Re: [OAUTH-WG] Client cannot specify the token type it needs

Prabath Siriwardena <prabath@wso2.com> Mon, 21 January 2013 05:29 UTC

Return-Path: <prabath@wso2.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 71DF921F8584 for <oauth@ietfa.amsl.com>; Sun, 20 Jan 2013 21:29:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.526
X-Spam-Level:
X-Spam-Status: No, score=-0.526 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KzET8OJdXPYH for <oauth@ietfa.amsl.com>; Sun, 20 Jan 2013 21:29:07 -0800 (PST)
Received: from mail-ee0-f52.google.com (mail-ee0-f52.google.com [74.125.83.52]) by ietfa.amsl.com (Postfix) with ESMTP id 20EB121F857A for <oauth@ietf.org>; Sun, 20 Jan 2013 21:29:06 -0800 (PST)
Received: by mail-ee0-f52.google.com with SMTP id b15so2611960eek.11 for <oauth@ietf.org>; Sun, 20 Jan 2013 21:29:06 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=Et3q1qDpB0o7W6SQr8Dt9X/8cuCJzZUHhZzVw9ez7Uk=; b=pVV/YzxYDyt/1Mb9D5MQ0qWzXOZ5zA/+haD1ZLWSxNPocrXOOoOLqtYCm2OMYIJ2gL +TJS5cerin8Ats13SDvl3IYVIUEle5cEzy+Mo9B4KgNzIjba3lS29vX6bw/4ztRP59PJ JBGHFS4FE0HAG3ZH9flflsK0jxUILp3uz4iZ0/lHACaEaxzjc5VgiHv5zKnOV9eMsOXa Ol6hjfpiKdM6bXWrFSrjQ1ukRiXv3PXDUiHQEgEvzYXc7rMXvFlkfkNj3LBoiHsRoP6B 99CtIFAKZuGx6rc6jmSMtrd1spzysrDyVmXVBE8xKxbbYGnwdLNp2wYey91ODOPR26Gv cjHw==
MIME-Version: 1.0
X-Received: by 10.14.205.198 with SMTP id j46mr56737729eeo.27.1358746145907; Sun, 20 Jan 2013 21:29:05 -0800 (PST)
Received: by 10.223.194.4 with HTTP; Sun, 20 Jan 2013 21:29:05 -0800 (PST)
In-Reply-To: <OFCCDF8F10.8CEE85DE-ON48257AFA.001CFDB1-48257AFA.001D2C4E@zte.com.cn>
References: <1358744919.12881.YahooMailNeo@web31811.mail.mud.yahoo.com> <OFCCDF8F10.8CEE85DE-ON48257AFA.001CFDB1-48257AFA.001D2C4E@zte.com.cn>
Date: Mon, 21 Jan 2013 10:59:05 +0530
Message-ID: <CAJV9qO-D=9-Dbi8Rp8fdXYSYOMeNhfVbSmk2_u3z=Vy3tiyzLw@mail.gmail.com>
From: Prabath Siriwardena <prabath@wso2.com>
To: zhou.sujing@zte.com.cn
Content-Type: multipart/alternative; boundary=047d7b3438ea5de55f04d3c5bd41
X-Gm-Message-State: ALoCoQkEkZ3KVd/EQWwHz1SnzW79TzlhszctnDVrpmGjTylvauyqTGYTS0uMFJWh0L04UNcmnES5
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Client cannot specify the token type it needs
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jan 2013 05:29:08 -0000

Think about a distributed setup. You have single Authorization Server and
multiple Resource Servers.

Although OAuth nicely decouples AS from RS - AFAIK there is no standard
established for communication betweens AS and RS - how to declare metadata
between those.

Also there can be Resource Servers which support multiple token types. It
could vary on APIs hosted in a given RS.

Thanks & regards,
-Prabath


On Mon, Jan 21, 2013 at 10:48 AM, <zhou.sujing@zte.com.cn> wrote:

>
> The token type shoulbe decided by resource server, which consumes access
> token.
> Client just re-tell the requested token type to AS.
> Client should not specify the token type.
>
>
> oauth-bounces@ietf.org 写于 2013-01-21 13:08:39:
>
>
> > This is true.  It's possible for the AS to vary it's behavior on
> > scope name, but it's presumed the AS and RS have an agreement of
> > what token type is in play.  Likely a good extension to the spec.
>
> >
> > From: Prabath Siriwardena <prabath@wso2.com>
> > To: "oauth@ietf.org WG" <oauth@ietf.org>
> > Sent: Sunday, January 20, 2013 7:28 PM
> > Subject: [OAUTH-WG] Client cannot specify the token type it needs
>
> >
> > Although token type is extensible according to the OAuth core
> > specification - it is fully governed by the Authorization Server.
> >
> > There can be a case where a single AS supports multiple token types
> > based on client request.
> >
> > But currently we don't have a way the client can specify (or at
> > least suggest) which token type it needs in the OAuth access token
> request ?
> >
> > Is this behavior intentional ? or am I missing something...
> >
> > Thanks & Regards,
> > Prabath
> >
> > Mobile : +94 71 809 6732
> >
> > http://blog.facilelogin.com
> > http://RampartFAQ.com
> >
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> >
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
>



-- 
Thanks & Regards,
Prabath

Mobile : +94 71 809 6732

http://blog.facilelogin.com
http://RampartFAQ.com