[OAUTH-WG] Cross Platform Authentication - OAuth 2.0 Device Flow

"Barroco, Michael" <barroco@ebu.ch> Mon, 07 March 2016 08:44 UTC

Return-Path: <barroco@ebu.ch>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id AF07D1B37C4 for <oauth@ietfa.amsl.com>; Mon, 7 Mar 2016 00:44:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.502
X-Spam-Status: No, score=-1.502 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id z18fxrlIq-zR for <oauth@ietfa.amsl.com>; Mon, 7 Mar 2016 00:43:59 -0800 (PST)
Received: from mailgate4.ebu.ch (mailgate4.ebu.ch []) by ietfa.amsl.com (Postfix) with ESMTP id 316141B37C1 for <oauth@ietf.org>; Mon, 7 Mar 2016 00:43:58 -0800 (PST)
Received: from smtp2010.ebu.ch (HELO mailprd.gva.ebu.ch) ([]) by mailgate4.ebu.ch with ESMTP/TLS/AES128-SHA; 07 Mar 2016 09:43:56 +0100
Received: from MAILDRS.gva.ebu.ch ([]) by mailprd.gva.ebu.ch ([fe80::d915:3098:d72d:8897%18]) with mapi id 14.03.0266.001; Mon, 7 Mar 2016 09:43:56 +0100
From: "Barroco, Michael" <barroco@ebu.ch>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Cross Platform Authentication - OAuth 2.0 Device Flow
Thread-Index: AdF4TUn5WIPc0D1oRLui+Bm5k9YcEw==
Date: Mon, 7 Mar 2016 08:43:56 +0000
Message-ID: <CC7B7F77D9F6E54BABF2A05AB03C1E7AF177FCD7@maildrs.gva.ebu.ch>
Accept-Language: en-US, fr-CH
Content-Language: en-US
x-originating-ip: []
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/iMZCgRB1YkOGH5UsvzUStHBA9hQ>
Cc: "tvp-cpa@list.ebu.ch" <tvp-cpa@list.ebu.ch>
Subject: [OAUTH-WG] Cross Platform Authentication - OAuth 2.0 Device Flow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Mar 2016 08:44:02 -0000

Dear all,

We are contacting you because we noticed that you recently restarted the work on OAuth 2.0 Device Flow. We are in the process of publishing an ETSI standard [1] specifying a protocol with very similar goals. This has been developed by an EBU (European Broadcasting Union) working group involving broadcasters, such as BBC, SRG-RTS, VRT, RTVE, TVP, Global Radio UK, and device manufacturers.

Our work on the “Cross Platform Authentication” protocol targets media devices, such as connected TVs and radio receivers. It is based on the early OAuth 2.0 Device Flow draft, but includes additional features driven by broadcast industry requirements. These include: dynamic registration of clients, dynamic discovery of the authorization provider, and issuing of access tokens without requiring association with a user account in order to provide device-based authentication that does not require user sign-in or pairing. Our draft protocol specification is available here [2].

Cross Platform Authentication also specifies several aspects left open to implementers in OAuth 2.0, such as endpoint URL paths, to facilitate interoperability. Also note that reference implementations are available [3].

We would be very interested in working together with you to explain our design requirements and try to align our protocol designs.

With best regards,

The EBU Cross Platform Authentication group


[1] https://portal.etsi.org/webapp/WorkProgram/Report_WorkItem.asp?WKI_ID=47970

[2] https://tech.ebu.ch/docs/tech/tech3366.pdf

[3] https://tech.ebu.ch/code/cpa

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error, please notify the system manager. This footnote also confirms that this email message has been swept by the mailgateway