Re: [OAUTH-WG] Device profile usage
Todd W Lainhart <lainhart@us.ibm.com> Wed, 29 May 2013 13:26 UTC
Return-Path: <lainhart@us.ibm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7674F21F8976 for <oauth@ietfa.amsl.com>; Wed, 29 May 2013 06:26:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id haD8nn1rPQX8 for <oauth@ietfa.amsl.com>; Wed, 29 May 2013 06:26:50 -0700 (PDT)
Received: from e9.ny.us.ibm.com (e9.ny.us.ibm.com [32.97.182.139]) by ietfa.amsl.com (Postfix) with ESMTP id 8F93721F8916 for <oauth@ietf.org>; Wed, 29 May 2013 06:26:50 -0700 (PDT)
Received: from /spool/local by e9.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <oauth@ietf.org> from <lainhart@us.ibm.com>; Wed, 29 May 2013 09:26:48 -0400
Received: from d01dlp01.pok.ibm.com (9.56.250.166) by e9.ny.us.ibm.com (192.168.1.109) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 29 May 2013 09:26:46 -0400
Received: from d01relay05.pok.ibm.com (d01relay05.pok.ibm.com [9.56.227.237]) by d01dlp01.pok.ibm.com (Postfix) with ESMTP id CF1EF38C801A; Wed, 29 May 2013 09:26:44 -0400 (EDT)
Received: from d01av05.pok.ibm.com (d01av05.pok.ibm.com [9.56.224.195]) by d01relay05.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r4TDQjxj338878; Wed, 29 May 2013 09:26:45 -0400
Received: from d01av05.pok.ibm.com (loopback [127.0.0.1]) by d01av05.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r4TDQiX2020402; Wed, 29 May 2013 09:26:44 -0400
Received: from d01ml255.pok.ibm.com (d01ml255.pok.ibm.com [9.63.10.54]) by d01av05.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id r4TDQib0020399; Wed, 29 May 2013 09:26:44 -0400
In-Reply-To: <CANZRnTUpyaV6Vd88wkSG_g5tb9QeVGM60czSrpqDdEcqczoXSg@mail.gmail.com>
References: <CANZRnTUyz6wo_5ZfghicGpNEm_=+Aw1=ChdNPdTvKkZS4YApNw@mail.gmail.com> <E625D418-5F83-41EB-BF65-09DEDF003C14@gmx.net> <CANZRnTUS4+_37EtA3bJFDvjWOC=iFzGk1PLHutzx1ijp9kMS_g@mail.gmail.com> <-8470720313341818373@unknownmsgid> <CANZRnTUpyaV6Vd88wkSG_g5tb9QeVGM60czSrpqDdEcqczoXSg@mail.gmail.com>
To: Vincent Tsang <vincetsang@gmail.com>
MIME-Version: 1.0
X-KeepSent: 35A0195E:6911A37A-85257B7A:0049A8A1; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.3FP3 November 16, 2012
Message-ID: <OF35A0195E.6911A37A-ON85257B7A.0049A8A1-85257B7A.0049D9F2@us.ibm.com>
From: Todd W Lainhart <lainhart@us.ibm.com>
Date: Wed, 29 May 2013 09:26:42 -0400
X-MIMETrack: Serialize by Router on D01ML255/01/M/IBM(Release 8.5.3FP2 ZX853FP2HF5|February, 2013) at 05/29/2013 09:26:44, Serialize complete at 05/29/2013 09:26:44
Content-Type: multipart/alternative; boundary="=_alternative 0049D9F285257B7A_="
X-TM-AS-MML: No
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 13052913-7182-0000-0000-000006FBB469
Cc: "oauth@ietf.org" <oauth@ietf.org>, oauth-bounces@ietf.org
Subject: Re: [OAUTH-WG] Device profile usage
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2013 13:26:56 -0000
On behalf of what will the access token be granted - the app (e.g. Word), or the user running the app? Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) lainhart@us.ibm.com From: Vincent Tsang <vincetsang@gmail.com> To: Nat Sakimura <sakimura@gmail.com>, Cc: "oauth@ietf.org" <oauth@ietf.org> Date: 05/29/2013 12:31 AM Subject: Re: [OAUTH-WG] Device profile usage Sent by: oauth-bounces@ietf.org The client is a native windows application, for instance, a document editor like MS Word. The editor can upload copies to the cloud (e.g. Amazon S3), then record the version history and notes associated with each cloud copy to our cloud service via our cloud application API (to be secured by OAuth access tokens). I think it's similar to the case with a media player application (like VLC/Windows Media Player) that sends playlist/history info to the cloud via some cloud application API. I'm just not sure which of the 4 scenarios described in the OAuth spec could fit in here... Thanks. Vincent On Wed, May 29, 2013 at 11:38 AM, Nat Sakimura <sakimura@gmail.com> wrote: A little more application and user context would help. A use case, so to speak. Nat 2013/05/29 12:04、Vincent Tsang <vincetsang@gmail.com> のメッセージ: > Hi Hannes, > > Thanks for your reply. > Actually I am new to OAuth and am simply trying to search for the best industrial practice for granting access tokens when the client to our application API is a simple windows applications, which in most cases runs on PC's with web browser installed. > Therefore the scenario doesn't quite match what is described in the document, as the user doesn't need a separate machine to perform the verification; it's just that the client application doesn't have internet browsing capability itself (in this sense it's similar to the "device" described in this document, though not quite) and so user needs to launch a separate browser application. > I ended up on this device profile spec just because it seems to match closer to our scenario when compared to the 4 cases described in the OAuth 2 spec, but it could be the case that I didn't understand it fully. > Maybe I should rephrase my question: could someone please advice what should be the best practice for granting OAuth tokens to clients which are native windows applications? > > Thanks. > Vincent > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Hannes Tschofenig
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Nat Sakimura
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Lewis Adam-CAL022
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Vincent Tsang
- Re: [OAUTH-WG] Device profile usage Justin Richer
- Re: [OAUTH-WG] Device profile usage Todd W Lainhart
- Re: [OAUTH-WG] Device profile usage Vincent Tsang