[OAUTH-WG] Device Profile
Aiden Bell <aiden449@gmail.com> Tue, 02 August 2011 22:19 UTC
Return-Path: <aiden449@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B18E11E80A1 for <oauth@ietfa.amsl.com>; Tue, 2 Aug 2011 15:19:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.164
X-Spam-Level:
X-Spam-Status: No, score=-3.164 tagged_above=-999 required=5 tests=[AWL=0.434, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BZOmXg3i2PSp for <oauth@ietfa.amsl.com>; Tue, 2 Aug 2011 15:19:06 -0700 (PDT)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 08DB811E80CD for <oauth@ietf.org>; Tue, 2 Aug 2011 15:19:05 -0700 (PDT)
Received: by qwc23 with SMTP id 23so210572qwc.31 for <oauth@ietf.org>; Tue, 02 Aug 2011 15:19:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=iQdWzcLiP+PaQSmo8i4xb2wqszIFbh463p31YUGs0Z0=; b=VhwpRCUjtXR5x2SY8kiZNAy0+j1f2J48WCK6JErNxoieSnTJlSZHBk1CqN60y5QC64 IuU2D73ji8qHFikIRqx2oCALdmzxBwBn4zC3/qhJTA1Sc0YIRrD6aPaoegGl9fIXPZWm 4i1SBO7MoeSzI5S1UTBlJ4oZ0KqT+B1oWbiss=
MIME-Version: 1.0
Received: by 10.229.131.159 with SMTP id x31mr4596591qcs.193.1312323550216; Tue, 02 Aug 2011 15:19:10 -0700 (PDT)
Received: by 10.229.187.66 with HTTP; Tue, 2 Aug 2011 15:19:10 -0700 (PDT)
Date: Tue, 02 Aug 2011 23:19:10 +0100
Message-ID: <CA+5SmTVQ2M=U8DVKyfEes1JVkmhxwtdCL6=wY6JC7pxSBd6R3g@mail.gmail.com>
From: Aiden Bell <aiden449@gmail.com>
To: dr@fb.com, OAuth WG <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0015175741140a837b04a98d23e6"
Subject: [OAUTH-WG] Device Profile
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Aug 2011 22:19:07 -0000
Hi, I am currently implementing the device profile described at http://tools.ietf.org/html/draft-recordon-oauth-v2-device-00 Wanted to check this hadn't been superseded by any other document or protocol though I did notice the Google implementation is in-line with this document. Even though the summary states this is intended for limited input devices in combination with a full user agent (PC browser, smartphone browser), We are finding this extension useful for app authentication when the API serving the app is "open". This means that many developers can create mobile apps for one API, in conjunction with single users. For example, many apps may exist for the same API, and a single user may use many apps. As a result, we want to remove the requirement for ever entering use account-specific data (passwords etc) into apps, and allow a user to revoke app/device access on a per-instance basis. The end-user concerns of password security are lessened here. With OpenID or WebID in the mix, this further enhances the app/device authentication process as in an OpenID/WebID or similar setting, we can't always do resource owner password credentals (as in 1.4.3 of OAuth 2.0 http://tools.ietf.org/html/draft-ietf-oauth-v2-20 ) Unless I am missing another document or flow that provides the above better, (most likely I am) perhaps it is worth extending the scope/summary of device-00? Also, typo in the JSON HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store { "device_code":"74tq5miHKB", "user_code":"94248", "verification_uri":"http://www.example.com/device", "interval"=5 } I think should be: HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store { "device_code":"74tq5miHKB", "user_code":"94248", "verification_uri":"http://www.example.com/device", "interval":5 } Thanks, Aiden -- ------------------------------------------------------------------ Never send sensitive or private information via email unless it is encrypted. http://www.gnupg.org
- [OAUTH-WG] Device Profile Brent Goldman
- Re: [OAUTH-WG] Device Profile Shafi, Saleem
- Re: [OAUTH-WG] Device Profile Brent Goldman
- Re: [OAUTH-WG] Device Profile Shafi, Saleem
- Re: [OAUTH-WG] Device Profile Brent Goldman
- Re: [OAUTH-WG] Device Profile Eric Sachs
- [OAUTH-WG] Device Profile Aiden Bell
- Re: [OAUTH-WG] Device Profile Marius Scurtescu