Re: [OAUTH-WG] Device profile usage
Vincent Tsang <vincetsang@gmail.com> Sat, 01 June 2013 11:33 UTC
Return-Path: <vincetsang@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 008EB21F8689; Sat, 1 Jun 2013 04:33:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.569
X-Spam-Level: *
X-Spam-Status: No, score=1.569 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, HTML_MESSAGE=0.001, MIME_BASE64_TEXT=1.753]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JsuborGGd5+7; Sat, 1 Jun 2013 04:33:47 -0700 (PDT)
Received: from mail-pd0-f177.google.com (mail-pd0-f177.google.com [209.85.192.177]) by ietfa.amsl.com (Postfix) with ESMTP id A618D21F867B; Sat, 1 Jun 2013 04:33:47 -0700 (PDT)
Received: by mail-pd0-f177.google.com with SMTP id u11so3508800pdi.36 for <multiple recipients>; Sat, 01 Jun 2013 04:33:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=pO+IT3TRto//Rx25H0rn0RD+CEH8njT0JWt8ohNnof4=; b=ACzWrXyNhJ4DpZvEgVvFpfor2Vh7RGpbfGvvy3Tjb0KayOBMIXkEyoetpHJ2n2KHpZ 8B1zo2bYaOB7xyRMB2egjtZoM3foH2tsNtaFJhyp2wFzlg+fBAxsZsZRrs8QjWgXBLfr I5kSWsIWlWRqljBvnmZvbaIkIosXfbA8iDdDBkVv1utKKvJm/a5wkTWTubvFc1KXbDs6 k8b+/roxcbdU1WoJijmRiWYfZVHW33yVlwMteZchzsn1FJZIGpWy2xGMG0pLK2MiGJko mzYfwE8HF7i6R9AkKOLjrQFLaxiztUQgCofHK4AUtVzXwFhRIV+sbT8bxzFXR0tJnvlU IqpA==
MIME-Version: 1.0
X-Received: by 10.68.191.36 with SMTP id gv4mr17222207pbc.67.1370086427291; Sat, 01 Jun 2013 04:33:47 -0700 (PDT)
Received: by 10.70.51.132 with HTTP; Sat, 1 Jun 2013 04:33:47 -0700 (PDT)
In-Reply-To: <OFF86999E0.8F266EE6-ON85257B7A.005F7345-85257B7A.005FEB39@us.ibm.com>
References: <CANZRnTUyz6wo_5ZfghicGpNEm_=+Aw1=ChdNPdTvKkZS4YApNw@mail.gmail.com> <E625D418-5F83-41EB-BF65-09DEDF003C14@gmx.net> <CANZRnTUS4+_37EtA3bJFDvjWOC=iFzGk1PLHutzx1ijp9kMS_g@mail.gmail.com> <-8470720313341818373@unknownmsgid> <CANZRnTUpyaV6Vd88wkSG_g5tb9QeVGM60czSrpqDdEcqczoXSg@mail.gmail.com> <OF35A0195E.6911A37A-ON85257B7A.0049A8A1-85257B7A.0049D9F2@us.ibm.com> <CANZRnTVcQdobaRSdNLQQR3CtLL_w=q=DLJTGdLe0Kp3-K6-q+w@mail.gmail.com> <OFF86999E0.8F266EE6-ON85257B7A.005F7345-85257B7A.005FEB39@us.ibm.com>
Date: Sat, 01 Jun 2013 19:33:47 +0800
Message-ID: <CANZRnTVYNDw3m2pJdFaC9hpDviSLQ5kAbczdJF+aN1B6iKVpKQ@mail.gmail.com>
From: Vincent Tsang <vincetsang@gmail.com>
To: Todd W Lainhart <lainhart@us.ibm.com>
Content-Type: multipart/alternative; boundary="e89a8ff1c418cf77ce04de161a06"
Cc: "oauth@ietf.org" <oauth@ietf.org>, "oauth-bounces@ietf.org" <oauth-bounces@ietf.org>
Subject: Re: [OAUTH-WG] Device profile usage
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Jun 2013 11:33:52 -0000
Thanks everyone for the helpful suggestions - special thanks to Justin for the detailed description. I now agree the authorization code flow is applicable to our use case and seems 6d in Justin's response is a good way to go. Cheers, Vincent On Thu, May 30, 2013 at 1:27 AM, Todd W Lainhart <lainhart@us.ibm.com>wrote: > > The same user could run the app on multiple computers and I want to > distinguish each running instance, so I think it's the app? > > I asked, because I wondered if the client credentials flow or the auth > code flow was the more appropriate flow. It sounds like you want to > identify both the client and the user, but it's unclear if it's required > that the client authenticate. Also, I can't tell from your use case if > OAuth is the appropriate solution. > > If it is the right solution, Justin's response sounds like the way to go. > > * > > > Todd Lainhart > Rational software > IBM Corporation > 550 King Street, Littleton, MA 01460-1250** > 1-978-899-4705 > 2-276-4705 (T/L) > lainhart@us.ibm.com* > > > > > From: Vincent Tsang <vincetsang@gmail.com> > To: Todd W Lainhart/Lexington/IBM@IBMUS, > Cc: "oauth@ietf.org" <oauth@ietf.org>, "oauth-bounces@ietf.org" < > oauth-bounces@ietf.org>, Nat Sakimura <sakimura@gmail.com> > Date: 05/29/2013 10:29 AM > Subject: Re: Device profile usage > ------------------------------ > > > > The same user could run the app on multiple computers and I want to > distinguish each running instance, so I think it's the app? > > Thanks. > Vincent > > On Wednesday, May 29, 2013, Todd W Lainhart wrote: > On behalf of what will the access token be granted - the app (e.g. Word), > or the user running the app? > * > > > Todd Lainhart > Rational software > IBM Corporation > 550 King Street, Littleton, MA 01460-1250** > 1-978-899-4705 > 2-276-4705 (T/L)** > **lainhart@us.ibm.com* > > > > > > From: Vincent Tsang <*vincetsang@gmail.com*> > To: Nat Sakimura <*sakimura@gmail.com*>, > Cc: "*oauth@ietf.org*" <*oauth@ietf.org*> > Date: 05/29/2013 12:31 AM > Subject: Re: [OAUTH-WG] Device profile usage > Sent by: *oauth-bounces@ietf.org* > ------------------------------ > > > > The client is a native windows application, for instance, a document > editor like MS Word. > The editor can upload copies to the cloud (e.g. Amazon S3), then record > the version history and notes associated with each cloud copy to our cloud > service via our cloud application API (to be secured by OAuth access > tokens). > I think it's similar to the case with a media player application (like > VLC/Windows Media Player) that sends playlist/history info to the cloud via > some cloud application API. > I'm just not sure which of the 4 scenarios described in the OAuth spec > could fit in here... > > Thanks. > Vincent > > > On Wed, May 29, 2013 at 11:38 AM, Nat Sakimura <*sakimura@gmail.com*> > wrote: > A little more application and user context would help. > A use case, so to speak. > > Nat > > 2013/05/29 12:04、Vincent Tsang <*vincetsang@gmail.com*> のメッセージ: > > > Hi Hannes, > > > > Thanks for your reply. > > Actually I am new to OAuth and am simply trying to search for the best > industrial practice for granting access tokens when the client to our > application API is a simple windows applications, which in most cases runs > on PC's with web browser installed. > > Therefore the scenario doesn't quite match what is described in the > document, as the user doesn't need a separate machine to perform the > verification; it's just that the client application doesn't have internet > browsing capability itself (in this sense it's similar to the "device" > described in this document, though not quite) and so user needs to launch a > separate browser application. > > I ended up on this device profile spec just because it seems to match > closer to our scenario when compared to the 4 cases described in the OAuth > 2 spec, but it could be the case that I didn't understand it fully. > > Maybe I should rephrase my question: could someone please advice what > should be the best practice for granting OAuth tokens to clients which are > native windows applications? > > > > Thanks. > > Vincent > > > > _______________________________________________ > > OAuth mailing list > > *OAuth@ietf.org* > > *https://www.ietf.org/mailman/listinfo/oauth*<https://www.ietf.org/mailman/listinfo/oauth> > _______________________________________________ > OAuth mailing list* > **OAuth@ietf.org** > **https://www.ietf.org/mailman/listinfo/oauth*<https://www.ietf.org/mailman/listinfo/oauth> > >
- [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Hannes Tschofenig
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Nat Sakimura
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Lewis Adam-CAL022
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Vincent Tsang