Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI
Kevin Smith <mrkrcsmith@googlemail.com> Mon, 14 June 2010 11:54 UTC
Return-Path: <mrkrcsmith@googlemail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BC8B53A68A9 for <oauth@core3.amsl.com>; Mon, 14 Jun 2010 04:54:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.924
X-Spam-Level:
X-Spam-Status: No, score=0.924 tagged_above=-999 required=5 tests=[AWL=-0.800, BAYES_50=0.001, FM_FORGED_GMAIL=0.622, FROM_LOCAL_NOVOWEL=0.5, HTML_MESSAGE=0.001, J_CHICKENPOX_23=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4VMzJBQB-7Gi for <oauth@core3.amsl.com>; Mon, 14 Jun 2010 04:54:06 -0700 (PDT)
Received: from mail-fx0-f66.google.com (mail-fx0-f66.google.com [209.85.161.66]) by core3.amsl.com (Postfix) with ESMTP id B4E2E3A67A7 for <oauth@ietf.org>; Mon, 14 Jun 2010 04:54:05 -0700 (PDT)
Received: by fxm7 with SMTP id 7so1007852fxm.1 for <oauth@ietf.org>; Mon, 14 Jun 2010 04:54:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=uTBdQh4IzrD4LthSz4GBJPoFWO97y68UCC1y0T/RaxQ=; b=WVNAuKJNTqhHF0Pg71G6ToZnLXasYtPJ1SovY4XDWAEX2MSYg+aZfsWmfkczkSZZVG fMNIha/XfOXIAq9S3nSCsLcfYLW21nbqkJ615iEsbLFBv+GqsvuC+xKRInIbe2OiF8WG gVSdZH5HnZwY1KqUFpWCQ9M0fypoGInS+8okM=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=yAwcMjqkv/1ErYXqesTf0fpBILMpTqdHgW0QDUm4SOZ/gZatUGjz5H2J4SUycI3PYB KZX9QjgEp+qPchMpjSb6jDxSYTdllEl8TDLUtGc1qgjjAAM9wPXXTnUnw9rOZ9wsqYdC 7duLgbRMjMmR2t58UA4ljOwlylRxJDlIwJtHI=
MIME-Version: 1.0
Received: by 10.239.188.202 with SMTP id q10mr363338hbh.126.1276516445345; Mon, 14 Jun 2010 04:54:05 -0700 (PDT)
Received: by 10.239.175.145 with HTTP; Mon, 14 Jun 2010 04:54:05 -0700 (PDT)
In-Reply-To: <4C1298B4.7010304@alcatel-lucent.com>
References: <042e8761-8bb6-44b5-8b6f-5507bf254abf@e35g2000yqm.googlegroups.com> <k2ifd6741651005052213ye98c90f3wde4afededb8542a8@mail.gmail.com> <AANLkTimD4N9zG4xZGMq_SETXOI5rd2XFZhJc_KAaQPfa@mail.gmail.com> <4C12918E.3000503@lodderstedt.net> <4C1298B4.7010304@alcatel-lucent.com>
Date: Mon, 14 Jun 2010 12:54:05 +0100
Message-ID: <AANLkTilk9pZLf0ko1fZPp8bqEFCdlAJyHqEZtQu87nFV@mail.gmail.com>
From: Kevin Smith <mrkrcsmith@googlemail.com>
To: igor.faynberg@alcatel-lucent.com
Content-Type: multipart/alternative; boundary="001485f7cb50465a6b0488fc2516"
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Jun 2010 11:54:08 -0000
Thanks for the good question Torsten - and thanks to Igor for answering it better than I could :) . We are looking at GBA within the OneAPI group but as you say the low deployment base may be a problem. Best, Kevin On Fri, Jun 11, 2010 at 9:12 PM, Igor Faynberg < igor.faynberg@alcatel-lucent.com> wrote: > A good question! > > I suspect I know the problem here. > > In mobile networks users are authenticated separately and for separate > purposes. So, one gets authenticated via MSISDN for the link layer > connection, with IMSI--for UMTS, with IMPI--for IMS. (All of these are > achieved by using the AKA protocol.) > > There is a Generic 3GPP Bootstrapping Architecture standard, which > specifies the method for application authentication, but it has not been > widely deployed, and--to the best of my knowledge--it is not supported by > browsers. > > I do think that AKA can be used directly, with the IETF version of AKA > digest, and we have in fact researched and found the solution for OpenID ( > http://www3.interscience.wiley.com/journal/123441615/abstract), which can > be extended to geolocation. This would indeed allow to authenticate on IMSI > or MSISDN. > > Igor > > Torsten Lodderstedt wrote: > >> Hi Kevin, >> >> what problems do you have with pre-paid users? Is your network unable to >> authenticate them (by IMSI or MSISDN)? >> >> regards, >> Torsten. >> >> Am 08.06.2010 18:31, schrieb Kevin Smith: >> >>> Hi David, Blaine, >>> >>> We (the OneAPI group) have been looking further into OAUTH 2.0 and would >>> like to see how it can work in a mobile network scenario: for example, a >>> desktop Web application wants to locate a mobile user to plot their location >>> on a map. So the client is the Web application and the server is an HTTP >>> platform sitting on top of the mobile core network. >>> >>> It seems that the Web application could register a client ID and client >>> secret with the OneAPI-implementing server. When location is requested by >>> this client, the server would prompt the user, and if permission were >>> received, would enable the client to access the location via an access >>> token/secret. >>> >>> One difference to the regular OAUTH flow is that 'post-pay' contract >>> network subscribers would not have to enter a username/password to identify >>> themselves since they would be implicitly identified on the network anyway; >>> they would just need to confirm authorisation ('Allow/Block'). We are not >>> sure how to handle pre-pay users that buy phone credits in advance. >>> >>> In case either of you (or any other OAUTH expert) would be available to >>> lead a discussion on the technology, and to answer questions from mobile >>> operators and platform vendors, we are having a meeting next Tuesday in >>> London. The meeting is also accessible over Webex. Please let me know if you >>> would be willing to do so, as I'm sure it will help kick-start our >>> implementation work. >>> >>> Cheers! >>> Kevin >>> >>> On Thu, May 6, 2010 at 6:13 AM, David Recordon <recordond@gmail.com<mailto: >>> recordond@gmail.com>> wrote: >>> >>> +OAuth IETF list >>> -WRAP list to BCC >>> >>> Hi Kevin, >>> OAuth 2.0 should be pretty simple for you to implement and any >>> feedback your team has would be really appreciated! There are >>> already implementations in Cocoa, Python, and Ruby list on the >>> wiki at http://wiki.oauth.net/OAuth-2.0 and you find find the >>> spec at http://tools.ietf.org/html/draft-hammer-oauth2-00. >>> >>> You may also be interested in the mobile web implementation we've >>> built at Facebook. http://developers.facebook.com/docs/guides/mobile/ >>> >>> I'm also cc'ing Blaine Cook who lives in Ireland and might be >>> able to present. >>> >>> Cheers, >>> --David >>> >>> >>> On Tue, May 4, 2010 at 4:20 AM, Kevin Smith, Vodafone >>> <mrkrcsmith@googlemail.com <mailto:mrkrcsmith@googlemail.com>> wrote: >>> >>> Dear OAUTH WRAP group, >>> >>> My name is Kevin Smith of Vodafone R&D, and I lead a cross-mobile >>> operator project called OneAPI ('Open Network Enablers') [1]. >>> The aim >>> is to provide a RESTful API to expose network functions such as >>> location, messaging, payments and more to developers; with the >>> reckoning that this will make it far easier to mash-up Web >>> applications with network capabilities and reduce the time to >>> reach >>> all mobile subscribers in a territory. Thus far we have a >>> live pilot >>> implementation across the 3 major Canadian operators [2] and >>> a non- >>> commercial test site connected to >>> 12 European operators [3], and will be releasing v1.0 >>> specifications >>> backed by the OMA this month. >>> >>> For the first release we did not attempt to prescribe an AAA >>> model to >>> operators, instead leaving them to reuse their own SDP AAA >>> implementation for OneAPI. For our second phase now underway >>> we would >>> like to provide a recommended reference implementation AAA >>> model for >>> operators who are unsure how to allow secure API access whilst >>> allowing user consent and privacy to be respected. Therefore >>> we have >>> discussed OAUTH as an ideal candidate that will be well-known >>> to Web >>> developers. >>> >>> My question regards the suitability of WRAP for such a reference >>> implementation: the decoupling of authentication is good >>> sense and >>> would be welcome by operators, however it appears that WRAP is >>> deprecated and is intended to be replaced by OAUTH 2.0 - is that >>> right? Please could you provide any details on the plans for >>> if/how >>> the two will interoperate? If it's at all possible, we would >>> very much >>> welcome a member of the group to present on WRAP at one of >>> our face-to- >>> face meetings in London - if that is of interest please let >>> me know >>> and I can make arrangements. >>> >>> Thanks for your time and look forward to your advice. >>> >>> Kind regards, >>> Kevin >>> >>> [1] http://www.gsmworld.com/oneapi >>> [2] http://canada.oneapi.gsmworld.com/ >>> [3] http://oneapi.aepona.com/ >>> >>> Kevin Smith >>> Senior Technology Strategist, R&D >>> Vodafone Technology >>> >>> E-mail: kevin.smith@vodafone.com >>> <mailto:kevin.smith@vodafone.com> >>> >>> >>> -- >>> You received this message because you are subscribed to the >>> Google Groups "OAuth WRAP WG" group. >>> To post to this group, send email to >>> oauth-wrap-wg@googlegroups.com >>> <mailto:oauth-wrap-wg@googlegroups.com>. >>> >>> To unsubscribe from this group, send email to >>> oauth-wrap-wg+unsubscribe@googlegroups.com<oauth-wrap-wg%2Bunsubscribe@googlegroups.com> >>> <mailto:oauth-wrap-wg%2Bunsubscribe@googlegroups.com<oauth-wrap-wg%252Bunsubscribe@googlegroups.com> >>> >. >>> >>> For more options, visit this group at >>> http://groups.google.com/group/oauth-wrap-wg?hl=en. >>> >>> >>> -- You received this message because you are subscribed to the >>> Google Groups "OAuth WRAP WG" group. >>> To post to this group, send email to >>> oauth-wrap-wg@googlegroups.com >>> <mailto:oauth-wrap-wg@googlegroups.com>. >>> >>> To unsubscribe from this group, send email to >>> oauth-wrap-wg+unsubscribe@googlegroups.com<oauth-wrap-wg%2Bunsubscribe@googlegroups.com> >>> <mailto:oauth-wrap-wg%2Bunsubscribe@googlegroups.com<oauth-wrap-wg%252Bunsubscribe@googlegroups.com> >>> >. >>> >>> For more options, visit this group at >>> http://groups.google.com/group/oauth-wrap-wg?hl=en. >>> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >>> >> ------------------------------------------------------------------------ >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> >> >
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI David Recordon
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Manger, James H
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI David Recordon
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Kevin Smith
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Torsten Lodderstedt
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Igor Faynberg
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Kevin Smith
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Torsten Lodderstedt