Re: [OAUTH-WG] Definition of additional client profiles
"Richer, Justin P." <jricher@mitre.org> Thu, 02 October 2014 20:26 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FB061A6F38 for <oauth@ietfa.amsl.com>; Thu, 2 Oct 2014 13:26:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.685
X-Spam-Level:
X-Spam-Status: No, score=-2.685 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1oZVFJNrjy4O for <oauth@ietfa.amsl.com>; Thu, 2 Oct 2014 13:25:59 -0700 (PDT)
Received: from smtpvbsrv1.mitre.org (smtpvbsrv1.mitre.org [198.49.146.234]) by ietfa.amsl.com (Postfix) with ESMTP id 8B5021A02DE for <oauth@ietf.org>; Thu, 2 Oct 2014 13:25:59 -0700 (PDT)
Received: from smtpvbsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id D3BF4B2E176; Thu, 2 Oct 2014 16:25:58 -0400 (EDT)
Received: from IMCCAS02.MITRE.ORG (imccas02.mitre.org [129.83.29.79]) by smtpvbsrv1.mitre.org (Postfix) with ESMTP id C7EFFB2E063; Thu, 2 Oct 2014 16:25:58 -0400 (EDT)
Received: from IMCMBX01.MITRE.ORG ([169.254.1.195]) by IMCCAS02.MITRE.ORG ([129.83.29.69]) with mapi id 14.03.0174.001; Thu, 2 Oct 2014 16:25:58 -0400
From: "Richer, Justin P." <jricher@mitre.org>
To: Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com>
Thread-Topic: [OAUTH-WG] Definition of additional client profiles
Thread-Index: Ac/efif286mdd+gZQsiEK8NyldR6SAAInI4A
Date: Thu, 02 Oct 2014 20:25:57 +0000
Message-ID: <B68414D7-583B-47C9-8339-8F19A7458F12@mitre.org>
References: <2e05cf8c68364a3b94aca4b370af344d@DM2PR04MB735.namprd04.prod.outlook.com>
In-Reply-To: <2e05cf8c68364a3b94aca4b370af344d@DM2PR04MB735.namprd04.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.4.54]
Content-Type: multipart/alternative; boundary="_000_B68414D7583B47C983398F19A7458F12mitreorg_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/kwqGNjFc6I7xTqXtubgxlhefCVU
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Definition of additional client profiles
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Oct 2014 20:26:01 -0000
In BlueButton+ REST, we defined a matrix of client types based on whether the client could keep a configuration-time secret (the "registration_jwt", predecessor to the "software_statement") and a particular kind of runtime secret (the client secret) in addition to the token. That matrix is defined here: http://bluebuttontoolkit.healthit.gov/blue-button-plus-pull/ I've seen other attempts to categorize clients on similar lines: what can the client connect to, what can it keep secret, and from whom. -- Justin On Oct 2, 2014, at 4:19 PM, Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com<mailto:Adam.Lewis@motorolasolutions.com>> wrote: Hi, 6749 defines three client profiles which are mapped to either confidential or public client types. Have any new client profiles since been defined? And is there a process or place to put those additional profiles? For example I’m thinking about additional confidential client types, maybe a legacy WS-* WSC accessing a WS-* WSP, and that WSP is acting as a confidential client to a RESTful RS. Just curious if further definitions are being collected anywhere. I’m not sure if it really matters, maybe confidential is confidential, regardless of if it’s a web server or a WS-* WSP, but since the spec went as far as to define the client profiles then maybe there is a place to define more. Tx! adam _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Definition of additional client profil… Lewis Adam-CAL022
- Re: [OAUTH-WG] Definition of additional client pr… Richer, Justin P.
- Re: [OAUTH-WG] Definition of additional client pr… John Bradley