[OAUTH-WG] Chain Grant Type for OAuth 2 spec
David Robinson <drobin1437@gmail.com> Mon, 04 April 2011 20:56 UTC
Return-Path: <drobin1437@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A1BC33A67EE for <oauth@core3.amsl.com>; Mon, 4 Apr 2011 13:56:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qZMTdJK16dhW for <oauth@core3.amsl.com>; Mon, 4 Apr 2011 13:56:40 -0700 (PDT)
Received: from mail-gw0-f44.google.com (mail-gw0-f44.google.com [74.125.83.44]) by core3.amsl.com (Postfix) with ESMTP id DADBA3A67B7 for <oauth@ietf.org>; Mon, 4 Apr 2011 13:56:39 -0700 (PDT)
Received: by gwb20 with SMTP id 20so2734533gwb.31 for <oauth@ietf.org>; Mon, 04 Apr 2011 13:58:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=1Ra5eRLmRJCmO/skpde0I+TnV3cKsRLXAy5VBLNRT+8=; b=A9+aJMex65K2N7mR9yVGK0+6zG9aRsplg0TuNNB2CJ5i2xSuS9aYWyoUTrBTCHzH6e uGUbQxlneYfweR7paJpXykIr1D/AXrFFW01GtsXxFQ2/CPLyKiKcU9XZ/wf+q3GzV3Dj o6U8Q6pxquIe8S5ClfCHLzVQOWIOm86qjuhLc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=grcJEWTbG+styEGIMuekI1Abd1jVKeN1m0dPWyYrGQIenCbd/FPEcoDsI0fAvHdwfu kohHFHEvbgnaDw8WoPYDXK9EYpUdvEpcTBR72Yx3YtAmbw5xJFtONDmfxmo3d7389TFN HVNa7kFQc7rhqr36H38L8UDuwd9VCGMfCj8Ok=
MIME-Version: 1.0
Received: by 10.150.114.3 with SMTP id m3mr3317321ybc.416.1301950702280; Mon, 04 Apr 2011 13:58:22 -0700 (PDT)
Received: by 10.151.79.1 with HTTP; Mon, 4 Apr 2011 13:58:22 -0700 (PDT)
Date: Mon, 04 Apr 2011 16:58:22 -0400
Message-ID: <BANLkTikU+9MtmXz0n9PcEqM0Nqd=VuKYRw@mail.gmail.com>
From: David Robinson <drobin1437@gmail.com>
To: oauth@ietf.org
Content-Type: multipart/alternative; boundary="00151748e8c01fe1f004a01e0504"
Subject: [OAUTH-WG] Chain Grant Type for OAuth 2 spec
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2011 20:56:40 -0000
Phil, I read through the Chain Grant Type for OAuth 2 draft and appreciate the problem you are addressing. We encountered the same issue when using open social gadgets with OAuth when data needs to come from more than one server. It is not user friendly to prompt an end user to log into multiple servers and a robust chaining model can help. You indicate a domain is all resource servers that share a common OAuth token service (Section 2). Is a token service actually an "authorization server" per v13 of the base OAuth 2 spec or are you referring to something else ? In Section 2.2, first two bullets, is the implication that "OAuth token services" are performing identity federation ? The spec states the method used to do this is in companion OAuth token specifications, but it isn't clear to me which token specification addresses identity federation. Which token specs/sections are you referring to as an example ?
- [OAUTH-WG] Chain Grant Type for OAuth 2 spec David Robinson
- Re: [OAUTH-WG] Chain Grant Type for OAuth 2 spec Phil Hunt