Re: [OAUTH-WG] Issue: Scope parameter
Justin Richer <jricher@mitre.org> Mon, 19 April 2010 16:14 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7F82E28C271 for <oauth@core3.amsl.com>; Mon, 19 Apr 2010 09:14:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.554
X-Spam-Level:
X-Spam-Status: No, score=-4.554 tagged_above=-999 required=5 tests=[AWL=0.556, BAYES_05=-1.11, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LJDEaaWPHJDq for <oauth@core3.amsl.com>; Mon, 19 Apr 2010 09:14:15 -0700 (PDT)
Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by core3.amsl.com (Postfix) with ESMTP id 4A50F28C293 for <oauth@ietf.org>; Mon, 19 Apr 2010 08:54:25 -0700 (PDT)
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id o3JFsGjn022596 for <oauth@ietf.org>; Mon, 19 Apr 2010 11:54:16 -0400
Received: from imchub2.MITRE.ORG (imchub2.mitre.org [129.83.29.74]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id o3JFsGVK022590; Mon, 19 Apr 2010 11:54:16 -0400
Received: from [129.83.50.65] (129.83.50.65) by imchub2.MITRE.ORG (129.83.29.74) with Microsoft SMTP Server id 8.2.213.0; Mon, 19 Apr 2010 11:54:16 -0400
From: Justin Richer <jricher@mitre.org>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
In-Reply-To: <20100419150338.19825npsatjgfesk@webmail.df.eu>
References: <C7ECB1F7.32357%eran@hueniverse.com> <h2l987bab591004181812ve43197f9la55f59b753bd2959@mail.gmail.com> <o2wfd6741651004181838ob1dda59bpf7cb88d3b1892c1d@mail.gmail.com> <1676FB17-48B2-4125-991C-CE996C4DE66B@gmail.com> <g2sfd6741651004181904q2f242fcexf2f7892c9b512068@mail.gmail.com> <z2o74caaad21004182112he72e1a33i4397e2d5333a0c13@mail.gmail.com> <2513A610118CC14C8E622C376C8DEC93D54D66DDF6@SC-MBXC1.TheFacebook.com> <20100419150338.19825npsatjgfesk@webmail.df.eu>
Content-Type: text/plain; charset="UTF-8"
Date: Mon, 19 Apr 2010 11:54:15 -0400
Message-ID: <1271692455.12101.39.camel@localhost.localdomain>
MIME-Version: 1.0
X-Mailer: Evolution 2.28.1
Content-Transfer-Encoding: 7bit
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Issue: Scope parameter
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Apr 2010 16:14:35 -0000
+1 to the "Device" idea. About a year ago I brought up the idea of having an instance identifier as an OAuth extension, but that never got traction and I dropped the thread. -- justin On Mon, 2010-04-19 at 09:03 -0400, Torsten Lodderstedt wrote: > +1 to #1 (as starting point) > > In my opinion, the WG should try to work towards #2. Would it be > possible to first collect what kind of "scope" implementations use > today and what ideas exists? > > Based on our experiences with implementing OAuth 1.0a at Deutsche > Telekom, I see the following aspects: > > - resource: specification of the protected resource to be accessed. An > example could be: "http://www.example.de/photos/" or just "photos". > > This is a more conceptual view that can be understood by users > (relevant for user consent), whereas the service id is a more > technical view. > > - service id: identifier of a web service exposing certain functions > to access/manipulate resources on a particular channel using a > particular technology (Rest, SOAP, ...). > Examples could be: "photos-rest-proxy-iptv", "photos-soap-intf-mobile". > > Different services may need different user data, thus content of > self-contained tokens typically varies between service id's. > > - permissions: permissions on resources or services the client wants > to get authorized by the user (comma-separated list of opaque > strings). The range of permissions is defined by the resource/service > as part of its API design. This could be something like "upload", > "download", "sent", or "establish connection". > > - duration: specification of the token duration the client asks for > > - device: the device the OAuth clients resides on. This allows to have > different tokens for the same client (application) on different > devices and is intended to reduce the impact of token theft. The token > is bound to a particular device during user authz flow and usage of > the token is restricted to that device only (typically mobile/smart > phones, but also set top boxes, tv sets, gaming consoles). > > regards, > Torsten. > > Zitat von Luke Shepard <lshepard@facebook.com>: > > > David Recordon <recordond@gmail.com> wrote: > >>> Does anyone have an implementation example where comma separated > >>> strings wouldn't work for the scope parameter? > > > > Marius wrote: > >> Yes, Google currently is using a space separated list of URIs. > >> Why does the format matter? > > > > I agree. Facebook uses comma-separate strings, Google uses > > space-separated URLs- why is this a problem? > > > > It seems we have three options: > > > > 1/ We leave the scope parameter as an Auth Server-specific, opaque parameter. > > 2/ We all agree on a format and spec for the scope parameter. > > 3/ We drop the scope parameter and make each server define their > > own, non-standard scope param. > > > > I think David proposed #2 as a way to address concerns on this list > > that #1 would be a hindrance to interop. But I personally vote for > > #1 now - we would add a spec later if it proves to be a problem. > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Mark Mcgloin
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Justin Smith
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Manger, James H
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter David Recordon
- Re: [OAUTH-WG] Issue: Scope parameter Marius Scurtescu
- Re: [OAUTH-WG] Issue: Scope parameter Luke Shepard
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Dick Hardt
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Anthony Nadalin
- Re: [OAUTH-WG] Issue: Scope parameter Torsten Lodderstedt
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav
- Re: [OAUTH-WG] Issue: Scope parameter Evan Gilbert
- Re: [OAUTH-WG] Issue: Scope parameter Justin Richer
- Re: [OAUTH-WG] Issue: Scope parameter Eran Hammer-Lahav