IETF Logo Mail Archive

Re: [OAUTH-WG] Alternative Upgrade Flow

Justin Richer <jricher@mitre.org> Fri, 16 July 2010 17:03 UTC

Return-Path: <jricher@mitre.org>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A91833A6A0C for <oauth@core3.amsl.com>; Fri, 16 Jul 2010 10:03:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.438
X-Spam-Level:
X-Spam-Status: No, score=-6.438 tagged_above=-999 required=5 tests=[AWL=0.161, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kRx71R+Wi7Qb for <oauth@core3.amsl.com>; Fri, 16 Jul 2010 10:03:36 -0700 (PDT)
Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191]) by core3.amsl.com (Postfix) with ESMTP id 0DF5F3A69C8 for <oauth@ietf.org>; Fri, 16 Jul 2010 10:03:35 -0700 (PDT)
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id o6GH3lBU023587 for <oauth@ietf.org>; Fri, 16 Jul 2010 13:03:47 -0400
Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id o6GH3lEs023584; Fri, 16 Jul 2010 13:03:47 -0400
Received: from [129.83.50.65] (129.83.50.65) by imchub1.MITRE.ORG (129.83.29.73) with Microsoft SMTP Server id 8.2.254.0; Fri, 16 Jul 2010 13:03:46 -0400
From: Justin Richer <jricher@mitre.org>
To: Marius Scurtescu <mscurtescu@google.com>
In-Reply-To: <AANLkTinkyTjzPVYHqjIXIut17RyLc7Aehuqpv1sgrTtV@mail.gmail.com>
References: <1279298904.11628.74.camel@localhost.localdomain> <AANLkTinkyTjzPVYHqjIXIut17RyLc7Aehuqpv1sgrTtV@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Date: Fri, 16 Jul 2010 13:03:46 -0400
Message-ID: <1279299826.11628.81.camel@localhost.localdomain>
MIME-Version: 1.0
X-Mailer: Evolution 2.28.3
Content-Transfer-Encoding: 7bit
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Alternative Upgrade Flow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jul 2010 17:03:37 -0000

Oh hey, so you did. And I even agreed to it back then! Yeah, let's
update it. Between this and the other proposed upgrade flow, we should
cover most ways people would want to trade one flavor of token for
another. 

 -- Justin

On Fri, 2010-07-16 at 12:56 -0400, Marius Scurtescu wrote:
> On Fri, Jul 16, 2010 at 9:48 AM, Justin Richer <jricher@mitre.org> wrote:
> > The current proposal for a 1.0->2.0 upgrade flow is to use the assertion
> > profile and pass the OAuth token in there. Instead, one could create an
> > endpoint that speaks the 1.0 protocol fully, signatures and client
> > secrets and everything, but issues 2.0 tokens, JSON and all. It's a
> > hybridized endpoint also, but put together with the opposite pieces. In
> > both cases, you put a 1.0 token in one end and get a 2.0 token out the
> > other. But in this case, the request being made is a completely vanilla
> > OAuth 1.0 protected resource access request.
> 
> I already proposed something like that, if there is interest I can
> update the proposal to be in line with the latest spec:
> http://www.ietf.org/mail-archive/web/oauth/current/msg02300.html
> 
> Marius

v2.34.0 | Report a Bug | By Email | System Status