Re: [OAUTH-WG] Authentication Methods

John Bradley <ve7jtb@ve7jtb.com> Wed, 02 November 2011 21:14 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8369D11E8162 for <oauth@ietfa.amsl.com>; Wed, 2 Nov 2011 14:14:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.541
X-Spam-Level:
X-Spam-Status: No, score=-3.541 tagged_above=-999 required=5 tests=[AWL=0.057, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mxUNsF2BvGlM for <oauth@ietfa.amsl.com>; Wed, 2 Nov 2011 14:14:01 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 4259F11E811F for <oauth@ietf.org>; Wed, 2 Nov 2011 14:14:01 -0700 (PDT)
Received: by ywt2 with SMTP id 2so635682ywt.31 for <oauth@ietf.org>; Wed, 02 Nov 2011 14:13:33 -0700 (PDT)
Received: by 10.150.14.9 with SMTP id 9mr6954167ybn.80.1320268413631; Wed, 02 Nov 2011 14:13:33 -0700 (PDT)
Received: from [192.168.1.213] ([190.22.4.104]) by mx.google.com with ESMTPS id l8sm10705767anb.1.2011.11.02.14.13.29 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 02 Nov 2011 14:13:30 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: multipart/signed; boundary="Apple-Mail=_194C94DD-8389-4FC4-B489-3D7728BE9693"; protocol="application/pkcs7-signature"; micalg="sha1"
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <079275cb-f23c-46de-92c6-fc308ad2e1eb@email.covenanteyes.com>
Date: Wed, 02 Nov 2011 18:13:16 -0300
Message-Id: <D65EE252-FA56-4733-83E8-5A3EE3E0FF2E@ve7jtb.com>
References: <079275cb-f23c-46de-92c6-fc308ad2e1eb@email.covenanteyes.com>
To: Elliot Cameron <elliot.cameron@covenanteyes.com>
X-Mailer: Apple Mail (2.1251.1)
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Authentication Methods
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 21:14:02 -0000

That probably depends on what authentication you are asking about.

Authentication of the client to the protected resource has two profiles MAC & Bearer.
Authentication of the client to the Token Endpoint has an example in the OAuth spec using client_id and a symmetric secret.
That is extensible and openID Connect defines an additional method using asymmetric keys.

Authentication of the resource owner to the authorization server is roll your own:)

Authentication of the Authorization server/token endpoint/protected resource to the client is TLS for the most part.

Regards
John B.
On 2011-11-02, at 5:59 PM, Elliot Cameron wrote:

> What are some common or suggested authentication methods that are used in conjunction with OAuth 2.0?
> Is TLS/SSL the only standard one or do people normally roll their own authentication within OAuth's flows?
> 
> Elliot Cameron
> Covenant Eyes Software Developer
> elliot.cameron@covenanteyes.com
> 810-771-8322
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth