Re: [OAUTH-WG] oauth with command line clients

"Hollenbeck, Scott" <shollenbeck@verisign.com> Mon, 12 June 2017 13:29 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 024E912EACC for <oauth@ietfa.amsl.com>; Mon, 12 Jun 2017 06:29:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.691
X-Spam-Level:
X-Spam-Status: No, score=-2.691 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l4drD4sHbb4u for <oauth@ietfa.amsl.com>; Mon, 12 Jun 2017 06:29:51 -0700 (PDT)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEDB912EAB0 for <oauth@ietf.org>; Mon, 12 Jun 2017 06:29:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=6892; q=dns/txt; s=VRSN; t=1497274190; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=n9IvA7rW1s0ClOPmsmeJ98xVLwTo7JqWanuRtlFJ4cY=; b=ad0wvDTJU7GwVxd62B3KnPH3aJ7Tr9OmTf4p2UVacfZ1y2915bZybGJF 95W4EULZwdhEWCK+wHe+8D32bT+rz8+FKLWqK0vID8ITzVikj0nG0le2p yMRDUz6OjSJSajSJRzLgaFQdHey5XKaPsPJOAbMko3SsivV01FYk9UVyq mGvAGT9iud62jyQTirod9g9jG/C3FEYlrH1cDsOHT0ZwLfS/tzKgU/77F qw8wdpOWvQjJbAoIaeXjPOA0Euv99zXtEWkMJhjPyXqnbMuqKEPZJl16V YPUjFJ0jIzyxEfj+y8zlbKQg20fB688DqIVrjielL2AlDknEGw/SASsqe A==;
X-IronPort-AV: E=Sophos;i="5.39,333,1493683200"; d="scan'208,217";a="3666427"
IronPort-PHdr: =?us-ascii?q?9a23=3AtKVvzxDv7pC8vSgUe9q0UyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSPX+osbcNUDSrc9gkEXOFd2CrakV1KyO6+jJYi8p2d65qncMcZhBBVcuqP?= =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6?= =?us-ascii?q?JvjvGo7Vks+7y/2+94fdbghMhjexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfO?= =?us-ascii?q?pWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnM?= =?us-ascii?q?VhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Xymp4aV2Rx/ykC?= =?us-ascii?q?oJNyA3/nzLisJ+j6xbrhCupx1jzIHbe4yaLuZyc6fHcN8GWWZMXMBcXDFBDIOm?= =?us-ascii?q?aIsPCvIMMehaoYn6o1sOqQWxBQ+3C+zx1jBIhWf61rAn3es9FgHGwBAgE9wTu3?= =?us-ascii?q?nTt9X1NKASUeSxzKbWyzXMdO1Z1iv+6IXTbBAuv+uMXbNrccrQxkkvERnJgUmX?= =?us-ascii?q?qYzgJj6Y0PkGvWuD7+d4SO6jl3QrpxxzrzWh3Msgl4nEi4wPxlza+ih0wJ45Kc?= =?us-ascii?q?CkREJhfNKpEodcuzuHO4Z5Qc4uWXxktSU8x7Ybo5C0ZjIKx44ixxPHbvyHdJWH?= =?us-ascii?q?7Qz7WeaKJDd4mGpleLWihxau6USgyvPzVs2z0FtStSVFiN/Mum0J1x3c78iIUP?= =?us-ascii?q?p9/kOm2TaSywDf9v9ILVoqlaXFMZ4hw6UwlpscsUTFBCP5hEL2jKqOekUl/Oin?= =?us-ascii?q?9fjnb637qpOALYN4lwPzP6o0lsCiAek1PBICU3aU9Om8zLHj+Ff2QLROjv04iK?= =?us-ascii?q?nZt5XaKNwApq65BA9V1oIj5Ai5Dzi9ztsXgXoHIUlbeB2ZlYjpOkrOIPH3Dfe5?= =?us-ascii?q?mVijjDBrx/XeMr37HprNNmTDkKvmfbtl7E5T0hczzcxf559PC7EOPu7zWkHruN?= =?us-ascii?q?zfFB85PBS+w/z7B9VlyoMeRWWPD7eDP6zIq1+I4eQvLvKUZIAPojbyNeQq5/3v?= =?us-ascii?q?jXMjhVAdeqyp14MNaH+kBvRmP1mZYX30j9gaCmgKoxA+TO/0h1CZSz5ceWu9X6?= =?us-ascii?q?Im6TEnEo6pEYDDRoX+yICGiW30FJdLfGNLIkqBHXfha8OPXPJDImrGKMV8iD8J?= =?us-ascii?q?faKsR48oyVelswqsj/ItYePd4CoenYrqztV+5OyVnhY3unY8W82UyWaLZ3l9hG?= =?us-ascii?q?4DRD5w16d69x9T0FCGhOJYhPhcGNpZ6vhKFk8BPpnA06YyX8vyXQbFc9GDRV2l?= =?us-ascii?q?asurGzAqT903hdQJZhAuSJ2Zkhnf0n/yUPcunLuRCcls/w=3D=3D?=
