IETF Logo Mail Archive

Re: [OAUTH-WG] Simpilfying use of assertions when requesting an access token

Brian Campbell <bcampbell@pingidentity.com> Fri, 24 September 2010 14:09 UTC

Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 31F973A69DA for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 07:09:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.864
X-Spam-Level:
X-Spam-Status: No, score=-5.864 tagged_above=-999 required=5 tests=[AWL=0.113, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uZCYNELF5nvl for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 07:09:50 -0700 (PDT)
Received: from na3sys009aog113.obsmtp.com (na3sys009aog113.obsmtp.com [74.125.149.209]) by core3.amsl.com (Postfix) with SMTP id 755B63A6ADF for <oauth@ietf.org>; Fri, 24 Sep 2010 07:09:49 -0700 (PDT)
Received: from source ([209.85.161.43]) by na3sys009aob113.postini.com ([74.125.148.12]) with SMTP ID DSNKTJyxTB0P5tPuJJDWnBQTW5xkfGL1fBEg@postini.com; Fri, 24 Sep 2010 07:10:21 PDT
Received: by fxm7 with SMTP id 7so2818558fxm.2 for <oauth@ietf.org>; Fri, 24 Sep 2010 07:10:19 -0700 (PDT)
Received: by 10.223.111.77 with SMTP id r13mr3548169fap.45.1285337419828; Fri, 24 Sep 2010 07:10:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.113.3 with HTTP; Fri, 24 Sep 2010 07:09:49 -0700 (PDT)
In-Reply-To: <AANLkTi=G9ga5Rf+zhSrJhS7yyAnU81CyL29bOP_fGq8w@mail.gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343B3F35BE13@P3PW5EX1MB01.EX1.SECURESERVER.NET> <1283462840.3809.42.camel@localhost.localdomain> <90C41DD21FB7C64BB94121FBBC2E72343B3F35BE2D@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTinvch2Xc+LzMzVjQGjMx0yXHKheR=93D5ExJhzC@mail.gmail.com> <1285104656.15179.12.camel@localhost.localdomain> <AANLkTi=3iCCDzbtuzHx7iD1qVTGadiPMnBNpHuVyuC-b@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E72343D45D7F94F@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTi=bK6oVTs+fBdpNqD0KU+1XU5wM++W2zqs61DwS@mail.gmail.com> <AANLkTi=G9ga5Rf+zhSrJhS7yyAnU81CyL29bOP_fGq8w@mail.gmail.com>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 24 Sep 2010 08:09:49 -0600
Message-ID: <AANLkTikxsfVZVwjLV9SUu2n2A8MLy2+nVP_ptA18myvL@mail.gmail.com>
To: Marius Scurtescu <mscurtescu@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Simpilfying use of assertions when requesting an access token
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 14:09:51 -0000

Yeah, that is true.  One of my reasons for bringing this up was in
consideration of proposing a similar simplification around client
authentication.  But clearly client authn and grants can and will be
presented together in the same request.  I was aware of the potential
for name conflicts but didn't really think it though to the point of
needing a registry.  I still think there's potential for the core spec
to be simplified, shortened and for grants and client authn to be more
consistent.  But perhaps the value of that is too much diminished by
requiring registry(s).  There's always name prefixes or name-spaces...
 but I'll drop it unless there's actual interest out there in pursuing
the ideas (which there doesn't seem to be).

On Thu, Sep 23, 2010 at 3:27 PM, Marius Scurtescu <mscurtescu@google.com> wrote:
>
> There could be conflicts with other extensions that send parameters
> alongside a grant request, no?
>
> Marius
>

v2.23.0 | Report a Bug | By Email