD7BkJLGoMg25ahHsVHllTTat2LiwmVS+m8rXUzroE8apTXAWKFNpj9AAAgkpTvQkJZ1QYXkudxTyPxRXBzcTXKZ
X-Received: by 10.50.108.108 with SMTP id hj12mr15984875igb.57.1459867932486; Tue, 05 Apr 2016 07:52:12 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.74.162 with HTTP; Tue, 5 Apr 2016 07:51:42 -0700 (PDT)
In-Reply-To: <7CDE7D76-4E6C-4060-A0AB-C7D0FE8C9246@lodderstedt.net>
References: <20160321173103.31961.76817.idtracker@ietfa.amsl.com> <CAAX2Qa2kovVmCoByJc0HsE9a3ZS6Lm+9F2bzgynBoahttcv8Zw@mail.gmail.com> <CA+k3eCSOMkm+1_0+77+RONTVMbS=y9KpPWaO4jAEU0CfiiGF-Q@mail.gmail.com> <7CDE7D76-4E6C-4060-A0AB-C7D0FE8C9246@lodderstedt.net>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Tue, 05 Apr 2016 11:51:42 -0300
Message-ID: <CA+k3eCSzUcrfhwuBUL1Zh0tb69x1FGw1o919TNptSg=LfYVYZw@mail.gmail.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
Content-Type: multipart/alternative; boundary="089e0149392a8901d7052fbdfd21"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/Wc88iy-muCV4WKke8aFjSE6F46M>
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-campbell-oauth-resource-indicators-01.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2016 14:52:16 -0000
Sorry for the slow response, Torsten, I was on vacation last week with my family. The omission of scope values in the example requests wasn't really intentional so much as just an initial desire to have a minimal amount of stuff in the examples. Adding a scope parameter to the example authorization request (Figure 1) would probably be a good thing to do. I'll make a note to do so. As far as the relationship between scope and resource. Scope is *what* access is being requested/granted. And resource is about *where* a particular access token will be used. I envision resource as allowing for scope to Note that, as currently written anyway, resource is unlike scope in that it's not something that the end-user approves or denies access to and it's not something that is persisted with the grant. It only informs the access token being requested at the time. So it'd be used at the token endpoint when getting an access token. And only at the authorization endpoint when an access token will come back directly in the authorization response (implicit flows). Currently, yes, multiple resources are allowed by the draft to indicate multiple RSs. Though there's a note in there questioning it because it complicates things in some situations where different token content or encryption is needed for different RSs that are asked for in the same request. On Sat, Apr 2, 2016 at 8:04 AM, Torsten Lodderstedt <torsten@lodderstedt.net > wrote: > Hi Brian, > > did you intentionally omit scope values in your example requests? I would > like to know what you envision to be the relationshop between scope and > resource. > > As you draft says, we today use scope values to indicate to the AS, which > ressource servers the clients wants to access. I think we nearly > exclusively use it for that purpose and only seldomly to request certain > access rights. One of the advantages is, we can request access to multiple > resource servers simple by putting multiple scope values into the scope > parameter. Will this be possible with the extension you are proposing? > > Best regards, > Torsten. > > Am 21.03.2016 um 18:41 schrieb Brian Campbell <bcampbell@pingidentity.com > >: > > Very minor update to this draft before the deadline that moves Hannes from > Acknowledgements to Authors in acknowledgment of his similar work a few > years ago. Also fleshed out the IANA section with the formal registration > requests. > > > ---------- Forwarded message ---------- > From: <internet-drafts@ietf.org> > Date: Mon, Mar 21, 2016 at 11:31 AM > Subject: New Version Notification for > draft-campbell-oauth-resource-indicators-01.txt > To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, Hannes Tschofenig < > Hannes.Tschofenig@gmx.net>, Brian Campbell <brian.d.campbell@gmail.com>, > John Bradley <ve7jtb@ve7jtb.com> > > > > A new version of I-D, draft-campbell-oauth-resource-indicators-01.txt > has been successfully submitted by Brian Campbell and posted to the > IETF repository. > > Name: draft-campbell-oauth-resource-indicators > Revision: 01 > Title: Resource Indicators for OAuth 2.0 > Document date: 2016-03-21 > Group: Individual Submission > Pages: 8 > URL: > https://www.ietf.org/internet-drafts/draft-campbell-oauth-resource-indicators-01.txt > Status: > https://datatracker.ietf.org/doc/draft-campbell-oauth-resource-indicators/ > Htmlized: > https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-01 > Diff: > https://www.ietf.org/rfcdiff?url2=draft-campbell-oauth-resource-indicators-01 > > Abstract: > This straw-man specification defines an extension to The OAuth 2.0 > Authorization Framework that enables the client and authorization > server to more explicitly to communicate about the protected > resource(s) to be accessed. > > > > > Please note that it may take a couple of minutes from the time of > submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
- [OAUTH-WG] Fwd: New Version Notification for draf… Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Phil Hunt
- Re: [OAUTH-WG] Fwd: New Version Notification for … Sergey Beryozkin
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … Torsten Lodderstedt
- Re: [OAUTH-WG] Fwd: New Version Notification for … Brian Campbell
- Re: [OAUTH-WG] Fwd: New Version Notification for … torsten@lodderstedt.net
- Re: [OAUTH-WG] Fwd: New Version Notification for … John Bradley