Re: [OAUTH-WG] Oauth Server to Server
Sergey Beryozkin <sberyozkin@gmail.com> Thu, 26 September 2013 12:34 UTC
Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92B4321F8FAC for <oauth@ietfa.amsl.com>; Thu, 26 Sep 2013 05:34:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aalNPWOnmYGm for <oauth@ietfa.amsl.com>; Thu, 26 Sep 2013 05:34:35 -0700 (PDT)
Received: from mail-bk0-x22f.google.com (mail-bk0-x22f.google.com [IPv6:2a00:1450:4008:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id 9A19A21F9F01 for <oauth@ietf.org>; Thu, 26 Sep 2013 05:34:30 -0700 (PDT)
Received: by mail-bk0-f47.google.com with SMTP id mx12so384267bkb.34 for <oauth@ietf.org>; Thu, 26 Sep 2013 05:34:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=ddQR4zz5LRvpnYCRI2ruPqQzz7N8sVcXZZBwgtTvVJ8=; b=R23ekiyBKUWPR1elc/p6leewHWPzL7smI6DHueHyiRAUtDLlIpnhHr82KgggJyiye9 KaanxAoRAtuFP52sqSzarku6UetrPQ5U9xThO5yMuI2JhJdR4cn57MceYCSEp823oTv4 C4EMLb4dXzoGwr/uugir/bQNYfNLeEPvRYdVTbk93eq+KCm9ktukoA+rmTY7XOvU8pQp Dt0EKmmP6ov0XQKp97KOfZUCQ+ImDTRCuAjlnvLAVhehg5wZT/x3SBt+CsETErXfZ6i8 kaJq/qPVfStoPgJKNfqusk5rIoNjgjazLAllBR1bkU2VbiKQhEO5z8GsaY+ftYN1laHt +7Dg==
X-Received: by 10.204.103.199 with SMTP id l7mr429200bko.11.1380198868494; Thu, 26 Sep 2013 05:34:28 -0700 (PDT)
Received: from [192.168.2.5] ([89.100.141.107]) by mx.google.com with ESMTPSA id w9sm878234bkn.12.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 26 Sep 2013 05:34:27 -0700 (PDT)
Message-ID: <524429D2.3010008@gmail.com>
Date: Thu, 26 Sep 2013 13:34:26 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7
MIME-Version: 1.0
To: oauth@ietf.org
References: <832FA2A6-D0DD-45D0-9107-7EE02B6793B7@adobe.com>
In-Reply-To: <832FA2A6-D0DD-45D0-9107-7EE02B6793B7@adobe.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [OAUTH-WG] Oauth Server to Server
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Sep 2013 12:34:35 -0000
On 24/09/13 13:08, Antonio Sanso wrote: > Hi *, > > apologis to be back to this argument :). > > Let me try to better explain one use case that IMHO would be really good to have in the OAuth specification family :) > > At the moment the only "OAuth standard" way I know to do OAuth server to server is to use [0] namely Resource Owner Password Credentials Grant. > > Let me tell I am not a big fun of this particular flow :) (but this is another story). > > An arguable better way to solve this scenario is to user (and why not to standardise :S?) the method used by Google (or a variant of it) see [1]. 2-way TLS and Resource Owner Password Credentials should be secure enough, right ? Cheers, Sergey > > Couple of more things: > > - I do not know if Google would be interested to put some effort to standardise it (is anybody from Google lurking :) e.g.Tim Bray :D ) > - I am not too familiar with IETF process. Would the OAuth WG take in consideration such proposal draft?? > > Thanks and regards > > Antonio > > [0] http://tools.ietf.org/html/rfc6749#section-4.3 > [1] https://developers.google.com/accounts/docs/OAuth2ServiceAccount > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Brian Campbell
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Chuck Mortimore
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Bill Mills
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Phil Hunt
- Re: [OAUTH-WG] Oauth Server to Server Chuck Mortimore
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Chuck Mortimore
- Re: [OAUTH-WG] Oauth Server to Server Sergey Beryozkin
- Re: [OAUTH-WG] Oauth Server to Server Justin Richer
- Re: [OAUTH-WG] Oauth Server to Server Todd W Lainhart
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Sergey Beryozkin
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso
- Re: [OAUTH-WG] Oauth Server to Server Antonio Sanso