IETF Logo Mail Archive

Re: [OAUTH-WG] Client cannot specify the token type it needs

Eve Maler <eve@xmlgrrl.com> Wed, 23 January 2013 17:23 UTC

Return-Path: <eve@xmlgrrl.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F22F321F85EA for <oauth@ietfa.amsl.com>; Wed, 23 Jan 2013 09:23:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.067
X-Spam-Level:
X-Spam-Status: No, score=-0.067 tagged_above=-999 required=5 tests=[AWL=-1.225, BAYES_00=-2.599, FROM_DOMAIN_NOVOWEL=0.5, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45, SARE_URI_CONS7=0.306, URI_NOVOWEL=0.5]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nzk9vfFYgqu9 for <oauth@ietfa.amsl.com>; Wed, 23 Jan 2013 09:23:50 -0800 (PST)
Received: from mail.promanage-inc.com (eliasisrael.com [50.47.36.5]) by ietfa.amsl.com (Postfix) with ESMTP id E3E0B21F85C3 for <oauth@ietf.org>; Wed, 23 Jan 2013 09:23:49 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.promanage-inc.com (Postfix) with ESMTP id B5E699A6FF4; Wed, 23 Jan 2013 09:23:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at promanage-inc.com
Received: from mail.promanage-inc.com ([127.0.0.1]) by localhost (greendome.promanage-inc.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V6U-G68rPSVF; Wed, 23 Jan 2013 09:23:45 -0800 (PST)
Received: from [192.168.168.111] (unknown [192.168.168.111]) by mail.promanage-inc.com (Postfix) with ESMTPSA id 4DB699A6FDB; Wed, 23 Jan 2013 09:23:45 -0800 (PST)
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
Content-Type: multipart/alternative; boundary="Apple-Mail=_12E8E9D3-ACA9-473F-87A0-4FA10AB7B99C"
From: Eve Maler <eve@xmlgrrl.com>
In-Reply-To: <CAJV9qO-D=9-Dbi8Rp8fdXYSYOMeNhfVbSmk2_u3z=Vy3tiyzLw@mail.gmail.com>
Date: Wed, 23 Jan 2013 09:23:44 -0800
Message-Id: <9034B9E7-B35F-4647-AF59-0DD222A3C60C@xmlgrrl.com>
References: <1358744919.12881.YahooMailNeo@web31811.mail.mud.yahoo.com> <OFCCDF8F10.8CEE85DE-ON48257AFA.001CFDB1-48257AFA.001D2C4E@zte.com.cn> <CAJV9qO-D=9-Dbi8Rp8fdXYSYOMeNhfVbSmk2_u3z=Vy3tiyzLw@mail.gmail.com>
To: Prabath Siriwardena <prabath@wso2.com>
X-Mailer: Apple Mail (2.1499)
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Client cannot specify the token type it needs
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jan 2013 17:23:52 -0000

FWIW, some of us have made a proposal for exactly this type of standardized AS/RS communication:

http://tools.ietf.org/html/draft-hardjono-oauth-resource-reg-00

The UMA profile refers normatively to this spec, and at that higher profile-specific level, it has an extensive set of AS configuration data that includes a way to declare token types supported. It could make sense for an RS to register its preferences for token types supported among those declared in the AS config data. Should this "preferred token type" semantic should be sedimented down to the "draft-hardjono-oauth-resource-reg" level?

	Eve

On 20 Jan 2013, at 9:29 PM, Prabath Siriwardena <prabath@wso2.com> wrote:

> Think about a distributed setup. You have single Authorization Server and multiple Resource Servers.
> 
> Although OAuth nicely decouples AS from RS - AFAIK there is no standard established for communication betweens AS and RS - how to declare metadata between those.
> 
> Also there can be Resource Servers which support multiple token types. It could vary on APIs hosted in a given RS.
> 
> Thanks & regards,
> -Prabath
> 
> 
> On Mon, Jan 21, 2013 at 10:48 AM, <zhou.sujing@zte.com.cn> wrote:
> 
> The token type shoulbe decided by resource server, which consumes access token. 
> Client just re-tell the requested token type to AS. 
> Client should not specify the token type. 
> 
> 
> oauth-bounces@ietf.org 写于 2013-01-21 13:08:39:
> 
> 
> > This is true.  It's possible for the AS to vary it's behavior on 
> > scope name, but it's presumed the AS and RS have an agreement of 
> > what token type is in play.  Likely a good extension to the spec.
> 
> > 
> > From: Prabath Siriwardena <prabath@wso2.com>
> > To: "oauth@ietf.org WG" <oauth@ietf.org> 
> > Sent: Sunday, January 20, 2013 7:28 PM
> > Subject: [OAUTH-WG] Client cannot specify the token type it needs
> 
> > 
> > Although token type is extensible according to the OAuth core 
> > specification - it is fully governed by the Authorization Server. 
> > 
> > There can be a case where a single AS supports multiple token types 
> > based on client request. 
> > 
> > But currently we don't have a way the client can specify (or at 
> > least suggest) which token type it needs in the OAuth access token request ? 
> > 
> > Is this behavior intentional ? or am I missing something... 
> > 
> > Thanks & Regards,
> > Prabath 
> > 
> > Mobile : +94 71 809 6732 
> > 
> > http://blog.facilelogin.com
> > http://RampartFAQ.com 
> > 
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> > 
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> 
> 
> 
> -- 
> Thanks & Regards,
> Prabath
> 
> Mobile : +94 71 809 6732 
> 
> http://blog.facilelogin.com
> http://RampartFAQ.com
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth


Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl

v2.20.3 | Report a Bug | By Email