Re: [OAUTH-WG] Issue: Scope parameter
Marius Scurtescu <mscurtescu@google.com> Fri, 16 April 2010 04:42 UTC
Return-Path: <mscurtescu@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2F8AB3A6804 for <oauth@core3.amsl.com>; Thu, 15 Apr 2010 21:42:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.652
X-Spam-Level:
X-Spam-Status: No, score=-101.652 tagged_above=-999 required=5 tests=[AWL=0.325, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z+fSNefHckmW for <oauth@core3.amsl.com>; Thu, 15 Apr 2010 21:42:11 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id DF2AB3A6952 for <oauth@ietf.org>; Thu, 15 Apr 2010 21:42:10 -0700 (PDT)
Received: from hpaq3.eem.corp.google.com (hpaq3.eem.corp.google.com [10.3.21.3]) by smtp-out.google.com with ESMTP id o3G4g0X4010456 for <oauth@ietf.org>; Fri, 16 Apr 2010 06:42:00 +0200
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1271392921; bh=8Tc3dyWYRJInazWeH1Clyh5RnFs=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type:Content-Transfer-Encoding; b=ZxurOJ6UmoiaBrx0Q9bMaEnHLuc52RmWhnHC0pgzMDdxX0k0EBj2vn+XVFuo1TJpU 1URRlkGMXh7wD4X4J5x/w==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=mime-version:in-reply-to:references:from:date:message-id: subject:to:cc:content-type:content-transfer-encoding:x-system-of-record; b=cRQUZfnzXSACOxHQMVZxPeVvdvNuZ1h6dbS2/Yh45vSZsVR0mayVaEpUkLDV4jmeR TB/lahyCfLCUG35l51lsw==
Received: from pwj7 (pwj7.prod.google.com [10.241.219.71]) by hpaq3.eem.corp.google.com with ESMTP id o3G4fwes030106 for <oauth@ietf.org>; Fri, 16 Apr 2010 06:41:59 +0200
Received: by pwj7 with SMTP id 7so2555296pwj.2 for <oauth@ietf.org>; Thu, 15 Apr 2010 21:41:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.141.107.2 with HTTP; Thu, 15 Apr 2010 21:41:38 -0700 (PDT)
In-Reply-To: <191F411E00E19F4E943ECDB6D65C60851691F645@TK5EX14MBXC115.redmond.corp.microsoft.com>
References: <h2o74caaad21004151238w60c3afd3td8dccdd8a7127a4a@mail.gmail.com> <C7ECBC36.32379%eran@hueniverse.com> <191F411E00E19F4E943ECDB6D65C60851691F095@TK5EX14MBXC115.redmond.corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E1125748109A@WSMSG3153V.srv.dir.telstra.com> <191F411E00E19F4E943ECDB6D65C60851691F5A9@TK5EX14MBXC115.redmond.corp.microsoft.com> <255B9BB34FB7D647A506DC292726F6E11257591D3B@WSMSG3153V.srv.dir.telstra.com> <191F411E00E19F4E943ECDB6D65C60851691F645@TK5EX14MBXC115.redmond.corp.microsoft.com>
From: Marius Scurtescu <mscurtescu@google.com>
Date: Thu, 15 Apr 2010 21:41:38 -0700
Received: by 10.140.248.13 with SMTP id v13mr1382635rvh.25.1271392918150; Thu, 15 Apr 2010 21:41:58 -0700 (PDT)
Message-ID: <t2u74caaad21004152141jd7b59fc9v60ea28d0dcaa7e4@mail.gmail.com>
To: Justin Smith <justinsm@microsoft.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Issue: Scope parameter
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Apr 2010 04:42:13 -0000
On Thu, Apr 15, 2010 at 9:31 PM, Justin Smith <justinsm@microsoft.com> wrote: > Great. > > > > So, let’s say there is an Authorization Server available at http://as.com > and it protects the http://foo.com and http://bar.com resources. > > > > A client requests http://foo.com. The foo.com server responds with a > WWW-Auth that contains the http://as.com URI. The client then sends an > access token request to http://as.com. Is that right? I think James is suggesting that WWW-Auth will contain something like http://as.com?scope=foo.com If that's the case, the scope is basically a custom parameter. Also, this assumes that protected resources are simple URLs that can be fetched. In many cases the protected resource is some API and this API will require specific scopes depending on the context (actual user, operation, etc). So a 401 may not be able to specify exactly what scope is needed. The client programmer will have to understand the API and provide proper scopes. Marius
- [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Mark Mcgloin
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Luke Shepard
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Anthony Nadalin
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Evan Gilbert
- Re: [OAUTH-WG] Issue: Scope parameter Justin Richer
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav