Re: [OAUTH-WG] Call for adoption: OAuth 2.0 for Native Apps

Nat Sakimura <sakimura@gmail.com> Wed, 20 January 2016 20:08 UTC

Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3E3D1A87AB for <oauth@ietfa.amsl.com>; Wed, 20 Jan 2016 12:08:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QmOpRDVFGNqy for <oauth@ietfa.amsl.com>; Wed, 20 Jan 2016 12:08:55 -0800 (PST)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11FE11A87A1 for <oauth@ietf.org>; Wed, 20 Jan 2016 12:08:55 -0800 (PST)
Received: by mail-qk0-x229.google.com with SMTP id s68so7689640qkh.3 for <oauth@ietf.org>; Wed, 20 Jan 2016 12:08:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=TqtDQ+t3XH6fPOuKTK4DtUS7X9KHBtgdhr2VB+I08aM=; b=CdhRhu/0uu9oeog2TAMuAU5ZjtuHnoK4qJ791uIHwPylRRO/G2nJq3+OeAkD+BfP5t NykC6HF2+bK7hKUYZCCcPHwkyMl3h1s0yv34bxC1qHCTPOhkcXygtjo/dCe455xx0/qh 2lDT3kVeDFIXguZZYkva8d74eeKLHjwFvhFDJ65EubbyANPPKS4aziKnRmjFeFz37eDJ eKTpj0+7fqcUZapvHgs0AjIvdpqT4B/TPO/u1o5vaLnURpmDKrAtlnxIpAx9ubdmv4Tq B/BMyQ4+VmrHVufmCi//Feh0Hv258e0l/VLAZ/9SbCksao7sx/v3GObKOaxuUI8ZxgFt UaWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=TqtDQ+t3XH6fPOuKTK4DtUS7X9KHBtgdhr2VB+I08aM=; b=SDXrAUxFETabh5g02DLgko0hfQteWxIyvzFhh0xtOqr5nkJM/YOIIkzeneeja3Mh72 UdJswOYShYzbDlQVM7ESmyRCZVQwY6RN7f3abIZrpXpTdn/wj+cywfoKO0bvcXck7EN6 s4HlKLBPqKp3HVAm8OseNZUHhZj0gXjF1H5fgPaFs6b4JnkQHpeszdMFY6YQntalbH2e xkIwZyHnzG5RDQSoUmQzmYzpJRdd65O8x+pQ9WPu2qKx0Z6Nln3fykr8yYiYE3K5ob8o aQSwT5TvvI/KhNTUEhixSQblWhreKAbFs7R12s21x9S0FcKXOReRVUh/90U8kr3lKPUu LuPQ==
X-Gm-Message-State: ALoCoQk1UFnRlpakK/xQpnYqq0QDlGfTTHVNSbON5FarkBzW8XmxwcM63jHx7EM4/tbN5qNFFth9g8TE5amAu2UQ8fFmGuHrZQ==
MIME-Version: 1.0
X-Received: by 10.55.15.139 with SMTP id 11mr47157664qkp.50.1453320534214; Wed, 20 Jan 2016 12:08:54 -0800 (PST)
Received: by 10.55.197.80 with HTTP; Wed, 20 Jan 2016 12:08:54 -0800 (PST)
In-Reply-To: <E0918F9D-CA19-47F7-9A87-EBBA55A0B481@ve7jtb.com>
References: <569E2231.1010107@gmx.net> <CAGBSGjpwZ929ZZHYiNpvqLvMDBrVFWaffZLQPwZn_xj7phsrpw@mail.gmail.com> <6ADAA1B5-7EF9-49EA-A3D9-6EFC57275EB9@ve7jtb.com> <CA+k3eCS1ifU+QJyFtA=gOjSneg3Vh=3bf0CjnEijKTy=-9_xsw@mail.gmail.com> <E0918F9D-CA19-47F7-9A87-EBBA55A0B481@ve7jtb.com>
Date: Thu, 21 Jan 2016 05:08:54 +0900
Message-ID: <CABzCy2BKZ-2GXrgD7FuvTSQ9DB2xYU1URDMBTpmhdG-NwMDc7A@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Content-Type: multipart/alternative; boundary=001a1147446e2fcfdf0529c98ea0
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/z8O_UtRVHxtJLE1v850N4c5HZ9g>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for adoption: OAuth 2.0 for Native Apps
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2016 20:08:58 -0000

+1 for moving this forward.

2016年1月21日木曜日、John Bradley<ve7jtb@ve7jtb.com>さんは書きましたは書きました:

> Yes more is needed.   It was theoretical at that point.  Now we have
> implementation experience.
>
> On Jan 20, 2016, at 3:38 PM, Brian Campbell <bcampbell@pingidentity.com
> <javascript:_e(%7B%7D,'cvml','bcampbell@pingidentity.com');>> wrote:
>
> There is
> https://tools.ietf.org/html/draft-wdenniss-oauth-native-apps-00#appendix-A
> which has some mention of SFSafariViewController and Chrome Custom Tabs.
>
> Maybe more is needed?
>
> On Wed, Jan 20, 2016 at 10:45 AM, John Bradley <ve7jtb@ve7jtb.com
> <javascript:_e(%7B%7D,'cvml','ve7jtb@ve7jtb.com');>> wrote:
>
>> Yes, in July we recommended using the system browser rather than
>> WebViews.
>>
>> About that time Apple announced Safari view controller and Google Chrome
>> custom tabs.   The code in the OS is now stable and we have done a fair
>> amount of testing.
>>
>> The OIDF will shortly be publishing reference libraries for iOS and
>> Android to how how to best use View Controllers, and PKCE in native apps on
>> those platforms.
>>
>> We do need to update this doc to reflect what we have learned in the last
>> 6 months.
>>
>> One problem we do still have is not having someone with Win 10 mobile
>> experience to help document the best practices for that platform.
>> I don’t understand that platform well enough yet to include anything.
>>
>> John B.
>>
>> On Jan 20, 2016, at 12:40 PM, Aaron Parecki <aaron@parecki.com
>> <javascript:_e(%7B%7D,'cvml','aaron@parecki.com');>> wrote:
>>
>> The section on embedded web views doesn't mention the new iOS 9
>> SFSafariViewController which allows apps to display a system browser within
>> the application. The new API doesn't give the calling application access to
>> anything inside the browser, so it is acceptable for using with OAuth
>> flows. I think it's important to mention this new capability for apps to
>> leverage since it leads to a better user experience.
>>
>> I'm sure that can be addressed in the coming months if this document is
>> just the starting point.
>>
>> I definitely agree that a document about native apps is necessary since
>> the core leaves a lot of guessing room for an implementation.
>>
>> For reference,
>> https://developer.apple.com/library/prerelease/ios/releasenotes/General/WhatsNewIniOS/Articles/iOS9.html#//apple_ref/doc/uid/TP40016198-DontLinkElementID_26
>>
>> And see the attached screenshot for an example of what it looks like.
>>
>> <embedded-oauth-view.png>
>>
>> ----
>> Aaron Parecki
>> aaronparecki.com
>> @aaronpk <http://twitter.com/aaronpk>
>>
>>
>> On Tue, Jan 19, 2016 at 3:46 AM, Hannes Tschofenig <
>> hannes.tschofenig@gmx.net
>> <javascript:_e(%7B%7D,'cvml','hannes.tschofenig@gmx.net');>> wrote:
>>
>>> Hi all,
>>>
>>> this is the call for adoption of OAuth 2.0 for Native Apps, see
>>> http://datatracker.ietf.org/doc/draft-wdenniss-oauth-native-apps/
>>>
>>> Please let us know by Feb 2nd whether you accept / object to the
>>> adoption of this document as a starting point for work in the OAuth
>>> working group.
>>>
>>> Note: If you already stated your opinion at the IETF meeting in Yokohama
>>> then you don't need to re-state your opinion, if you want.
>>>
>>> The feedback at the Yokohama IETF meeting was the following: 16 persons
>>> for doing the work / 0 persons against / 2 persons need more info
>>>
>>> Ciao
>>> Hannes & Derek
>>>
>>>
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org <javascript:_e(%7B%7D,'cvml','OAuth@ietf.org');>
>>> https://www.ietf.org/mailman/listinfo/oauth
>>>
>>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <javascript:_e(%7B%7D,'cvml','OAuth@ietf.org');>
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <javascript:_e(%7B%7D,'cvml','OAuth@ietf.org');>
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>
>

-- 
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en