Re: [OAUTH-WG] Audience parameter in authorization flow
Sergey Beryozkin <sberyozkin@gmail.com> Mon, 19 August 2013 18:59 UTC
Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C85CB11E82D6 for <oauth@ietfa.amsl.com>; Mon, 19 Aug 2013 11:59:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.339
X-Spam-Level:
X-Spam-Status: No, score=-2.339 tagged_above=-999 required=5 tests=[AWL=0.260, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2tEUq1rny4j9 for <oauth@ietfa.amsl.com>; Mon, 19 Aug 2013 11:59:30 -0700 (PDT)
Received: from mail-ee0-x22e.google.com (mail-ee0-x22e.google.com [IPv6:2a00:1450:4013:c00::22e]) by ietfa.amsl.com (Postfix) with ESMTP id DD7BE11E82BA for <oauth@ietf.org>; Mon, 19 Aug 2013 11:59:22 -0700 (PDT)
Received: by mail-ee0-f46.google.com with SMTP id c13so2309732eek.5 for <oauth@ietf.org>; Mon, 19 Aug 2013 11:59:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=etvK6A42yP5frKe2pAed9AsS2S1ZgG3ANtx2y83uE2A=; b=CKZy6YJ8ftvukvcYRuIHgDmxRbzYfUjxBU0z+jV+reqhZTz7J3k22Dk8/lm5IDZjiO uEDXqtZcCgfB0hAuUtRBbWZWV3DC51GGJo4E76ihxw7aA0CSRby5HzojjpVmm+R7GeaY 13ZVZ8oVyOMxvVcavm53au+mn02W2Ooa/ClJ/1BLUuviFJoTKk6efHGFquwoy/Mm7b4e G0MoEAs83IjiJw5VufBD9FbpzpnGDP2DDQDtiAxLUP0f12/sy/YQvApge5VvV2XhjrJn MeNncy+/gJX7lJtyId+5mmmmNKMPN7N6gU1q8jyDpZfjEJG4LbOO/hi3jAgWizcUxAam U7uQ==
X-Received: by 10.14.45.70 with SMTP id o46mr25052174eeb.19.1376938762097; Mon, 19 Aug 2013 11:59:22 -0700 (PDT)
Received: from [10.39.0.31] ([87.252.227.100]) by mx.google.com with ESMTPSA id k7sm19263249eeg.13.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 19 Aug 2013 11:59:21 -0700 (PDT)
Message-ID: <52126B03.4080809@gmail.com>
Date: Mon, 19 Aug 2013 21:59:15 +0300
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7
MIME-Version: 1.0
To: Justin Richer <jricher@mitre.org>
References: <5210F714.80305@gmail.com> <52122704.4030308@mitre.org>
In-Reply-To: <52122704.4030308@mitre.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Audience parameter in authorization flow
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2013 18:59:31 -0000
Hi, Thanks for the feedback, On 19/08/13 17:09, Justin Richer wrote: > Both of those make sense to me, and it mimics what "scope" does today. > Namely, clients can usually register for a list of scopes that they want > access to, then at authorization time they ask for a particular set to > be approved by the user. > As a side note having a dedicated audience parameter is preferred in our case as it lets generalize the processing of the audience parameter and help the actual OAuth2 data services not to worry about it; I've heard that a scope can be used to emulate the 'audience' but it becomes very application specific, Thanks, Sergey > -- Justin > > On 08/18/2013 12:32 PM, Sergey Beryozkin wrote: >> Hi Hannes, All, >> >> Regarding [1], where would you expect an audience parameter be >> provided during the authorization flow ? >> >> It appears to me it should be provided during the initial redirect >> (similarly to a parameter like redirect_uri). >> >> Also, would it make sense to support pre-registered audience values, >> example, a client registers and specifies an audience during the >> registration ? >> >> Thanks, Sergey >> >> [1] http://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Audience parameter in authorization fl… Sergey Beryozkin
- Re: [OAUTH-WG] Audience parameter in authorizatio… Justin Richer
- Re: [OAUTH-WG] Audience parameter in authorizatio… Sergey Beryozkin
- Re: [OAUTH-WG] Audience parameter in authorizatio… Phil Hunt
- Re: [OAUTH-WG] Audience parameter in authorizatio… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] Audience parameter in authorizatio… Phil Hunt
- Re: [OAUTH-WG] Audience parameter in authorizatio… Hannes Tschofenig
- Re: [OAUTH-WG] Audience parameter in authorizatio… Anthony Nadalin
- Re: [OAUTH-WG] Audience parameter in authorizatio… Phil Hunt
- Re: [OAUTH-WG] Audience parameter in authorizatio… Justin Richer