[OAUTH-WG] Clarification of "client application consisting of multiple components"

nov matake <nov@matake.jp> Sun, 11 March 2012 15:25 UTC

Return-Path: <nov@matake.jp>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3767021F86C9 for <oauth@ietfa.amsl.com>; Sun, 11 Mar 2012 08:25:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id xiMkpb-31xGp for <oauth@ietfa.amsl.com>; Sun, 11 Mar 2012 08:25:31 -0700 (PDT)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com []) by ietfa.amsl.com (Postfix) with ESMTP id B7D5821F8611 for <oauth@ietf.org>; Sun, 11 Mar 2012 08:25:31 -0700 (PDT)
Received: by dakl33 with SMTP id l33so4226140dak.31 for <oauth@ietf.org>; Sun, 11 Mar 2012 08:25:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer:x-gm-message-state; bh=gquI7/5Ee1vcDzd32BQXnFSPKEMtKBLlhvCuNPOIBbs=; b=agdcQ1Or3XsjDHjHeLD6l6znKD8mS+k4NR0+UlGlft61EaR76P0vQ0lJeV4CXbpCpV mvmvozBTiJO2qJVnkl7A4FgoMN4kHXSNGkQnJJacCbhcJLYxhElXe3uc//XKjr4/B/Vi 3dqlNLFIql13uhpfqDnfCZfwaj8p+2XdRr1Z1GadPNNDY1Xy3mLDNcPLZqweNXzhGOg4 geKUMhfoggEZlJQhFK3nlj0w4PzkX3K4EIqayZ4THjALEnCOSuT6wmWdWkpla3czmygH j7GlTA/iBl2KEKpWZw+E1SMhU+gjunkjoux3OAJL76Qr5BsZuRqCi64K6IZ37z8aJZiJ alpA==
Received: by with SMTP id rx6mr7028874pbc.139.1331479531388; Sun, 11 Mar 2012 08:25:31 -0700 (PDT)
Received: from [] (q032020.dynamic.ppp.asahi-net.or.jp. []) by mx.google.com with ESMTPS id a2sm8360260pbc.16.2012. (version=TLSv1/SSLv3 cipher=OTHER); Sun, 11 Mar 2012 08:25:30 -0700 (PDT)
From: nov matake <nov@matake.jp>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Date: Mon, 12 Mar 2012 00:25:27 +0900
Message-Id: <62D85564-7961-4AB6-B1FA-B2DD75A4C74B@matake.jp>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1257)
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQlmvFsxzmXZHN4dlDfMu2bEgAUJc+aNRkN8+Lr7ezr4I1JbcjoVZHTVhZwK7vDAHXcNvkfR
Subject: [OAUTH-WG] Clarification of "client application consisting of multiple components"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Mar 2012 15:25:32 -0000


I just found this sentence in the latest draft.

Does it mean "an application consisting of server-side and client-side component (eg. foursquare iPhone app) MUST have separate client_id for each component" ?
Or can I image something like Facebook is doing right now? (register each component for a single client_id separately)

A client application consisting of multiple components, each with its
own client type (e.g. a distributed client with both a confidential
server-based component and a public browser-based component), MUST
register each component separately as a different client to ensure
proper handling by the authorization server.  The authorization
server MAY provider tools to manage such complex clients through a
single administration interface.

nov <nov@matake.jp>