Re: [OAUTH-WG] Device profile usage
Vincent Tsang <vincetsang@gmail.com> Wed, 29 May 2013 14:20 UTC
Return-Path: <vincetsang@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCC4321F91CB; Wed, 29 May 2013 07:20:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.203
X-Spam-Level:
X-Spam-Status: No, score=0.203 tagged_above=-999 required=5 tests=[AWL=-1.401, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_BASE64_TEXT=1.753, MIME_CHARSET_FARAWAY=2.45, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3E5bwSt5GL7R; Wed, 29 May 2013 07:20:32 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) by ietfa.amsl.com (Postfix) with ESMTP id 7114021F9121; Wed, 29 May 2013 07:20:31 -0700 (PDT)
Received: by mail-wi0-f181.google.com with SMTP id hi5so3552507wib.2 for <multiple recipients>; Wed, 29 May 2013 07:20:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=N8Syqjm4xqvR51yTNyMv05Wz3CMfgzUFxT5wPPrJAVA=; b=lBGnbiTSSM9ccTA43KIKlqzGiWtNikXXrWYQ1mn7HGQXMfl8C5EOz+4psKnGBnfvJx KQD6R3HIrcvGqchNoHc9NdXb/JLnjS/PWkMShBM09vJvZSI2x1h06Nz5bBNLsBA4izQo 0mzmHIk0md+9e6t2AQNU4yiQSnFG0as1RvdxQZPiQnSb1MB17kAlWAiDRn/D+HME5GqB 9lEhRHVmowN0UHk21C09JaJl58MsavRSBGf4KYnrI1BPoCWXhb2TNK9lsQiANIfL7Tiq 6DVgN1lOeBoBxw7K8KkouJPKI+Iu6ip6wMfkBYwMfswjf8C3lWEnn1ra5oOSZsVsAwBw 4+dw==
MIME-Version: 1.0
X-Received: by 10.180.212.49 with SMTP id nh17mr15730696wic.60.1369837230610; Wed, 29 May 2013 07:20:30 -0700 (PDT)
Received: by 10.216.80.198 with HTTP; Wed, 29 May 2013 07:20:30 -0700 (PDT)
In-Reply-To: <OF35A0195E.6911A37A-ON85257B7A.0049A8A1-85257B7A.0049D9F2@us.ibm.com>
References: <CANZRnTUyz6wo_5ZfghicGpNEm_=+Aw1=ChdNPdTvKkZS4YApNw@mail.gmail.com> <E625D418-5F83-41EB-BF65-09DEDF003C14@gmx.net> <CANZRnTUS4+_37EtA3bJFDvjWOC=iFzGk1PLHutzx1ijp9kMS_g@mail.gmail.com> <-8470720313341818373@unknownmsgid> <CANZRnTUpyaV6Vd88wkSG_g5tb9QeVGM60czSrpqDdEcqczoXSg@mail.gmail.com> <OF35A0195E.6911A37A-ON85257B7A.0049A8A1-85257B7A.0049D9F2@us.ibm.com>
Date: Wed, 29 May 2013 22:20:30 +0800
Message-ID: <CANZRnTVcQdobaRSdNLQQR3CtLL_w=q=DLJTGdLe0Kp3-K6-q+w@mail.gmail.com>
From: Vincent Tsang <vincetsang@gmail.com>
To: Todd W Lainhart <lainhart@us.ibm.com>
Content-Type: multipart/alternative; boundary="001a11c34c8487e13704dddc153c"
Cc: "oauth@ietf.org" <oauth@ietf.org>, "oauth-bounces@ietf.org" <oauth-bounces@ietf.org>
Subject: Re: [OAUTH-WG] Device profile usage
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2013 14:20:33 -0000
The same user could run the app on multiple computers and I want to distinguish each running instance, so I think it's the app? Thanks. Vincent On Wednesday, May 29, 2013, Todd W Lainhart wrote: > On behalf of what will the access token be granted - the app (e.g. Word), > or the user running the app? > > * > > > Todd Lainhart > Rational software > IBM Corporation > 550 King Street, Littleton, MA 01460-1250** > 1-978-899-4705 > 2-276-4705 (T/L) > lainhart@us.ibm.com <javascript:_e({}, 'cvml', 'lainhart@us.ibm.com');>* > > > > > From: Vincent Tsang <vincetsang@gmail.com <javascript:_e({}, > 'cvml', 'vincetsang@gmail.com');>> > To: Nat Sakimura <sakimura@gmail.com <javascript:_e({}, 'cvml', > 'sakimura@gmail.com');>>, > Cc: "oauth@ietf.org <javascript:_e({}, 'cvml', 'oauth@ietf.org');>" > <oauth@ietf.org <javascript:_e({}, 'cvml', 'oauth@ietf.org');>> > Date: 05/29/2013 12:31 AM > Subject: Re: [OAUTH-WG] Device profile usage > Sent by: oauth-bounces@ietf.org <javascript:_e({}, 'cvml', > 'oauth-bounces@ietf.org');> > ------------------------------ > > > > The client is a native windows application, for instance, a document > editor like MS Word. > The editor can upload copies to the cloud (e.g. Amazon S3), then record > the version history and notes associated with each cloud copy to our cloud > service via our cloud application API (to be secured by OAuth access > tokens). > I think it's similar to the case with a media player application (like > VLC/Windows Media Player) that sends playlist/history info to the cloud via > some cloud application API. > I'm just not sure which of the 4 scenarios described in the OAuth spec > could fit in here... > > Thanks. > Vincent > > > On Wed, May 29, 2013 at 11:38 AM, Nat Sakimura <*sakimura@gmail.com*<javascript:_e({}, 'cvml', 'sakimura@gmail.com');>> > wrote: > A little more application and user context would help. > A use case, so to speak. > > Nat > > 2013/05/29 12:04¡¢Vincent Tsang <*vincetsang@gmail.com* <javascript:_e({}, > 'cvml', 'vincetsang@gmail.com');>> ¤Î¥á¥Ã¥»©`¥¸: > > > Hi Hannes, > > > > Thanks for your reply. > > Actually I am new to OAuth and am simply trying to search for the best > industrial practice for granting access tokens when the client to our > application API is a simple windows applications, which in most cases runs > on PC's with web browser installed. > > Therefore the scenario doesn't quite match what is described in the > document, as the user doesn't need a separate machine to perform the > verification; it's just that the client application doesn't have internet > browsing capability itself (in this sense it's similar to the "device" > described in this document, though not quite) and so user needs to launch a > separate browser application. > > I ended up on this device profile spec just because it seems to match > closer to our scenario when compared to the 4 cases described in the OAuth > 2 spec, but it could be the case that I didn't understand it fully. > > Maybe I should rephrase my question: could someone please advice what > should be the best practice for granting OAuth tokens to clients which are > native windows applications? > > > > Thanks. > > Vincent > > > > _______________________________________________ > > OAuth mailing list > > *OAuth@ietf.org* <javascript:_e({}, 'cvml', 'OAuth@ietf.org');> > > *https://www.ietf.org/mailman/listinfo/oauth*<https://www.ietf.org/mailman/listinfo/oauth> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <javascript:_e({}, 'cvml', 'OAuth@ietf.org');> > https://www.ietf.org/mailman/listinfo/oauth > >
- [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Hannes Tschofenig
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Nat Sakimura
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Lewis Adam-CAL022
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Vincent Tsang