Re: [OAUTH-WG] OAuth Token Swap (token chaining)
Bill Burke <bburke@redhat.com> Tue, 24 March 2015 13:42 UTC
Return-Path: <bburke@redhat.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FB091A6FF1 for <oauth@ietfa.amsl.com>; Tue, 24 Mar 2015 06:42:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.912
X-Spam-Level:
X-Spam-Status: No, score=-6.912 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E09iCfUkfcES for <oauth@ietfa.amsl.com>; Tue, 24 Mar 2015 06:42:11 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01C841A6FCF for <oauth@ietf.org>; Tue, 24 Mar 2015 06:42:10 -0700 (PDT)
Received: from int-mx11.intmail.prod.int.phx2.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id t2ODgAUP000454 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for <oauth@ietf.org>; Tue, 24 Mar 2015 09:42:10 -0400
Received: from [10.10.51.120] (unused [10.10.51.120] (may be forged)) by int-mx11.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t2ODg9fs027933 for <oauth@ietf.org>; Tue, 24 Mar 2015 09:42:10 -0400
Message-ID: <551169B2.5020104@redhat.com>
Date: Tue, 24 Mar 2015 09:42:10 -0400
From: Bill Burke <bburke@redhat.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: oauth@ietf.org
References: <0C7C1508-DA58-4832-B755-F8BA1F153894@mit.edu> <CA+k3eCTW_hgw_T4JNpJ8mgAo5oOW7BPMZ7DgJoB8Cvye6x7iwg@mail.gmail.com>
In-Reply-To: <CA+k3eCTW_hgw_T4JNpJ8mgAo5oOW7BPMZ7DgJoB8Cvye6x7iwg@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.24
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/j4en-YlqYRpi9v64BaVnijHs1GM>
Subject: Re: [OAUTH-WG] OAuth Token Swap (token chaining)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2015 13:42:17 -0000
On 3/24/2015 8:55 AM, Brian Campbell wrote: > And here's the somewhat different take on token exchange that I > mentioned yesterday: > https://tools.ietf.org/html/draft-campbell-oauth-sts-01 > I'm unclear how your STS would work. Is your client required to go through the whole OAuth process to obtain an access token on behalf of the user before it can invoke on the STS? Or can it be granted tokens for any user out of band without user consent or user authorization? -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com
- [OAUTH-WG] OAuth Token Swap (token chaining) Justin Richer
- Re: [OAUTH-WG] OAuth Token Swap (token chaining) Brian Campbell
- Re: [OAUTH-WG] OAuth Token Swap (token chaining) Bill Burke
- Re: [OAUTH-WG] OAuth Token Swap (token chaining) Phil Hunt