Re: [OAUTH-WG] FYI per a request on the last conference call, this is a method for making client registration stateless.

Anthony Nadalin <tonynad@microsoft.com> Tue, 22 October 2013 00:49 UTC

Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35DBB11E82E6 for <oauth@ietfa.amsl.com>; Mon, 21 Oct 2013 17:49:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.69
X-Spam-Level:
X-Spam-Status: No, score=-1.69 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_ILLEGAL_IP=1.908, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N4MGoUp2pVeU for <oauth@ietfa.amsl.com>; Mon, 21 Oct 2013 17:49:34 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0236.outbound.protection.outlook.com [207.46.163.236]) by ietfa.amsl.com (Postfix) with ESMTP id F401611E82CC for <oauth@ietf.org>; Mon, 21 Oct 2013 17:49:33 -0700 (PDT)
Received: from BY2PR03MB189.namprd03.prod.outlook.com (10.242.36.140) by BY2PR03MB190.namprd03.prod.outlook.com (10.242.36.141) with Microsoft SMTP Server (TLS) id 15.0.800.7; Tue, 22 Oct 2013 00:49:32 +0000
Received: from BY2PR03MB189.namprd03.prod.outlook.com ([169.254.6.169]) by BY2PR03MB189.namprd03.prod.outlook.com ([169.254.6.169]) with mapi id 15.00.0800.005; Tue, 22 Oct 2013 00:49:31 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: Phil Hunt <phil.hunt@oracle.com>, John Bradley <ve7jtb@ve7jtb.com>
Thread-Topic: [OAUTH-WG] FYI per a request on the last conference call, this is a method for making client registration stateless.
Thread-Index: AQHOyTm2aie9oPTOZUyREoc9yH+Tz5n/cYGAgAB826A=
Date: Tue, 22 Oct 2013 00:49:30 +0000
Message-ID: <c53ff2cc218949f7a425bf06aa9a6c5c@BY2PR03MB189.namprd03.prod.outlook.com>
References: <E2658D78-4EF8-433F-B007-15457EE353C4@ve7jtb.com> <BBFA9BB8-5FE1-45CD-9BF7-422D80A5412A@oracle.com>
In-Reply-To: <BBFA9BB8-5FE1-45CD-9BF7-422D80A5412A@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [1.209.2.33]
x-forefront-prvs: 00073DB75F
x-forefront-antispam-report: SFV:NSPM; SFS:(30513003)(189002)(199002)(377424004)(52084003)(69234005)(24454002)(377454003)(81686001)(69226001)(81816001)(47446002)(74502001)(74662001)(31966008)(79102001)(85306002)(74876001)(14971765001)(81542001)(80022001)(65816001)(51856001)(46102001)(74366001)(74706001)(81342001)(63696002)(56816003)(80976001)(47736001)(47976001)(49866001)(50986001)(77096001)(54316002)(56776001)(59766001)(77982001)(15975445006)(4396001)(76482001)(19609705001)(76786001)(76576001)(76796001)(83322001)(19580405001)(19580395003)(54356001)(15202345003)(16236675002)(33646001)(53806001)(19300405004)(66066001)(83072001)(16601075003)(74316001)(42262001)(24736002); DIR:OUT; SFP:; SCL:1; SRVR:BY2PR03MB190; H:BY2PR03MB189.namprd03.prod.outlook.com; CLIP:1.209.2.33; FPR:; RD:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_c53ff2cc218949f7a425bf06aa9a6c5cBY2PR03MB189namprd03pro_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: oauth list <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FYI per a request on the last conference call, this is a method for making client registration stateless.
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Oct 2013 00:49:41 -0000

Phil, I agree with your observations, seem like its screwed up

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Phil Hunt
Sent: Monday, October 21, 2013 10:21 AM
To: John Bradley
Cc: oauth list
Subject: Re: [OAUTH-WG] FYI per a request on the last conference call, this is a method for making client registration stateless.

I am assuming that this draft fits with the dyn reg draft.  It makes the assumption that every single client is somehow potentially different in terms of registration.  This draft encodes the registration values in the JWT so that stateless registration can be achieved.

Dynamic registration takes a different view from client association, in that dynamic registration has no notion of fixed client software releases that are deployed many times. As such there is no fixed registration profile. Every client is potentially different. In contrast Client Association + Software statements, clients are identified as a particular software and are fixed.

Have I read this correctly?

>From a policy perspective, how would a service provider handle registration of clients that are all potentially different? Why would individual clients need to differ in registration (other than in the tokens negotiated with a particular deployment SP)?

Phil

@independentid
www.independentid.com<http://www.independentid.com>
phil.hunt@oracle.com<mailto:phil.hunt@oracle.com>

On 2013-10-14, at 5:01 PM, John Bradley <ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>> wrote:


A new version of I-D, draft-bradley-stateless-oauth-client-00.txt
has been successfully submitted by John Bradley and posted to the
IETF repository.

Filename:          draft-bradley-stateless-oauth-client
Revision:          00
Title:                 Stateless Client Identifier for OAuth 2
Creation date:  2013-10-15
Group:              Individual Submission
Number of pages: 4
URL:             http://www.ietf.org/internet-drafts/draft-bradley-stateless-oauth-client-00.txt
Status:          http://datatracker.ietf.org/doc/draft-bradley-stateless-oauth-client
Htmlized:        http://tools.ietf.org/html/draft-bradley-stateless-oauth-client-00


Abstract:
  This draft provides a method for communicating information about an
  OAuth client through its client identifier allowing for fully
  stateless operation.





Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org/>g/>.

The IETF Secretariat
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth