IETF Logo Mail Archive

Re: [OAUTH-WG] Dynamic client registration and the audience (resource) indicators

Sergey Beryozkin <sberyozkin@gmail.com> Mon, 28 November 2016 21:29 UTC

Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C30E6129FCB for <oauth@ietfa.amsl.com>; Mon, 28 Nov 2016 13:29:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xj7AvCGpkEyW for <oauth@ietfa.amsl.com>; Mon, 28 Nov 2016 13:29:06 -0800 (PST)
Received: from mail-wj0-x234.google.com (mail-wj0-x234.google.com [IPv6:2a00:1450:400c:c01::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 19186129A7A for <oauth@ietf.org>; Mon, 28 Nov 2016 13:29:05 -0800 (PST)
Received: by mail-wj0-x234.google.com with SMTP id v7so128065422wjy.2 for <oauth@ietf.org>; Mon, 28 Nov 2016 13:29:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=KghDIfUbm4VpI75mkIs/rLmECfM+2adZ9oU1ah1ecUA=; b=a+PLcw7RI7hJ+jDRMtS9cv5vigc9jCytCLayhb9ly9SxvW+Qxs43bsDNoboSwdgjv9 G95X8tlmnGYW2NeRbiAxpG0WRGay6rzNk4KN/4AV4XBICY4y2UWwO6M0Qm7j3iGFFIRl 8LWlt4OBtTrSXnL8gwdcGoNnpGuCXKEK29iLBuirYNZ/3NXtVgYJMaRSbtXlM3r93+Ej UJupMXriCcigLPeknw4WFoBT+MNa8Mp6WJBw5clsfRzR3slV+6HK6W3XdZcpuk9uRAgn wOe42lTDA5FN423jXutDw2MhBzIIU1Ajc6SXpLgtHu5fiPiVXNsSTcbaOU4rnENQte6J Qilw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=KghDIfUbm4VpI75mkIs/rLmECfM+2adZ9oU1ah1ecUA=; b=BaFnu73h3s6r+/9pF+G+LNOIDConAw5AdDsPJ7JJ/q4BF6GP5PRU6GBMQombYGs/Wx 2JL+7naB3NyGnyAIAWoXjEgRnC+t2PzfI7iIt9OGPErQnmmjDDGvwTMQABmghtKuv/4C /gaOVwMh/vJu2ZLTVgZ0OSj7HRADoaggU4LeZ+OaFWwO03kj5sdz71NjHk6bKt+kzYh7 BMeAo/bIOxIOiBXHLVLFq1i68kwRZMe7BbsFsvvOTBKU2noEc9xNG6iGwG0c6aCG8tnn h2YWSQ93E1ItSyppAVcMSZ1DrELmQITuFVG/6bjMpLTqcrK7Hg+w1bFwZvYJ6FQXVU5M x4fw==
X-Gm-Message-State: AKaTC00Tqf/Oi2sloHMxFPfAS9HDBo1+A1ZFATjoFee9qysAj2jTow02hIRad0z2vLaL2g==
X-Received: by 10.194.24.102 with SMTP id t6mr16820182wjf.111.1480368544264; Mon, 28 Nov 2016 13:29:04 -0800 (PST)
Received: from [192.168.2.7] ([79.97.121.181]) by smtp.googlemail.com with ESMTPSA id j1sm64498063wjm.26.2016.11.28.13.29.03 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 28 Nov 2016 13:29:03 -0800 (PST)
To: Justin Richer <jricher@mit.edu>
References: <c607334a-edcd-2be6-1796-7b31e070bad0@gmail.com> <BFE837C1-C2A8-4393-A6E1-3F56E45AC12C@mit.edu>
From: Sergey Beryozkin <sberyozkin@gmail.com>
Message-ID: <5d46b60a-8a74-1acd-0535-0712f393d149@gmail.com>
Date: Mon, 28 Nov 2016 21:28:46 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <BFE837C1-C2A8-4393-A6E1-3F56E45AC12C@mit.edu>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/YJopuM9DDqKtwyrgaRa4uT3cW90>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Dynamic client registration and the audience (resource) indicators
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2016 21:29:08 -0000

Hi Justin

Thanks, may be if a value for that field is not set, then, by default, a 
client can use the access tokens against the arbitrary RS servers, as 
far as I understand this is what happens by default right now ?

Cheers, Sergey

On 28/11/16 18:47, Justin Richer wrote:
> I would consider that a totally reasonable extension. You will need to define what the behavior is if the client doesn’t provide a value for that field: is there a default? Are there no resources available to the client?
>
>  — Justin
>
>> On Nov 28, 2016, at 12:21 PM, Sergey Beryozkin <sberyozkin@gmail.com> wrote:
>>
>> Hi All
>>
>> Our AS allows for the manual client registration with the UI offering an option to assign the audience/resource URIs to a given Client registration with all the associated future access tokens inheriting them.
>>
>> The client will not have to follow the resource indicator registration as recommended at [1] - the administrator who registers the clients sets the audiences.
>>
>> We'd like to achieve the same with the dynamic client registration but my colleague noted the client metadata in the dynamic registration request has no 'audience' property.
>>
>> We will consider supporting either an 'audience' or 'resource' property - does it sound reasonable ?
>>
>> By the way, as far as [1] is concerned, should a 'resource' property support an array of audiences ? (To support a case a client needed to talk to several RSs to complete a given action)
>>
>> Thanks, Sergey
>>
>> [1] https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email