Re: [OAUTH-WG] RAR & multiple resources?

Justin Richer <jricher@mit.edu> Tue, 14 January 2020 02:20 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7370512006B for <oauth@ietfa.amsl.com>; Mon, 13 Jan 2020 18:20:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y4l6HUM2l8Ow for <oauth@ietfa.amsl.com>; Mon, 13 Jan 2020 18:20:10 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01BDF12001B for <oauth@ietf.org>; Mon, 13 Jan 2020 18:20:09 -0800 (PST)
Received: from [192.168.1.16] (static-71-174-62-56.bstnma.fios.verizon.net [71.174.62.56]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 00E2K6GP030927 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 13 Jan 2020 21:20:07 -0500
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <CAD9ie-uEuvWv4Z1y-+JcebWcX69UMTN2ZNOQKWiQVOa=j8wtVg@mail.gmail.com>
Date: Mon, 13 Jan 2020 21:20:06 -0500
Cc: Torsten Lodderstedt <torsten@lodderstedt.net>, Brian Campbell <bcampbell@pingidentity.com>, oauth@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <11D44A57-1255-4DDB-807E-7E2DE7A47B74@mit.edu>
References: <CAD9ie-uEuvWv4Z1y-+JcebWcX69UMTN2ZNOQKWiQVOa=j8wtVg@mail.gmail.com>
To: Dick Hardt <dick.hardt@gmail.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/gao6Ii472SrV9UE48EDczCiDfQo>
Subject: Re: [OAUTH-WG] RAR & multiple resources?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2020 02:20:11 -0000

Multiple access tokens are outside the scope of RAR. The request is intended to describe the access for a single returned access token. If semantics for multiple access tokens are agreed upon, then it can use the RAR structure, the Resources parameter, and the Scope parameter all in parallel again.

 — Justin

> On Jan 13, 2020, at 8:31 PM, Dick Hardt <dick.hardt@gmail.com> wrote:
> 
> Torsten / Justin / Brian
> 
> In my reading of the ID, it appears that there is a request for just one access token, and the authorization_details array lists one or more resources that the one access token will provide access to. Correct?
> 
> I have heard anecdotally that there is interest in granting access to multiple resources, and having multiple access tokens, which would enable different components of a client to have different access tokens. 
> 
> Do you consider multiple access tokens out of scope of RAR?
> 
> /Dick