Re: [OAUTH-WG] Flowchart for legs of OAuth
Eran Hammer-Lahav <eran@hueniverse.com> Sat, 19 March 2011 00:19 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 215883A6A8C for <oauth@core3.amsl.com>; Fri, 18 Mar 2011 17:19:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.564
X-Spam-Level:
X-Spam-Status: No, score=-2.564 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w+ck6fp3qJyZ for <oauth@core3.amsl.com>; Fri, 18 Mar 2011 17:19:10 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id E711A3A6A84 for <oauth@ietf.org>; Fri, 18 Mar 2011 17:19:09 -0700 (PDT)
Received: (qmail 31817 invoked from network); 19 Mar 2011 00:20:39 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 19 Mar 2011 00:20:39 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Fri, 18 Mar 2011 17:20:39 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Phillip Hunt <phil.hunt@oracle.com>, David Primmer <primmer@google.com>
Date: Fri, 18 Mar 2011 17:20:27 -0700
Thread-Topic: [OAUTH-WG] Flowchart for legs of OAuth
Thread-Index: AcvlyZnScTrlrtP/QaWBeF3mvw72wgAAcP4w
Message-ID: <90C41DD21FB7C64BB94121FBBC2E7234464F432BB0@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <22FB565B-A701-4502-818F-15164D9E201A@oracle.com> <AANLkTimGjiCGk5dpA=YVzq5vDkLR2+caSz=pZ5WiZO9H@mail.gmail.com> <3C84AD7A-F00F-43EC-AAD3-AD2DCFB46B0E@oracle.com>
In-Reply-To: <3C84AD7A-F00F-43EC-AAD3-AD2DCFB46B0E@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Flowchart for legs of OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Mar 2011 00:19:11 -0000
The legs terminology is just plain awful. I prefer parties, roles, anything else. EHL > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Phillip Hunt > Sent: Friday, March 18, 2011 5:07 PM > To: David Primmer > Cc: OAuth WG > Subject: Re: [OAUTH-WG] Flowchart for legs of OAuth > > I agree with what you are saying. We were having trouble understanding legs > too, so I came up with the diagram. The diagram does show the parties > aspect. But I remain uncomfortable about the terminology. > > Phil > > Sent from my phone. > > On 2011-03-18, at 15:55, David Primmer <primmer@google.com> wrote: > > > Hi Phil, > > > > I actually think this rephrasing of the rule of thumb is not really > > helpful based on how the word "legs" has been used in my experience of > > discussing and teaching OAuth. I actually tried to be pretty explicit > > about this topic in a talk I did at Google I/O last year because we > > have lots of questions about 2 versus 3 legged OAuth since the launch > > of the Google Apps Marketplace. > > http://www.youtube.com/watch?v=0L_dEOjhADQ. I speak about 17mins > in. > > > > We have traditionally used the terms two legged OAuth and three legged > > OAuth to describe the trust relationships involved in the grant. I > > think your interpretation is very different and not a common way to > > use the terms 'legs' in relation to OAuth and will simply confuse > > people. 2LO involves a client authenticating itself to a server. 3LO > > involves those two previous actors, plus a user/resource owner who > > delegates permissions to the client. In everyday use, 2LO is 'server > > to server' auth with out of band permissions and user identity and 3LO > > involves an individual grant where the user's grant is identified by a > > token given to the client and passed to the server on access. Another > > way to look at it is 2LO is just HTTP request signing. > > > > davep > > > > On Mon, Feb 21, 2011 at 4:45 PM, Phil Hunt <phil.hunt@oracle.com> wrote: > >> FYI. I published a blog post with a flow-chart explaining the legs of OAuth. > >> http://independentidentity.blogspot.com/2011/02/does-oauth-have- > legs. > >> html > >> > >> Please let me know if any corrections should be made, or for that matter, > any improvements! > >> > >> Phil > >> phil.hunt@oracle.com > >> > >> > >> > >> > >> _______________________________________________ > >> OAuth mailing list > >> OAuth@ietf.org > >> https://www.ietf.org/mailman/listinfo/oauth > >> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Anthony Nadalin
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth David Primmer
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phillip Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Eran Hammer-Lahav
- Re: [OAUTH-WG] Flowchart for legs of OAuth Anil Saldhana
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Kris Selden
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Kris Selden
- Re: [OAUTH-WG] Flowchart for legs of OAuth Anthony Nadalin
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] Flowchart for legs of OAuth Justin Richer
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Marius Scurtescu
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth torsten
- Re: [OAUTH-WG] Flowchart for legs of OAuth Justin Richer
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phillip Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Chuck Mortimore
- Re: [OAUTH-WG] Flowchart for legs of OAuth Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Torsten Lodderstedt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth torsten
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Skylar Woodward
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phil Hunt
- Re: [OAUTH-WG] Flowchart for legs of OAuth Justin Richer
- Re: [OAUTH-WG] Flowchart for legs of OAuth Phillip Hunt