[OAUTH-WG] draft-hunt-oauth-client-association-00

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 01 November 2013 19:02 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id CB00321E805D for <oauth@ietfa.amsl.com>; Fri, 1 Nov 2013 12:02:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id zi36eq+pRldl for <oauth@ietfa.amsl.com>; Fri, 1 Nov 2013 12:02:02 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net []) by ietfa.amsl.com (Postfix) with ESMTP id 7358021E85DB for <oauth@ietf.org>; Fri, 1 Nov 2013 12:01:07 -0700 (PDT)
Received: from masham-mac.home ([]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0MLO9y-1Vbljf3wg6-000fJD for <oauth@ietf.org>; Fri, 01 Nov 2013 20:01:06 +0100
Message-ID: <5273FA71.4000500@gmx.net>
Date: Fri, 01 Nov 2013 20:01:05 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: "oauth@ietf.org WG" <oauth@ietf.org>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:y5b49YTHY8N5cjCogH3wpyye0asNarEwvvGl7Yo7Q4QZNZlrCAr K6pEZwE9bEvOgJ6t3rgNUIPbBE1132w4WJaOtUw6GA5mGt4JHH1VXN8872NBQX9FySHdYHF H+cvAlExYzRwoZfHsl2/bwKZPs3ICqxAktKg0XdUbjogusz4Fw/tp7V1VVFxHSvpoIepS/3 g6JaJ3tmwKVS3l3ztDwJg==
Subject: [OAUTH-WG] draft-hunt-oauth-client-association-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2013 19:02:07 -0000

Hi Phil, Hi Tony, Hi all,

I re-read the document and I believe the most important concept it 
introduces is the classification of different associations, namely into 
'static', 'dynamic', and 'transient'. This is certainly something 
worthwhile to discuss during the meeting and to ensure that it is well 
understood, and that there are only these three classes (rather than two 
or four).

The description in the introduction makes the differentiation between 
the three concepts mostly based on how the endpoints are configured in 
the application.

With the static association the endpoint is hard-coded into the software 
during the development time. It cannot be changed. With the two other 
cases the endpoint can be changed. As such, the difference between the 
'dynamic', and 'transient' association seems to be in the terms of how 
long the lifetime of the association. Now, what exactly is the lifetime 
of an association? Is the lifetime of the association understood as the 
lifetime of the configured endpoint identifier?

Then, when I re-read the text in Section 1 again then I suddenly get the 
impression that the lifetime of the association actually does not matter 
but instead the difference is rather whether the client is public or 
confidential. Is that true?

If it isn't true that this is the feature that makes the distinction 
between 'dynamic', and 'transient' then the notion of "public" vs. 
"confidential" client isn't too important for the rest of the document.