IETF Logo Mail Archive

Re: [OAUTH-WG] Client cannot specify the token type it needs

zhou.sujing@zte.com.cn Mon, 21 January 2013 07:14 UTC

Return-Path: <zhou.sujing@zte.com.cn>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4A2C21F882A for <oauth@ietfa.amsl.com>; Sun, 20 Jan 2013 23:14:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -98.395
X-Spam-Level:
X-Spam-Status: No, score=-98.395 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SKcmof1AMsld for <oauth@ietfa.amsl.com>; Sun, 20 Jan 2013 23:14:22 -0800 (PST)
Received: from zte.com.cn (mx5.zte.com.cn [63.217.80.70]) by ietfa.amsl.com (Postfix) with ESMTP id 96FAC21F882D for <oauth@ietf.org>; Sun, 20 Jan 2013 23:14:21 -0800 (PST)
Received: from zte.com.cn (unknown [192.168.168.119]) by Websense Email Security Gateway with ESMTP id 9596B12719BC; Mon, 21 Jan 2013 15:16:54 +0800 (CST)
Received: from mse01.zte.com.cn (unknown [10.30.3.20]) by Websense Email Security Gateway with ESMTPS id A3821DF5A18; Mon, 21 Jan 2013 15:18:00 +0800 (CST)
Received: from notes_smtp.zte.com.cn ([10.30.1.239]) by mse01.zte.com.cn with ESMTP id r0L7DmSF011318; Mon, 21 Jan 2013 15:13:55 +0800 (GMT-8) (envelope-from zhou.sujing@zte.com.cn)
In-Reply-To: <1358747085.35324.YahooMailNeo@web31809.mail.mud.yahoo.com>
To: William Mills <wmills_92105@yahoo.com>
MIME-Version: 1.0
X-Mailer: Lotus Notes Release 6.5.6 March 06, 2007
Message-ID: <OFF3C7A7AE.CD29B473-ON48257AFA.00278DE4-48257AFA.0027BC35@zte.com.cn>
From: zhou.sujing@zte.com.cn
Date: Mon, 21 Jan 2013 15:13:48 +0800
X-MIMETrack: Serialize by Router on notes_smtp/zte_ltd(Release 8.5.3FP1 HF212|May 23, 2012) at 2013-01-21 15:13:58, Serialize complete at 2013-01-21 15:13:58
Content-Type: multipart/alternative; boundary="=_alternative 0027BC3448257AFA_="
X-MAIL: mse01.zte.com.cn r0L7DmSF011318
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Client cannot specify the token type it needs
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2013 07:14:23 -0000

William Mills <wmills_92105@yahoo.com> 写于 2013-01-21 13:44:45:

> Not a problem for the client to request a type, but it may not get it.
I don't object client requesting a type, but I think it is meaningful only 
when the requested type is specified by a RS,
and client just relay that request to AS.

> 
> From: "zhou.sujing@zte.com.cn" <zhou.sujing@zte.com.cn>
> To: Prabath Siriwardena <prabath@wso2.com> 
> Cc: "oauth@ietf.org WG" <oauth@ietf.org>; William Mills 
> <wmills_92105@yahoo.com> 
> Sent: Sunday, January 20, 2013 9:38 PM
> Subject: Re: Re: Re: [OAUTH-WG] Client cannot specify the token type it 
needs
> 
> 
> Well, if RS could specify token type, then Client could transfer it to 
AS, 
> I think, but it is not a good idea for client itself to specify the 
> token type. 
> 
> 
> Prabath Siriwardena <prabath@wso2.com> 写于 2013-01-21 13:29:05:
> 
> > Think about a distributed setup. You have single Authorization 
> > Server and multiple Resource Servers. 
> > 
> > Although OAuth nicely decouples AS from RS - AFAIK there is no 
> > standard established for communication betweens AS and RS - how to 
> > declare metadata between those. 
> > 
> > Also there can be Resource Servers which support multiple token 
> > types. It could vary on APIs hosted in a given RS. 
> > 
> > Thanks & regards, 
> > -Prabath 
> > 
> > On Mon, Jan 21, 2013 at 10:48 AM, <zhou.sujing@zte.com.cn> wrote: 
> > 
> > The token type shoulbe decided by resource server, which consumes 
> > access token. 
> > Client just re-tell the requested token type to AS. 
> > Client should not specify the token type. 
> > 
> > 
> > oauth-bounces@ietf.org 写于 2013-01-21 13:08:39: 
> > 
> > 
> > > This is true.  It's possible for the AS to vary it's behavior on 
> > > scope name, but it's presumed the AS and RS have an agreement of 
> > > what token type is in play.  Likely a good extension to the spec. 
> > 
> > > 
> > > From: Prabath Siriwardena <prabath@wso2.com>
> > > To: "oauth@ietf.org WG" <oauth@ietf.org> 
> > > Sent: Sunday, January 20, 2013 7:28 PM
> > > Subject: [OAUTH-WG] Client cannot specify the token type it needs 
> > 
> > > 
> > > Although token type is extensible according to the OAuth core 
> > > specification - it is fully governed by the Authorization Server. 
> > > 
> > > There can be a case where a single AS supports multiple token types 
> > > based on client request. 
> > > 
> > > But currently we don't have a way the client can specify (or at 
> > > least suggest) which token type it needs in the OAuth access 
> tokenrequest ?
> > > 
> > > Is this behavior intentional ? or am I missing something... 
> > > 
> > > Thanks & Regards,
> > > Prabath 
> > > 
> > > Mobile : +94 71 809 6732 
> > > 
> > > http://blog.facilelogin.com
> > > http://RampartFAQ.com 
> > > 
> > > _______________________________________________
> > > OAuth mailing list
> > > OAuth@ietf.org
> > > https://www.ietf.org/mailman/listinfo/oauth
> > > 
> > > _______________________________________________
> > > OAuth mailing list
> > > OAuth@ietf.org
> > > https://www.ietf.org/mailman/listinfo/oauth 
> > 
> 
> > 
> > -- 
> > Thanks & Regards,
> > Prabath 
> > 
> > Mobile : +94 71 809 6732 
> > 
> > http://blog.facilelogin.com
> > http://RampartFAQ.com 
>

v2.23.0 | Report a Bug | By Email