Re: [OAUTH-WG] Device profile usage
Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com> Wed, 29 May 2013 13:54 UTC
Return-Path: <Adam.Lewis@motorolasolutions.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA17A21F8D2B for <oauth@ietfa.amsl.com>; Wed, 29 May 2013 06:54:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.466
X-Spam-Level:
X-Spam-Status: No, score=-0.466 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, UNRESOLVED_TEMPLATE=3.132]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K4mi-gHdp8pK for <oauth@ietfa.amsl.com>; Wed, 29 May 2013 06:54:35 -0700 (PDT)
Received: from va3outboundpool.messaging.microsoft.com (va3ehsobe010.messaging.microsoft.com [216.32.180.30]) by ietfa.amsl.com (Postfix) with ESMTP id 4B2EC21F8AD8 for <oauth@ietf.org>; Wed, 29 May 2013 06:54:34 -0700 (PDT)
Received: from mail199-va3-R.bigfish.com (10.7.14.241) by VA3EHSOBE004.bigfish.com (10.7.40.24) with Microsoft SMTP Server id 14.1.225.23; Wed, 29 May 2013 13:54:33 +0000
Received: from mail199-va3 (localhost [127.0.0.1]) by mail199-va3-R.bigfish.com (Postfix) with ESMTP id BA6FE4600D9 for <oauth@ietf.org>; Wed, 29 May 2013 13:54:33 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:129.188.136.17; KIP:(null); UIP:(null); IPV:NLI; H:il06msg01.mot-solutions.com; RD:none; EFVD:NLI
X-SpamScore: -24
X-BigFish: VPS-24(zzbb2dI98dI9371I1432Ic85ahzz1f42h1ee6h1de0h1fdah1202h1e76h1d1ah1d2ah1fc6hzz1033IL17326ah18c673h1c8fb4h8275bh8275dhz2fh2a8h683h839hd25hf0ah1288h12a5h12bdh137ah1441h1504h1537h153bh15d0h162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah1bceh1d07h1d0ch1d2eh1d3fh1de9h1155h)
Received-SPF: pass (mail199-va3: domain of motorolasolutions.com designates 129.188.136.17 as permitted sender) client-ip=129.188.136.17; envelope-from=Adam.Lewis@motorolasolutions.com; helo=il06msg01.mot-solutions.com ; olutions.com ;
X-Forefront-Antispam-Report-Untrusted: CIP:157.56.237.133; KIP:(null); UIP:(null); (null); H:BY2PRD0411HT005.namprd04.prod.outlook.com; R:internal; EFV:INT
Received: from mail199-va3 (localhost.localdomain [127.0.0.1]) by mail199-va3 (MessageSwitch) id 1369835671947179_9365; Wed, 29 May 2013 13:54:31 +0000 (UTC)
Received: from VA3EHSMHS042.bigfish.com (unknown [10.7.14.248]) by mail199-va3.bigfish.com (Postfix) with ESMTP id E324B18021B for <oauth@ietf.org>; Wed, 29 May 2013 13:54:31 +0000 (UTC)
Received: from il06msg01.mot-solutions.com (129.188.136.17) by VA3EHSMHS042.bigfish.com (10.7.99.52) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 29 May 2013 13:54:27 +0000
Received: from il06msg01.mot-solutions.com (il06vts01.mot.com [129.188.137.141]) by il06msg01.mot-solutions.com (8.14.3/8.14.3) with ESMTP id r4TDsRlW005643 for <oauth@ietf.org>; Wed, 29 May 2013 08:54:27 -0500 (CDT)
Received: from DB8EHSOBE038.bigfish.com (mail-db8lp0184.outbound.messaging.microsoft.com [213.199.154.184]) by il06msg01.mot-solutions.com (8.14.3/8.14.3) with ESMTP id r4TDsPNS005639 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <oauth@ietf.org>; Wed, 29 May 2013 08:54:26 -0500 (CDT)
Received: from mail110-db8-R.bigfish.com (10.174.8.250) by DB8EHSOBE038.bigfish.com (10.174.4.101) with Microsoft SMTP Server id 14.1.225.23; Wed, 29 May 2013 13:54:25 +0000
Received: from mail110-db8 (localhost [127.0.0.1]) by mail110-db8-R.bigfish.com (Postfix) with ESMTP id 7AFFD180197 for <oauth@ietf.org.FOPE.CONNECTOR.OVERRIDE>; Wed, 29 May 2013 13:54:25 +0000 (UTC)
Received: from mail110-db8 (localhost.localdomain [127.0.0.1]) by mail110-db8 (MessageSwitch) id 1369835663122517_20122; Wed, 29 May 2013 13:54:23 +0000 (UTC)
Received: from DB8EHSMHS024.bigfish.com (unknown [10.174.8.254]) by mail110-db8.bigfish.com (Postfix) with ESMTP id 11BC4300055; Wed, 29 May 2013 13:54:23 +0000 (UTC)
Received: from BY2PRD0411HT005.namprd04.prod.outlook.com (157.56.237.133) by DB8EHSMHS024.bigfish.com (10.174.4.34) with Microsoft SMTP Server (TLS) id 14.1.225.23; Wed, 29 May 2013 13:54:21 +0000
Received: from BY2PRD0411MB441.namprd04.prod.outlook.com ([169.254.5.126]) by BY2PRD0411HT005.namprd04.prod.outlook.com ([10.255.128.40]) with mapi id 14.16.0311.000; Wed, 29 May 2013 13:54:11 +0000
From: Lewis Adam-CAL022 <Adam.Lewis@motorolasolutions.com>
To: Vincent Tsang <vincetsang@gmail.com>, Nat Sakimura <sakimura@gmail.com>
Thread-Topic: [OAUTH-WG] Device profile usage
Thread-Index: AQHOXBlnTKXfRjB7qEeY0Vk/CLUtV5kbg8MAgAAO0gCAAJxiYA==
