[OAUTH-WG] Motivation for OAuth 2.0 Dynamic Client Registration Protocol

Adam Lewis <adam.lewis@motorolasolutions.com> Wed, 11 March 2015 05:26 UTC

Return-Path: <adam.lewis@motorolasolutions.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 620F61A01D5 for <oauth@ietfa.amsl.com>; Tue, 10 Mar 2015 22:26:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.943
X-Spam-Status: No, score=-0.943 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, IP_NOT_FRIENDLY=0.334] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 4wbCdRMaDDUJ for <oauth@ietfa.amsl.com>; Tue, 10 Mar 2015 22:26:52 -0700 (PDT)
Received: from mx0b-0019e102.pphosted.com (mx0b-0019e102.pphosted.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C2221A0121 for <oauth@ietf.org>; Tue, 10 Mar 2015 22:26:52 -0700 (PDT)
Received: from pps.filterd (m0074419.ppops.net []) by mx0b-0019e102.pphosted.com (8.14.7/8.14.7) with SMTP id t2B5OuDK002764 for <oauth@ietf.org>; Wed, 11 Mar 2015 00:26:51 -0500
Received: from mail-qc0-f174.google.com (mail-qc0-f174.google.com []) by mx0b-0019e102.pphosted.com with ESMTP id 1t2eetg1nr-1 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <oauth@ietf.org>; Wed, 11 Mar 2015 00:26:51 -0500
Received: by qcwr17 with SMTP id r17so7779047qcw.2 for <oauth@ietf.org>; Tue, 10 Mar 2015 22:26:50 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=6SlrvFGDYiJYUV3v6PxFfcz71Srt3wRQ0bmQAIdOw7I=; b=FvsUcVusY0ohlc03FRaNha6AxP6WeqhPiahqcVeG7JE1wqOZrOYkNlzOGIi1uKLiIK a34JY97lmokTTAclAqj2qaFS4gcSGHInJoEO4S14MZKASIZtz0ruJ6LOqYDGCsZl2+RN 98nyamd8mRHeeHgRG3IezgUr4+0Gs+81v/QqxvWjYJAK0eS9TL7gHhwkuDHFMhhke4X+ 1bLywue+O242izyVPYJxlHNWc/sD53fy84mIoIehbA+usMcwp2agHZ4AYgLJP+niW/ap FQOOyl8yng/Z/yVi+13CFcdQKuL46Y77e701bJa7b5NC4mhLUkiLqko2JwpFEcwP0uuP MLDQ==
X-Gm-Message-State: ALoCoQnRkJ4RT0V0uqq8xRj4h0P1+hWqxLP/F58lpa6p3EEVEHUiClDTT5pNPVBWe6H7M8oKzEnzBIeUIbAWwguYIubCc/7cfXXjmleX4Dkwpl6DJkYo1Qw=
X-Received: by with SMTP id q32mr54407625qkq.68.1426051610988; Tue, 10 Mar 2015 22:26:50 -0700 (PDT)
MIME-Version: 1.0
X-Received: by with SMTP id q32mr54407614qkq.68.1426051610901; Tue, 10 Mar 2015 22:26:50 -0700 (PDT)
Received: by with HTTP; Tue, 10 Mar 2015 22:26:50 -0700 (PDT)
Date: Wed, 11 Mar 2015 00:26:50 -0500
Message-ID: <CAOahYUx8zGRy7f7ZisRh8=tco1LYFKHxcy1iwKX8hfqt+3EfzQ@mail.gmail.com>
From: Adam Lewis <adam.lewis@motorolasolutions.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary=001a11494136b314780510fc83eb
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 kscore.is_bulkscore=5.37785371790278e-11 kscore.compositescore=0 circleOfTrustscore=0 compositescore=0.640908082233313 suspectscore=3 recipient_domain_to_sender_totalscore=0 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.640908082233313 recipient_to_sender_totalscore=0 recipient_domain_to_sender_domain_totalscore=0 spamscore=0 recipient_to_sender_domain_totalscore=0 urlsuspectscore=0.640908082233313 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1503110060
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/hlsx1BCNOzFwEX16wGUtBh_wfug>
Subject: [OAUTH-WG] Motivation for OAuth 2.0 Dynamic Client Registration Protocol
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 05:26:54 -0000


I am curious about the use cases that inspired this draft, as the
terminology that is defined within fits like a glove a use case that I
have, though the draft doesn't solve it it completely.

Namely the use case as I have is for the "client developer" to be able to
create a developer account with the "software API publisher" via  developer
portal, and to then make their client available for download on an app
store (e.g. Google Play), where it would be downloaded by a "deployment
organization" and finally run the client registration protocol.  This fits
our use case 90%, but we have a further use case that the "software API
deployment" is able to identify the "client developer" of the application
when executing in a "deployment organization."

I'm curious if that last part was ever identified as a use case for the