Re: [OAUTH-WG] OAuth and IoT
Adam Lewis <adam.lewis@motorolasolutions.com> Fri, 02 October 2015 20:36 UTC
Return-Path: <adam.lewis@motorolasolutions.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A34B61B2DA0 for <oauth@ietfa.amsl.com>; Fri, 2 Oct 2015 13:36:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.346
X-Spam-Level:
X-Spam-Status: No, score=0.346 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pikkI1rOaZVM for <oauth@ietfa.amsl.com>; Fri, 2 Oct 2015 13:36:48 -0700 (PDT)
Received: from mx0a-0019e102.pphosted.com (mx0a-0019e102.pphosted.com [67.231.149.242]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 342A81B2D8B for <oauth@ietf.org>; Fri, 2 Oct 2015 13:36:48 -0700 (PDT)
Received: from pps.filterd (m0074409.ppops.net [127.0.0.1]) by mx0a-0019e102.pphosted.com (8.15.0.59/8.15.0.59) with SMTP id t92KW3lP010537 for <oauth@ietf.org>; Fri, 2 Oct 2015 15:36:47 -0500
Received: from mail-yk0-f181.google.com (mail-yk0-f181.google.com [209.85.160.181]) by mx0a-0019e102.pphosted.com with ESMTP id 1x9wrr0e8a-1 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for <oauth@ietf.org>; Fri, 02 Oct 2015 15:36:47 -0500
Received: by ykft14 with SMTP id t14so122065724ykf.0 for <oauth@ietf.org>; Fri, 02 Oct 2015 13:36:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=f9vIibgXU/IGBo17jaMyNh1wGUv9nAAq0I95kED8c1s=; b=WfSBbvMg1GwbVBl+xDEMrmGsUu14enXT54w9TxAhbzmsKasBRMKKbJyzsmBAhZpRdP CwyAdyOIqiIxOf78REdc9v2F244h/DH7t4ckNR2N/D0fXWw3zJ2InMC+u+o+idzJ/kEQ lJPdbF5Taz3rI9HRRKVY7rKtK7kuS+XBzjjjnWaMy9n+ECpap+ym6IqP3CjXFSsbMPas ovuqXOCrlptwbI+tw7DwVBmUP5zJs8IAUCMzkcHwsKEb8rxOM++vtqCxSpH4N/QScNqc W71IbhUz8nEVqtfAA9G/K7n4+DPUw0B6nJbn143JRIs/WFfBSHPuSR/3OLEpzJUt5+bd 7f2g==
X-Gm-Message-State: ALoCoQlIUt5JHXknDvVpAiXsHi5rX6ZeyOOGoITtE8G0QJysXWZRqSeU7+f1LWt34AjNjaZnI4a/qXWPXfxYcbKqpdTWhv4Uqdkp/fzWoIVTORgfUIMBD18gtzBtsEV9iH3n/54/8ecx
X-Received: by 10.170.97.66 with SMTP id o63mr15132269yka.55.1443818206270; Fri, 02 Oct 2015 13:36:46 -0700 (PDT)
X-Received: by 10.170.97.66 with SMTP id o63mr15132263yka.55.1443818206119; Fri, 02 Oct 2015 13:36:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.37.195.194 with HTTP; Fri, 2 Oct 2015 13:36:26 -0700 (PDT)
In-Reply-To: <06859C0C-22CC-4CE8-8A42-593EF2EFDCE1@gmail.com>
References: <CAOahYUwiWV-XTVu-RWX5BjJ5D+Tun3SBR3ep2XUy8+pxq=sK3Q@mail.gmail.com> <CAOahYUyXeajxF2AVd5yu_xbGV-Jz1YN1TiZP90Scot5B710yVw@mail.gmail.com> <06859C0C-22CC-4CE8-8A42-593EF2EFDCE1@gmail.com>
From: Adam Lewis <adam.lewis@motorolasolutions.com>
Date: Fri, 02 Oct 2015 15:36:26 -0500
Message-ID: <CAOahYUzY3CHY2n8ioDvtTMreFL-vDCn12TrJq=F2XC4F_w0tnw@mail.gmail.com>
To: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="001a113b4f404c00a20521251f7b"
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 kscore.is_bulkscore=0 kscore.compositescore=1 compositescore=0.9 suspectscore=1 phishscore=0 bulkscore=0 kscore.is_spamscore=0 rbsscore=0.9 spamscore=0 urlsuspectscore=0.9 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1508030000 definitions=main-1510020257
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/nM_b9IMyhqNngf01n2peVNtv-8g>
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth and IoT
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Oct 2015 20:36:49 -0000
Thank you Kathleen, exactly the type of pointers I was looking for. Will head over their now :-) On Fri, Oct 2, 2015 at 3:35 PM, Kathleen Moriarty < kathleen.moriarty.ietf@gmail.com> wrote: > Adam, > > Are you following the ACE working group? They are wrapping up their use > case document and IETF last call should start next week. OAuth is being > considered and they will be busy with suction work soon for Authentication > and authorization in Constrained Environments. > > I'd suggest start with a read of the use case draft. The actors draft > will follow through soon with a WGLC (I hope). They should be discussing > solutions in Yokohama. > > Kathleen > > Sent from my iPhone > > On Oct 2, 2015, at 4:19 PM, Adam Lewis <adam.lewis@motorolasolutions.com> > wrote: > > And on that similar note, has their been any work done around having a > singe client id, and registering that client id with the AS, but tying the > client id to a trust anchor instead of a single public key certificate, > such that any client issued a certificate by the trusted CA could obtain an > access token? This would enable a single entry in the AS for each type of > client. > > On Fri, Oct 2, 2015 at 2:45 PM, Adam Lewis < > adam.lewis@motorolasolutions.com> wrote: > >> Hi all, >> >> Looking to find some pointers to effort around usage of OAuth and IoT. >> Will embedded devices / appliances use the client credential grant type? >> This would seem to be a natural choice, now does every device have a unique >> client id? I am looking at use cases where we will have a large set of >> devices without a UI acting on their own behalf (not the users) and will >> need to obtain access tokens. What are the best practices around this? It >> seems impractical to add every one of these devices as a unique client to >> the OAuth server, but I'm unclear what the other options are given the >> current set of drafts. >> >> >> >> tx! >> adam >> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_oauth&d=AwMFaQ&c=q3cDpHe1hF8lXU5EFjNM_A&r=hS3A5qzQnW1hxYBhPrxNW10ESeDiiiRwR8H84JHIXTI&m=GxAwMcetDxaO8Tzd99LARZeZhw6NR0xA8wT06EFOJJA&s=es9C9muLLeu4OOIrHMqVkuC0Hhd9Wx8RPgDVD_sL5w0&e=> > >
- [OAUTH-WG] OAuth and IoT Adam Lewis
- Re: [OAUTH-WG] OAuth and IoT Adam Lewis
- Re: [OAUTH-WG] OAuth and IoT Kathleen Moriarty
- Re: [OAUTH-WG] OAuth and IoT Adam Lewis
- Re: [OAUTH-WG] OAuth and IoT Kathleen Moriarty