Re: [OAUTH-WG] Your Review of the Native Apps Draft

Erik Wahlström <erik@wahlstromstekniska.se> Fri, 06 November 2015 11:31 UTC

Return-Path: <erik@wahlstromstekniska.se>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 795B21B3A09 for <oauth@ietfa.amsl.com>; Fri, 6 Nov 2015 03:31:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.599
X-Spam-Level:
X-Spam-Status: No, score=-1.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XUkzHSEeodLF for <oauth@ietfa.amsl.com>; Fri, 6 Nov 2015 03:31:49 -0800 (PST)
Received: from mail-lf0-x236.google.com (mail-lf0-x236.google.com [IPv6:2a00:1450:4010:c07::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 647301B3A08 for <oauth@ietf.org>; Fri, 6 Nov 2015 03:31:49 -0800 (PST)
Received: by lfs39 with SMTP id 39so40708991lfs.3 for <oauth@ietf.org>; Fri, 06 Nov 2015 03:31:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wahlstromstekniska_se.20150623.gappssmtp.com; s=20150623; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=ZkcG4fOC7c6zwxHNTPiF6ewbN4PjLqlQBO5vCzplj5I=; b=lngXLT6I6Gls+DlnjnFxeeKJ+9jkoKlqvUg8s4ASKslB9YR3lEnLwrtu97aMIeiCi9 CpTg++GmocLsC8l94nx//+p0MIDANTi3qEFTZiDu/Rdo54M/JOgbnQPEqmw7lg6X8PLN EcJ8qCIcSxykc77xcnH1zHXqi+CJmxksZDo6J2eNusEEraPS7+jI9ZooPq9Evg0NiLIp DWaPDN/JqV3Qu99se98yphx/m4xEl/qucutFItpPVA3hpEJ10oWxEqjl3/ihT/QtlLxp De4PW/4DkQENYXA4rMpL19s9moi0cRVOd+C7Whrv+XODm+gC3US6BhlYbJEq6reKEtqV rfRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=ZkcG4fOC7c6zwxHNTPiF6ewbN4PjLqlQBO5vCzplj5I=; b=CF3ZLipG6mEsrDrgB9rr4a0uaXsoh+B6/qFOmt6u8eSwPCI0zrhiwP/U2IdpsGHvll 9zw15ihlcnnn2Ki053Osoj53E0T4jhDLGfZQ4BihEmQ2JTee6CVAJqvkgXH9BqzRp0pw 4pgICxeaxgPC1Bebflg+7DY9zBGl5rdljRl0XNxUnA+egRGdwzx9pUxw6WRXi66YmWu6 nRBIaVOjPwoNHo+1hwvxFPi+ArnExzxxXUj2i3wI+bcpBCgqlzmgYG8r51AsOfr31ya/ Wvn0p+HIMD9/VWuGR0ZYrrqdYuN9bBqmh36/4Fi6RklLYQKG4uApeEycInO5dm6mufof XKhA==
X-Gm-Message-State: ALoCoQnaLEQzuEiWre6ByZ22KwgC9mO2xpa/o0dlpioH90PpVgDlyIn+V+jxi5pzDhwrf9VgjsLQ
X-Received: by 10.25.21.26 with SMTP id l26mr3980289lfi.122.1446809507106; Fri, 06 Nov 2015 03:31:47 -0800 (PST)
Received: from [192.168.1.4] (37-247-26-197.customers.ownit.se. [37.247.26.197]) by smtp.gmail.com with ESMTPSA id c7sm1288228lfe.22.2015.11.06.03.31.46 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 06 Nov 2015 03:31:46 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_50411C8A-A32F-45F4-A529-923D86A20C19"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: =?utf-8?Q?Erik_Wahlstr=C3=B6m?= <erik@wahlstromstekniska.se>
In-Reply-To: <563BFBDB.4050101@gmx.net>
Date: Fri, 6 Nov 2015 12:31:45 +0100
Message-Id: <D5464DB8-5B9A-4AA7-B69F-37FAFC6B5582@wahlstromstekniska.se>
References: <563BFBDB.4050101@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/m2ioWqzKIPjJwTmyTApbcrMk6pc>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Your Review of the Native Apps Draft
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 11:31:51 -0000

I posted my review comments here https://www.ietf.org/mail-archive/web/oauth/current/msg14835.html <https://www.ietf.org/mail-archive/web/oauth/current/msg14835.html>

Reposing it because the first comment in my review is also the same question I asked in this meeting. The problem is mainly a usability issue that needs some good recommendations in the draft. What happens to your app if the browser starts other apps to complete an authentication flow when the user comes back? The document need a note that this should be handled in some good way when the app is resumed again. I can try it out in a demo app we have that uses different eID’s (some apps) for authentication to see if it’s possible to figure out some good practices if that’s of interest.

/ Erik



> On 06 Nov 2015, at 02:01, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> 
> I just checked the minutes from the Prague IETF meeting and noticed that
> Tony, Brian, Erik, Nat, and Eduardo promised to review the native apps
> draft and post their review comments to the list.
> 
> Could you please do your reviews?
> 
> Ciao
> Hannes
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth