IETF Logo Mail Archive

Re: [OAUTH-WG] Delegation -- RE: SAML profile comments/questions from the SAML people

Igor Faynberg <igor.faynberg@alcatel-lucent.com> Tue, 07 September 2010 20:36 UTC

Return-Path: <igor.faynberg@alcatel-lucent.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B6FA93A6A7A for <oauth@core3.amsl.com>; Tue, 7 Sep 2010 13:36:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.471
X-Spam-Level:
X-Spam-Status: No, score=-2.471 tagged_above=-999 required=5 tests=[AWL=0.128, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RyUL80FtKQq3 for <oauth@core3.amsl.com>; Tue, 7 Sep 2010 13:36:16 -0700 (PDT)
Received: from ihemail4.lucent.com (ihemail4.lucent.com [135.245.0.39]) by core3.amsl.com (Postfix) with ESMTP id 6161D3A68A0 for <oauth@ietf.org>; Tue, 7 Sep 2010 13:36:14 -0700 (PDT)
Received: from umail.lucent.com (h135-3-40-63.lucent.com [135.3.40.63]) by ihemail4.lucent.com (8.13.8/IER-o) with ESMTP id o87Kae2x001305 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 7 Sep 2010 15:36:40 -0500 (CDT)
Received: from [135.244.20.104] (faynberg.lra.lucent.com [135.244.20.104]) by umail.lucent.com (8.13.8/TPES) with ESMTP id o87KaQtV023243; Tue, 7 Sep 2010 15:36:28 -0500 (CDT)
Message-ID: <4C86A248.20501@alcatel-lucent.com>
Date: Tue, 07 Sep 2010 16:36:24 -0400
From: Igor Faynberg <igor.faynberg@alcatel-lucent.com>
Organization: Alcatel-Lucent
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: Thomas Hardjono <hardjono@MIT.EDU>, "Zeltsan, Zachary" <Zachary.Zeltsan@alcatel-lucent.com>
References: <DADD7EAD88AB484D8CCC328D40214CCD01C253AA42@EXPO10.exchange.mit.edu>
In-Reply-To: <DADD7EAD88AB484D8CCC328D40214CCD01C253AA42@EXPO10.exchange.mit.edu>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.39
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Delegation -- RE: SAML profile comments/questions from the SAML people
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: igor.faynberg@alcatel-lucent.com
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Sep 2010 20:36:18 -0000

Thomas,

It looks to me like the intention in this use case is similar to that of 
the "multilegged OAuth" (later renamed to the politically-correct 
"recursive delegation"). This use case has been published in Bart's and 
Zachary's draft. which has expired now. This case has moved into the 
overall use case compilation document.

Zachary, maybe you could shed some light here?

Igor

Thomas Hardjono wrote:
> __________________________________________
>
>   
>> -...
>
> What I meant to say is that User#1/Client#1 asks for 
> an access token (to a given resource) with the
> intention of later handing over the access-token to 
> a different User#2/Client#2.
>
> Ideally, this model could be extensible where
> User#2/Client#2 asks the Auth Server to "swap" (re-issue)
> this token for a different client_id (User#3/Client#3).
>
> However, this bring us into space of role based access
> control and permissions, which would somewhat complicate
> the Oauth 2.0 authorization model :)
>
> /thomas/
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email