Re: [OAUTH-WG] Device profile usage
Nat Sakimura <sakimura@gmail.com> Wed, 29 May 2013 03:38 UTC
Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 652D721F8C40 for <oauth@ietfa.amsl.com>; Tue, 28 May 2013 20:38:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.478
X-Spam-Level:
X-Spam-Status: No, score=-1.478 tagged_above=-999 required=5 tests=[AWL=-1.121, BAYES_05=-1.11, MIME_BASE64_TEXT=1.753, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cd1y0e5ol+7G for <oauth@ietfa.amsl.com>; Tue, 28 May 2013 20:38:34 -0700 (PDT)
Received: from mail-lb0-f169.google.com (mail-lb0-f169.google.com [209.85.217.169]) by ietfa.amsl.com (Postfix) with ESMTP id 910E821F894E for <oauth@ietf.org>; Tue, 28 May 2013 20:38:33 -0700 (PDT)
Received: by mail-lb0-f169.google.com with SMTP id 10so8536379lbf.28 for <oauth@ietf.org>; Tue, 28 May 2013 20:38:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:from:mime-version:in-reply-to:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=glWOhqFPz49CiARYgDOXipcy2aJ762m4C+8aF2ZoVj4=; b=L3tPTZuCcBi1jq/B+OkE2kNgQ3VA5YWO6LDUbEenuCTIR8D++tUDGpXw0Qz/GoCO57 mbpwCGkElwp/kfUhTh8Zc0SXKge1LLhQH/1eZvPOM4zsPbUxPJYi3+nYDGhjOe7forJG TLMH9h7/YVa9oWmN5jOV2yiGwN3r5YTCfiZKkFRYEiB+UTDkogT/Rucp7+JXHgTbXll/ D7541SZnUhNcYjmQ8clZ5N+wq08Lv2cq44hn8JVVMtbTyCGAGJhhx7ntAS6yB9pQY/ko c98b6zm1YgNhmYAw13L5a4Wr6SUpsF0sLvTE3LS/g1ijdls1MqJY1vIB7KG/rT+vTac7 aLvw==
X-Received: by 10.112.35.69 with SMTP id f5mr577084lbj.105.1369798712100; Tue, 28 May 2013 20:38:32 -0700 (PDT)
References: <CANZRnTUyz6wo_5ZfghicGpNEm_=+Aw1=ChdNPdTvKkZS4YApNw@mail.gmail.com> <E625D418-5F83-41EB-BF65-09DEDF003C14@gmx.net> <CANZRnTUS4+_37EtA3bJFDvjWOC=iFzGk1PLHutzx1ijp9kMS_g@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
Mime-Version: 1.0 (1.0)
In-Reply-To: <CANZRnTUS4+_37EtA3bJFDvjWOC=iFzGk1PLHutzx1ijp9kMS_g@mail.gmail.com>
Date: Wed, 29 May 2013 12:38:28 +0900
Message-ID: <-8470720313341818373@unknownmsgid>
To: Vincent Tsang <vincetsang@gmail.com>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: base64
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Device profile usage
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2013 03:38:38 -0000
A little more application and user context would help. A use case, so to speak. Nat 2013/05/29 12:04、Vincent Tsang <vincetsang@gmail.com> のメッセージ: > Hi Hannes, > > Thanks for your reply. > Actually I am new to OAuth and am simply trying to search for the best industrial practice for granting access tokens when the client to our application API is a simple windows applications, which in most cases runs on PC's with web browser installed. > Therefore the scenario doesn't quite match what is described in the document, as the user doesn't need a separate machine to perform the verification; it's just that the client application doesn't have internet browsing capability itself (in this sense it's similar to the "device" described in this document, though not quite) and so user needs to launch a separate browser application. > I ended up on this device profile spec just because it seems to match closer to our scenario when compared to the 4 cases described in the OAuth 2 spec, but it could be the case that I didn't understand it fully. > Maybe I should rephrase my question: could someone please advice what should be the best practice for granting OAuth tokens to clients which are native windows applications? > > Thanks. > Vincent > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Hannes Tschofenig
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Nat Sakimura
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Lewis Adam-CAL022
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Vincent Tsang