IETF Logo Mail Archive

Re: [OAUTH-WG] SSO scenario

Justin Karneges <justin@affinix.com> Wed, 31 August 2011 21:13 UTC

Return-Path: <justin@affinix.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61F5821F8EF5 for <oauth@ietfa.amsl.com>; Wed, 31 Aug 2011 14:13:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EEdIhFNUkZs9 for <oauth@ietfa.amsl.com>; Wed, 31 Aug 2011 14:13:33 -0700 (PDT)
Received: from homiemail-a38.g.dreamhost.com (caiajhbdcbbj.dreamhost.com [208.97.132.119]) by ietfa.amsl.com (Postfix) with ESMTP id A276921F8EF3 for <oauth@ietf.org>; Wed, 31 Aug 2011 14:13:33 -0700 (PDT)
Received: from homiemail-a38.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTP id 81EE510AFAD; Wed, 31 Aug 2011 14:15:02 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=affinix.com; h=from:to:subject :date:cc:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; q=dns; s=affinix.com; b=K ihGpN255cq2qFxSF73RlC//1SqmaE4d9eIfqi73QPFhjbTSMMUCleBJ5yX2w7shg MA8OMCHxvQwdt5cq4IfwjZ9gvYqYkxfyCWjHL17oQ2bRQUoN4nel7t52N25cHTc2 az2es1dfwEP+LC5hkWVpwB4R2pLuzHnjZp34YoOkYk=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=affinix.com; h=from:to :subject:date:cc:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; s= affinix.com; bh=Fj5O07JWt0lwd3Yd1md2qSiH0Go=; b=ghOxIXbsEdWWejj3 j7Y+k4/qv1jqMSXi2TFszTGnwuJmfcbx1fW8zaZ2MGDeDKl+gfMGfd/iOXeULVYv g+f10q+LkcryCPjTQIF3FWpuqYa9vKjmwhrL9xoMYhyKfJxlEnvpTMVFiMWE7kPC f+gy3vxVlfVYZfu+MpzBewf74fw=
Received: from purelace.localnet (andross.dreamhost.com [75.119.221.126]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: justin@affinix.com) by homiemail-a38.g.dreamhost.com (Postfix) with ESMTPSA id 694D110AFA1; Wed, 31 Aug 2011 14:15:02 -0700 (PDT)
From: Justin Karneges <justin@affinix.com>
To: George Fletcher <gffletch@aol.com>
Date: Wed, 31 Aug 2011 14:15:01 -0700
User-Agent: KMail/1.13.6 (Linux/2.6.38-11-generic; KDE/4.6.2; x86_64; ; )
References: <201108261604.57643.justin@affinix.com> <201108311358.07248.justin@affinix.com> <4E5EA236.9080904@aol.com>
In-Reply-To: <4E5EA236.9080904@aol.com>
MIME-Version: 1.0
Content-Type: Text/Plain; charset="iso-8859-15"
Content-Transfer-Encoding: 7bit
Message-Id: <201108311415.01737.justin@affinix.com>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] SSO scenario
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Aug 2011 21:13:34 -0000

On Wednesday, August 31, 2011 02:05:58 PM George Fletcher wrote:
> You could also use a signed JWT returned by the resource owner (web
> site) to be presented to the resource server (widget provider) that the
> resource server can validate (e.g. verify the signature). The JWT can
> contain scopes, expiry time, etc as needed. If the widget provider needs
> to access services at the resource owner, the JWT can contain an
> appropriate access_token for the user.

Interesting, I was not aware of JSON Web Tokens until now.  Is there a 
relationship to OAuth?  Are they at odds or serve different purposes?

Justin

v2.23.0 | Report a Bug | By Email