IETF Logo Mail Archive

[OAUTH-WG] Dynamic client registration and the audience (resource) indicators

Sergey Beryozkin <sberyozkin@gmail.com> Mon, 28 November 2016 17:31 UTC

Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0F5D129F67 for <oauth@ietfa.amsl.com>; Mon, 28 Nov 2016 09:31:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hcV99rjSqS87 for <oauth@ietfa.amsl.com>; Mon, 28 Nov 2016 09:31:10 -0800 (PST)
Received: from mail-wj0-x231.google.com (mail-wj0-x231.google.com [IPv6:2a00:1450:400c:c01::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 55EF5129F69 for <oauth@ietf.org>; Mon, 28 Nov 2016 09:21:47 -0800 (PST)
Received: by mail-wj0-x231.google.com with SMTP id qp4so122402668wjc.3 for <oauth@ietf.org>; Mon, 28 Nov 2016 09:21:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding; bh=RY9RzNlgbPeB1NvgcO1pdD2uNObs5nXjV12WmryPQHM=; b=JMlqSbUeb4JfkkrDNAXQ0lSkRSbYMki9J11Rde4Mw0Uv/yd2DLV69TAkCcNV4oblJZ 4qzCNTvFtUeBCaj0iu3pDRZYaVVtO+FUH29eXFBwTgTco2TO77665zGBgxlo/42mY2fF 82sU1fEcMZahne+3ZVLuO2bed9BQwJo2qJBj16wgJ/BpWwzO1yvJPHo7j4KKVj3uOUtp L0mCsVHZgIc4NhFrVS7ptwtiE1z1RFs+MYJMq3NB1/AN+xvnAd8ZuvO91ELWa1J9J5Ue KENNoB2bBHykw0MycDfFWpg0Z3EaQntdu07pGs7rXqSCgjUxt34Kw1qmAoLy5EysOjf7 q9Hg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding; bh=RY9RzNlgbPeB1NvgcO1pdD2uNObs5nXjV12WmryPQHM=; b=Geg7J1XhBPlaD3/3xOoCFP6InWygJBYk31VlkgVTSzJTAvl1FSjyyz631J1R2XoCT5 oxLUjBKt8mHDrbAYFvuuNknIm6EhGDhrfLMpjL353GGQsPNPVSHaSdJizBuWpvItZpSn +RS6Y4j0hSdJ/hz52pZ2FystGX7VyK7DRBODBH9MdUw5ULnFRbJvMCITuAUkvoKp8u9h Zk0nNEF/kOCyFmmWu7decwXDzXATXo4yyov/Uw95KDT2G6cwV1+ds+nMVRedMR563DcJ vDuqBELxyJWwNbQlPxGMHl5qQZjto5rgfXdXeqMwMXbrqUPOiEi00VdCoHtKLdBXlXVJ 8N5g==
X-Gm-Message-State: AKaTC01gaCDvL5Ofvb/yTc6CIXI2fRWxa9CuJUoWAG9jo4ruGCwFNWpR841Q3Eo7ioWnhw==
X-Received: by 10.194.20.34 with SMTP id k2mr13642647wje.9.1480353705685; Mon, 28 Nov 2016 09:21:45 -0800 (PST)
Received: from [10.36.226.98] ([80.169.137.53]) by smtp.googlemail.com with ESMTPSA id ab10sm63367223wjc.45.2016.11.28.09.21.44 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 28 Nov 2016 09:21:45 -0800 (PST)
To: "oauth@ietf.org" <oauth@ietf.org>
From: Sergey Beryozkin <sberyozkin@gmail.com>
Message-ID: <c607334a-edcd-2be6-1796-7b31e070bad0@gmail.com>
Date: Mon, 28 Nov 2016 17:21:44 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/wOrZP4Bb6xG3V2k0EqPpfQoohuA>
Subject: [OAUTH-WG] Dynamic client registration and the audience (resource) indicators
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2016 17:31:13 -0000

Hi All

Our AS allows for the manual client registration with the UI offering an 
option to assign the audience/resource URIs to a given Client 
registration with all the associated future access tokens inheriting them.

The client will not have to follow the resource indicator registration 
as recommended at [1] - the administrator who registers the clients sets 
the audiences.

We'd like to achieve the same with the dynamic client registration but 
my colleague noted the client metadata in the dynamic registration 
request has no 'audience' property.

We will consider supporting either an 'audience' or 'resource' property 
- does it sound reasonable ?

By the way, as far as [1] is concerned, should a 'resource' property 
support an array of audiences ? (To support a case a client needed to 
talk to several RSs to complete a given action)

Thanks, Sergey

[1] https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02

v2.43.4 | Report a Bug | By Email | System Status