Date: Wed, 29 May 2013 13:54:10 +0000
Message-ID: <59E470B10C4630419ED717AC79FCF9A9659AE3FF@BY2PRD0411MB441.namprd04.prod.outlook.com>
References: <CANZRnTUyz6wo_5ZfghicGpNEm_=+Aw1=ChdNPdTvKkZS4YApNw@mail.gmail.com> <E625D418-5F83-41EB-BF65-09DEDF003C14@gmx.net> <CANZRnTUS4+_37EtA3bJFDvjWOC=iFzGk1PLHutzx1ijp9kMS_g@mail.gmail.com> <-8470720313341818373@unknownmsgid> <CANZRnTUpyaV6Vd88wkSG_g5tb9QeVGM60czSrpqDdEcqczoXSg@mail.gmail.com>
In-Reply-To: <CANZRnTUpyaV6Vd88wkSG_g5tb9QeVGM60czSrpqDdEcqczoXSg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [150.130.46.183]
Content-Type: multipart/alternative; boundary="_000_59E470B10C4630419ED717AC79FCF9A9659AE3FFBY2PRD0411MB441_"
MIME-Version: 1.0
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
X-FOPE-CONNECTOR: Id%1294$Dn%GMAIL.COM$RO%2$TLS%3$FQDN%msgate.mot-solutions.com$TlsDn%
X-FOPE-CONNECTOR: Id%1294$Dn%IETF.ORG$RO%2$TLS%3$FQDN%msgate.mot-solutions.com$TlsDn%
X-CFilter-Loop: Reflected
X-OriginatorOrg: motorolasolutions.com
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Device profile usage
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2013 13:54:42 -0000
Hi Vincent … it sounds to me like you should be looking at the code flow. It is optimized for the use case you describe (or at least as I understand it). A native application which uses an installed web browser to interact with the AS and obtain a token for your client. Using this flow, your native windows app would communicate with the AS via (for example) Firefox or IE. Your request would register a custom redirect URI, which your app would handle. When the AS sends the code back, the web browser will hand it back to your native app. Your native app would then communicate directly with the AS and exchange the code for an access token which your app could then use to communicate with its API endpoint. -adam From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Vincent Tsang Sent: Tuesday, May 28, 2013 11:32 PM To: Nat Sakimura Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Device profile usage The client is a native windows application, for instance, a document editor like MS Word. The editor can upload copies to the cloud (e.g. Amazon S3), then record the version history and notes associated with each cloud copy to our cloud service via our cloud application API (to be secured by OAuth access tokens). I think it's similar to the case with a media player application (like VLC/Windows Media Player) that sends playlist/history info to the cloud via some cloud application API. I'm just not sure which of the 4 scenarios described in the OAuth spec could fit in here... Thanks. Vincent On Wed, May 29, 2013 at 11:38 AM, Nat Sakimura <sakimura@gmail.com<mailto:sakimura@gmail.com>> wrote: A little more application and user context would help. A use case, so to speak. Nat 2013/05/29 12:04、Vincent Tsang <vincetsang@gmail.com<mailto:vincetsang@gmail.com>> のメッセージ: > Hi Hannes, > > Thanks for your reply. > Actually I am new to OAuth and am simply trying to search for the best industrial practice for granting access tokens when the client to our application API is a simple windows applications, which in most cases runs on PC's with web browser installed. > Therefore the scenario doesn't quite match what is described in the document, as the user doesn't need a separate machine to perform the verification; it's just that the client application doesn't have internet browsing capability itself (in this sense it's similar to the "device" described in this document, though not quite) and so user needs to launch a separate browser application. > I ended up on this device profile spec just because it seems to match closer to our scenario when compared to the 4 cases described in the OAuth 2 spec, but it could be the case that I didn't understand it fully. > Maybe I should rephrase my question: could someone please advice what should be the best practice for granting OAuth tokens to clients which are native windows applications? > > Thanks. > Vincent > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org<mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Hannes Tschofenig
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Nat Sakimura
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Lewis Adam-CAL022
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Vincent Tsang