X-IPAS-Result: =?us-ascii?q?A2F0EwC9lj5Z//WZrQpcHAEBBAEBCgEBFgEBAQMBAQEJAQE?= =?us-ascii?q?BgkQ8gQ+BDQeDbZwGgyKSYRCCAYYkAhqDFBcBAQEBAQEBAQEBAQKBEIIzIoJDA?= =?us-ascii?q?QEBAQMjCkwQAgEIDQQEAQELHQMCAgIwFAkIAgQBDQUIE4ktsGaCJiuLOQEBAQE?= =?us-ascii?q?BAQEBAQEBAQEBAQEBAQEBAR2EUIISgV+CT1GEOhoYNIJcMIIxBZ45BgKVTYkxh?= =?us-ascii?q?k+UbCEBgUB0URJsAYFBhFp2iFGBDQEBAQ?=
Received: from BRN1WNEXCHM01.vcorp.ad.vrsn.com (brn1wnexchm01 [10.173.152.255]) by brn1lxmailout02.verisign.com (8.13.8/8.13.8) with ESMTP id v5CDTnPN020415 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Mon, 12 Jun 2017 09:29:49 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by BRN1WNEXCHM01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Mon, 12 Jun 2017 09:29:48 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "'bburke@redhat.com'" <bburke@redhat.com>, "'aaron@parecki.com'" <aaron@parecki.com>
CC: "'oauth@ietf.org'" <oauth@ietf.org>
Thread-Topic: [EXTERNAL] Re: [OAUTH-WG] oauth with command line clients
Thread-Index: AQHS438YoDfvDoWY6k+/BPWBt667faIhN/Sw
Date: Mon, 12 Jun 2017 13:29:48 +0000
Message-ID: <831693C2CDA2E849A7D7A712B24E257F73E441C6@BRN1WNEXMBX01.vcorp.ad.vrsn.com>
References: <a496c372-b700-c6ad-06e7-c257c10d5986@redhat.com> <CAGBSGjoarSVOEdqjPJXL6BfuACnZeks4LEyBpaMSb+TQ_WFNFw@mail.gmail.com> <e59735df-a6f1-341f-164e-6151b4f23d8e@redhat.com>
In-Reply-To: <e59735df-a6f1-341f-164e-6151b4f23d8e@redhat.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: multipart/alternative; boundary="_000_831693C2CDA2E849A7D7A712B24E257F73E441C6BRN1WNEXMBX01vc_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/aRhlRCOemw0-xQYd4T3y1qHk1ck>
Subject: Re: [OAUTH-WG] oauth with command line clients
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 13:29:53 -0000

From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Bill Burke
Sent: Monday, June 12, 2017 9:23 AM
To: Aaron Parecki <aaron@parecki.com>
Cc: OAuth WG <oauth@ietf.org>
Subject: [EXTERNAL] Re: [OAUTH-WG] oauth with command line clients



I've read about these techniques, but, its just not a good user experience.  I'm thinking more of something where the command line console is the sole user agent and the auth server drives a plain text based interaction much like an HTTP Server drives interaction with HTML and the browser.

This isn't anything complex.  It should be a simple protocol, but I'd like to piggy back on existing solutions to build some consensus around what I think is a common issue with using OAuth.  If there isn't anything going on here in the OAuth group surrounding this, would be willing to draw up a Draft if there is interest.

[SAH] I’m certainly interested! I have a use case for federated client authentication and authorization for the Registration Data Access Protocol (RDAP) that has the same need for command line web service clients like wget and curl.



Scott