Re: [OAUTH-WG] Use cases for Audience Restricted tokens + AS and RS "discovery"
Thomas Broyer <t.broyer@gmail.com> Fri, 18 March 2016 07:09 UTC
Return-Path: <t.broyer@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73F1312DB87 for <oauth@ietfa.amsl.com>; Fri, 18 Mar 2016 00:09:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iydL274BDKFT for <oauth@ietfa.amsl.com>; Fri, 18 Mar 2016 00:09:50 -0700 (PDT)
Received: from mail-lf0-x232.google.com (mail-lf0-x232.google.com [IPv6:2a00:1450:4010:c07::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 455E712D773 for <oauth@ietf.org>; Fri, 18 Mar 2016 00:09:50 -0700 (PDT)
Received: by mail-lf0-x232.google.com with SMTP id d82so12267866lfe.3 for <oauth@ietf.org>; Fri, 18 Mar 2016 00:09:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=BW29MbRgezE8E4D25ViWrYsYhI2H5qDzP/1n5y8xdiA=; b=KkS5yT2hclwZjBmBAOvtKaGh54Pcv1QMvtHJyomcEOYSfTjw4jOHpJhSS87mUsQfO+ oJAXOUii0UHxvpMju9gULEBU9Pjv0FRMetqhRRZjFTIFEV9mpWJTdGTAuEDWzb81qg8m Av2QxkS5C3zbj1jrOG0OfINHSfMJZLfh1QPm8GJboG7veS7+S3N/vjgP+uGHEhcKTOFx Tq64B4V9JEzWiY2Gu5GOufNXVrY4urybjEkT5wibXRgqhSPtrfUc4B9fG7B/56QtzN5m 3xw+bITIHUvWZfZIEYj1mZiYV7Ql+J/MpzCZPj4wFLhbJ1PKuk12C475Y1khEo/KzsBP 5XJg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=BW29MbRgezE8E4D25ViWrYsYhI2H5qDzP/1n5y8xdiA=; b=Zj/jzP/r1GS7xrPhnYKSMjIZNzunEWkvuFQvr58tUcO66OyCOjQnCGJiuj06xCdmcD ytGrVhtwl8C9WzNrRpqq0QglnV3lT1fqYPCdHA0AK0sCTKf4Ym0+JoWdSxUpkC1/MYlq xaoXveS/k4G0NaImYueFW+E7xI03f+4i2couWNJEtx2Bq17qHhaHxcz26bAUrI8uXCvC ClOfdzqnOp1BAWHHAlkldV/rz9zeNW5B7PEP6wJzS7s32gfmPu1p2JcdzIAk3PcL/ra0 DkWG4dbC23csjk+pWLb4MXYZlYnyNA97L7bgpqEZffwQHZk8KbBGrev9sRvxfBhMbm5i QdDg==
X-Gm-Message-State: AD7BkJL3fZsS/rzSPu7FQj99HaYXACNRSBFj5t6s8cNZC3E80k1HvrsZWhWNi4xBPxfm3kX6CMLAzB6mU+neyw==
X-Received: by 10.25.43.20 with SMTP id r20mr5233175lfr.30.1458284988336; Fri, 18 Mar 2016 00:09:48 -0700 (PDT)
MIME-Version: 1.0
References: <56EAEB54.8010208@aol.com>
In-Reply-To: <56EAEB54.8010208@aol.com>
From: Thomas Broyer <t.broyer@gmail.com>
Date: Fri, 18 Mar 2016 07:09:38 +0000
Message-ID: <CAEayHEO9b+AQ4bT0Zjy4UvqE9qv6Yv1QivjLZiWe=cuNMppGuA@mail.gmail.com>
To: George Fletcher <gffletch@aol.com>, "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="001a114116bcb61030052e4d6e92"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/xwNN15Qz8WF9D4iQ1c2Cs0sm2EA>
Subject: Re: [OAUTH-WG] Use cases for Audience Restricted tokens + AS and RS "discovery"
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Mar 2016 07:09:53 -0000
Note that goal #2 is already taken care of by introspection (endpoint varying response depending on authenticated client/RS), so maybe should be refined here. Le jeu. 17 mars 2016 18:44, George Fletcher <gffletch@aol.com> a écrit : > Goals: > > 1. Help the client not send a token to the "wrong" endpoint > a. wrong AS /token endpoint > b. evil RS endpoint(s) > 2. Allow good RS to determine if the token being validated was intended > for that RS > > Other high-level goals? > > Use cases: > > 1. RS that supports multiple AS (we've had this in production since 2011) > 2. RS rejects token not issued for use at the RS > 3. Client that dynamically supports new RS (say any client that supports > the jabber API) > 4. Client that dynamically supports new AS > > Feel free to add to the list :) > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Use cases for Audience Restricted toke… George Fletcher
- Re: [OAUTH-WG] Use cases for Audience Restricted … Thomas Broyer
- Re: [OAUTH-WG] Use cases for Audience Restricted … George Fletcher
- Re: [OAUTH-WG] Use cases for Audience Restricted … Justin Richer
- Re: [OAUTH-WG] Use cases for Audience Restricted … Thomas Broyer
- Re: [OAUTH-WG] Use cases for Audience Restricted … George Fletcher
- Re: [OAUTH-WG] Use cases for Audience Restricted … Brian Campbell
- Re: [OAUTH-WG] Use cases for Audience Restricted … Phil Hunt (IDM)
- Re: [OAUTH-WG] Use cases for Audience Restricted … Brian Campbell
- Re: [OAUTH-WG] Use cases for Audience Restricted … Phil Hunt
- Re: [OAUTH-WG] Use cases for Audience Restricted … John Bradley
- Re: [OAUTH-WG] Use cases for Audience Restricted … John Bradley
- Re: [OAUTH-WG] Use cases for Audience Restricted … Phil Hunt
- Re: [OAUTH-WG] Use cases for Audience Restricted … Phil Hunt
- Re: [OAUTH-WG] Use cases for Audience Restricted … John Bradley
- Re: [OAUTH-WG] Use cases for Audience Restricted … John Bradley