Re: [OAUTH-WG] a question on authorization to resource and scope in request
Håvard Geithus <havardge@comoyo.com> Fri, 10 August 2012 07:52 UTC
Return-Path: <havardge@comoyo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBE9621F85BB for <oauth@ietfa.amsl.com>; Fri, 10 Aug 2012 00:52:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.676
X-Spam-Level:
X-Spam-Status: No, score=-2.676 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7RLFWZE36xsL for <oauth@ietfa.amsl.com>; Fri, 10 Aug 2012 00:52:47 -0700 (PDT)
Received: from mail-gg0-f172.google.com (mail-gg0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 425AA21F853C for <oauth@ietf.org>; Fri, 10 Aug 2012 00:52:47 -0700 (PDT)
Received: by ggnh4 with SMTP id h4so1423681ggn.31 for <oauth@ietf.org>; Fri, 10 Aug 2012 00:52:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=ME1ytjVd/BdvnLQ7xEoZRaVwMS5y3W4hAbhtVB8F94M=; b=XqoAYqkJ+xBiVyQmQbnKUIuVk8AM+KYG7dLPctJ0WtyWayJLFhLpWCS0ugZaqV0Spq ZgZzzPXWuZzbbB9PfPFY/0r/0rOI1SvVggvLBkRytwkSvZ1Sl1Qovhg45Qi8OOnOu69H vMofs8H2AT4+wNAVtG2ExgRem9spp+BTe0IcTm5Q4gO/t3Rvh69LPEEBSPT6aCmn1m70 6WYgKa57PLGQ9M1J82prPDozM0yB3CLS1S0jni0zS49IbPuRf1DoPVREkJfNJ1L0WhBq qoyV/ZE9PR14/F99E4HxLU1lShQk48PdTe5dA/EtgZvK6SudaaRLNCouXHB/XpU7bLy4 uRJA==
Received: by 10.50.149.134 with SMTP id ua6mr990227igb.11.1344585166593; Fri, 10 Aug 2012 00:52:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.231.253.13 with HTTP; Fri, 10 Aug 2012 00:52:26 -0700 (PDT)
In-Reply-To: <CAFR5NC8qB3btcq6njeLqODP8Dsc4ZChOkqsz5G0Z9YBq2EvPeA@mail.gmail.com>
References: <OFD1C31C20.08E26086-ON48257A56.002562A1-48257A56.0025E9A1@zte.com.cn> <CAFR5NC8qB3btcq6njeLqODP8Dsc4ZChOkqsz5G0Z9YBq2EvPeA@mail.gmail.com>
From: Håvard Geithus <havardge@comoyo.com>
Date: Fri, 10 Aug 2012 09:52:26 +0200
Message-ID: <CAFR5NC9O4+XzdCdk1JBEz-+oNm+BdH8i_fXC+Es=uHdBHrM_yg@mail.gmail.com>
To: zhou.sujing@zte.com.cn
Content-Type: multipart/alternative; boundary="e89a8f23554d399d7604c6e4a101"
X-Gm-Message-State: ALoCoQkAs9xb4vdgh5FJt5vufQte108dpUTln+AUcd9WsrKzPi9oc+radqWNdEp4neT5+UcVL6/T
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] a question on authorization to resource and scope in request
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Aug 2012 07:52:48 -0000
Replace "authentication server" with "authorization server" in the previous message ;) On Fri, Aug 10, 2012 at 9:50 AM, Håvard Geithus <havardge@comoyo.com> wrote: > Hi, > > Either the resource server can ask the authentication server for > information associated with the token (e.g. resource owner's id and scope) > or this information can be encrypted into the token string. The scope > defines what resources, and resource owner id defines whose resource. At > least that's how I *think* it is. > > On Fri, Aug 10, 2012 at 8:53 AM, <zhou.sujing@zte.com.cn> wrote: > >> >> Hi, all >> I wonder how an access token is bound with the required resource item, >> I cann't see any field specifying the requested resource in request for >> authorization token and access token. >> Is "scope" relevant with this? >> >> Regards~~~ >> >> -Sujing Zhou >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> >
- [OAUTH-WG] a question on authorization to resourc… zhou.sujing
- Re: [OAUTH-WG] a question on authorization to res… Håvard Geithus
- Re: [OAUTH-WG] a question on authorization to res… Håvard Geithus