Re: [OAUTH-WG] 2 Leg with OAuth 2.0

William Mills <wmills@yahoo-inc.com> Tue, 29 November 2011 21:00 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3ED8D21F84B0 for <oauth@ietfa.amsl.com>; Tue, 29 Nov 2011 13:00:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.196
X-Spam-Level:
X-Spam-Status: No, score=-17.196 tagged_above=-999 required=5 tests=[AWL=0.402, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KElQg4l2+zBQ for <oauth@ietfa.amsl.com>; Tue, 29 Nov 2011 13:00:31 -0800 (PST)
Received: from nm38-vm4.bullet.mail.ne1.yahoo.com (nm38-vm4.bullet.mail.ne1.yahoo.com [98.138.229.148]) by ietfa.amsl.com (Postfix) with SMTP id E050C1F0C84 for <oauth@ietf.org>; Tue, 29 Nov 2011 13:00:30 -0800 (PST)
Received: from [98.138.90.51] by nm38.bullet.mail.ne1.yahoo.com with NNFMP; 29 Nov 2011 21:00:27 -0000
Received: from [98.138.88.233] by tm4.bullet.mail.ne1.yahoo.com with NNFMP; 29 Nov 2011 21:00:27 -0000
Received: from [127.0.0.1] by omp1033.mail.ne1.yahoo.com with NNFMP; 29 Nov 2011 21:00:27 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 485011.31109.bm@omp1033.mail.ne1.yahoo.com
Received: (qmail 45768 invoked by uid 60001); 29 Nov 2011 21:00:27 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1322600426; bh=SeJTSSZ8gu3ivSrmnczHB93wCG2y2pi0EYoy0baQER4=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=nzR+wMGstS2W4WvsN9W86jyrZB4LsUbp3i5Em5hMg9JVt8d2Vu/DOUE2+EZY99NKNBa2ykCB8lnIHcJ3AuOuy/bLKG5zmbqIhXqrHD/N3ing0ZRuc3yLiJnqoWhqAGicBQbfzrJ9fOLyI3LNqxeP9I4qsLEe3lwKOLAsQia6q0Y=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=HZG59y00tTd/mD6zoY3D3JyvACUNmOsPmGhn/0xNS60TuMGsMICdVtXZbkP89pB4rVQmfU387rzfzhHpyhHXkXTz1uPrmEroquxNvIGDdHW74sF4JcIvDh0jSVg8mW/JDz4xe1wo68Dv8wXLe+1HiumXHDsCh+E2yz5qfMpSYnQ=;
X-YMail-OSG: KWA.spUVM1mt3ABnEIgsUNxHAvNO_bpPsowMqh0VgPcvJUV fsuHsI_ceeDSotzD4PAa1e__NK13ke90Wnby6.fgfxt6QHJUQOtSButVUJik WRPpJ.53NbS9FbUeiTu6tw9yQCmOzG6sxA6KbL5iUAQQgcdOeSkanFHGNrUE slrY2kGQN.ztJuKXOuhgCtWS9MY39zHe.nPUbhy.La82lR5qSFBhvT.HgMiS 2LbbiEZcKOtjyXnX0c8UDTCBLjTf8x70PCk_AaSyglCdVNlwRxBDZuB9qL8j dbxQybeMTRGxypB_V2juOox35kx8PUhte6sGMIFTUZ9M5os1DA_.q.Nvl6VK 9YoDGIC7NV_BXVJSv8e.c8IuDSZfn8Knx7pxC7nRBSRAy9m.XC3nAMTbVkmD NaRvgXpKEdIuh8VWmCdmV7MoxYM.7kOhvFDA-
Received: from [209.131.62.115] by web31812.mail.mud.yahoo.com via HTTP; Tue, 29 Nov 2011 13:00:26 PST
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.116.331537
References: <CAK04b078ohKScZWEd-fJpiO73GFP-fOd+Lu8su-_nZs_KrKgbg@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723452856C6DBE@P3PW5EX1MB01.EX1.SECURESERVER.NET> <CAK04b06gNf5Qe3ndagzCM6C36v52p2NGCteD=AdMktSoCDgawA@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723452856C6DD1@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Message-ID: <1322600426.39892.YahooMailNeo@web31812.mail.mud.yahoo.com>
Date: Tue, 29 Nov 2011 13:00:26 -0800 (PST)
From: William Mills <wmills@yahoo-inc.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>, Brian Hawkins <brian@lingotek.com>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723452856C6DD1@P3PW5EX1MB01.EX1.SECURESERVER.NET>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1458549034-1369596047-1322600426=:39892"
Subject: Re: [OAUTH-WG] 2 Leg with OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2011 21:00:35 -0000

MAC would be more appropriate in my opinion for this.  



________________________________
 From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Brian Hawkins <brian@lingotek.com>om>; "oauth@ietf.org" <oauth@ietf.org> 
Sent: Tuesday, November 29, 2011 12:38 PM
Subject: Re: [OAUTH-WG] 2 Leg with OAuth 2.0
 

Both MAC and Bearer work in this setup, just think of them as HMAC-SHA-1 and PLAINTEXT in OAuth 1.0. In Bearer, your token is the client secret and in MAC, the client secret is the key.
 
EHL
 
From:oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Brian Hawkins
Sent: Tuesday, November 29, 2011 12:28 PM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] 2 Leg with OAuth 2.0
 
Maybe I'm making this harder then it should be.  
 
Here is the situation:  Site A and B both trust each other.  Site A needs to update user information at site B.
 
With OAuth 1.0 Site A would use it's consumer key and secret to sign the update call to Site B (no access token involved).  Only one message is sent.
 
The closest I can come to the above with OAuth 2.0 is to use the MAC token scheme and sign the request with the consumer secret.  Is that valid?  I kind of get the idea that the protocol doesn't care.
 
It feels like the bearer scheme just doesn't work for what I'm trying to do.
 
Thanks
 
Brian
On Tue, Nov 29, 2011 at 1:06 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
This functionality can be implemented in two main ways:
 
1.       Using the client credentials flow to get an access token, then using the protocol as usual
2.       Just using the Bearer (over SSL) or MAC token schemes without the rest of OAuth
 
EHL
 
From:oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Brian Hawkins
Sent: Tuesday, November 29, 2011 11:49 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] 2 Leg with OAuth 2.0
 
I'm having trouble finding information on how to do 2leg authentication with OAuth 2.0.  Does it even support it?
 
Thanks
Brian
 
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth