Re: [OAUTH-WG] Initial OAuth working group Device Flow specification

William Denniss <wdenniss@google.com> Thu, 18 February 2016 17:29 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F376A1B3082 for <oauth@ietfa.amsl.com>; Thu, 18 Feb 2016 09:29:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.384
X-Spam-Level:
X-Spam-Status: No, score=-1.384 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.006, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J06GSZ3SE1i9 for <oauth@ietfa.amsl.com>; Thu, 18 Feb 2016 09:29:13 -0800 (PST)
Received: from mail-ob0-x229.google.com (mail-ob0-x229.google.com [IPv6:2607:f8b0:4003:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21E481B3074 for <oauth@ietf.org>; Thu, 18 Feb 2016 09:29:13 -0800 (PST)
Received: by mail-ob0-x229.google.com with SMTP id xk3so78172776obc.2 for <oauth@ietf.org>; Thu, 18 Feb 2016 09:29:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=krV1WC2lhwBXoatRuMn34sVUUTCvmw/odvSoz3dz/Wg=; b=VQcO49UnjQ8GtMW0F3Ke5AF1LScgUgEB4TNiBN2RDBT3Yxlk8U9ePJcVtMVyu6XQRq IT7WI6l1kT9z4nEeOkJpuooP9wVPXDWRlCSZaLrgAbhq8M2HYG9btw5XbQRW91sW2HIE 2XdV0e6RWk0diyX/l89hq0eKuhu0elL+UelZGEyYpSGJyoXKrOy7TRofKMFaJ53b9jYf puQ/v4X8BMbKOQLL6BLHGjvzxAAgVcIHW/S0wbeI9wD5VcIqlPIl34HBCc0gnX023/xd zDVOAOUwmTz0xzItc/brTX/Ld1XR8mlOUcdyPY480SLcV2cz4UxRo1++RFiripoZCfoW DZtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=krV1WC2lhwBXoatRuMn34sVUUTCvmw/odvSoz3dz/Wg=; b=S1EkllR5Kf43wzO/nLY3+9m73YLSByQcFGBQxao17bmtGw280kbJIhrL+/SGHfJ+Qx w9Zdrw0fsz2LqMpRJRvKZrySgOkW1UPYW8DUJQpp30+4GR/rzup/kXP6aPJhCwtOpVtD p1eSG5erKMk8CQBpIHgcvLlAIwnpRJmHYLnIrb+SVKT2NX9W/CNdc6kBG6yHe6OG320t M902IOAmj7023nQm3G3x5vWtLFf+IpnYid5hhwDZj7SvbY2/5yY3LQa8Rnl5/xX8MHXu rKSXoNDcn/7iUhYvcoZRH6xsHMMHAN0/tUSM7Wm1HnVxNOSXLWrvEpj5t3UvgwtK9OPJ QqdA==
X-Gm-Message-State: AG10YOQs1Dop9HU3cKPhHcnWVija2rSY9hutoqDV65azIZt3xZUJEIF3rUJrb1Wn3w4O2k4xyYo7Ey51tkSDUzES
X-Received: by 10.182.97.2 with SMTP id dw2mr407765obb.20.1455816552122; Thu, 18 Feb 2016 09:29:12 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.227.39 with HTTP; Thu, 18 Feb 2016 09:28:52 -0800 (PST)
In-Reply-To: <CAGBSGjoaDHvDhqPw4781mk6Z+1P=4wHghTg7CdwV1CXovVXZgQ@mail.gmail.com>
References: <BY2PR03MB442A0B5B7BDCE7100215714F5AF0@BY2PR03MB442.namprd03.prod.outlook.com> <CAGBSGjoaDHvDhqPw4781mk6Z+1P=4wHghTg7CdwV1CXovVXZgQ@mail.gmail.com>
From: William Denniss <wdenniss@google.com>
Date: Thu, 18 Feb 2016 09:28:52 -0800
Message-ID: <CAAP42hAvrq-7Z03kZycCtyyJtnam=s64vUJZerD-ronwdAfMkA@mail.gmail.com>
To: Aaron Parecki <aaron@parecki.com>
Content-Type: multipart/alternative; boundary=047d7b2e501a72ed36052c0eb43b
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/yzT3OpvjEQ4osNOux61gSn59fSM>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Initial OAuth working group Device Flow specification
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2016 17:29:15 -0000

Thanks for your feedback, you make some very good points.

Currently this draft was just resurrecting the previous draft and we've yet
to do a pass on it yet based on our actual implementation experience.  I'll
make sure to address your points when we do.

I agree that entering the code is NOT equivalent to granting authorization!
That's not how we implemented it.

On Thu, Feb 18, 2016 at 8:51 AM, Aaron Parecki <aaron@parecki.com> wrote:

> I had previously made some comments on this back in November, but never
> heard any response. These were things I ran into while implementing the
> device flow on one of my servers.
>
> https://mailarchive.ietf.org/arch/msg/oauth/JzH-isRij9kCpbEJpXVqwZ6XjjU
>
> https://mailarchive.ietf.org/arch/msg/oauth/XQJ4e_kgBOfn3tkTBXf6bYVNGJE
>
> ----
> Aaron Parecki
> aaronparecki.com
> @aaronpk <http://twitter.com/aaronpk>
>
>
> On Thu, Feb 18, 2016 at 12:34 AM, Mike Jones <Michael.Jones@microsoft.com>
> wrote:
>
>> Thanks to William Denniss for creating the initial working group version
>> of the OAuth 2.0 Device Flow specification.  The abstract of the
>> specification is:
>>
>>
>>
>> The device flow is suitable for OAuth 2.0 clients executing on devices
>> which do not have an easy data-entry method (e.g., game consoles, TVs,
>> picture frames, and media hubs), but where the end-user has separate access
>> to a user-agent on another computer or device (e.g., desktop computer, a
>> laptop, a smart phone, or a tablet).
>>
>>
>>
>> Note: This version of the document is a continuation of an earlier, long
>> expired draft.  The content of the expired draft has been copied almost
>> unmodified.  The goal of the work on this document is to capture deployment
>> experience.
>>
>>
>>
>> If you’re using an OAuth device flow, please let us know whether this
>> specification matches your usage, and if not, how yours differs.
>>
>>
>>
>> The specification is available at:
>>
>> ·       http://tools.ietf.org/html/draft-ietf-oauth-device-flow-00
>>
>>
>>
>> An HTML-formatted version is also available at:
>>
>> ·       http://self-issued.info/docs/draft-ietf-oauth-device-flow-00.html
>>
>>
>>
>>                                                           -- Mike
>>
>>
>>
>> P.S.  This notice was also posted at http://self-issued.info/?p=1546 and
>> as @selfissued <https://twitter.com/selfissued>.
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>