[OAUTH-WG] Token Transfer Protocol
Niklas Neumann <niklas.neumann@cs.uni-goettingen.de> Mon, 18 October 2010 16:01 UTC
Return-Path: <niklas.neumann@cs.uni-goettingen.de>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 33EE73A6DE3 for <oauth@core3.amsl.com>; Mon, 18 Oct 2010 09:01:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Level:
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yeb9+ylO6TWo for <oauth@core3.amsl.com>; Mon, 18 Oct 2010 09:01:46 -0700 (PDT)
Received: from mailer.gwdg.de (mailer.gwdg.de [134.76.10.26]) by core3.amsl.com (Postfix) with ESMTP id 85EA83A6E12 for <oauth@ietf.org>; Mon, 18 Oct 2010 09:01:40 -0700 (PDT)
Received: from s5.ifi.informatik.uni-goettingen.de ([134.76.81.25] helo=[172.23.0.5]) by mailer.gwdg.de with esmtps (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <niklas.neumann@cs.uni-goettingen.de>) id 1P7sB2-0004z5-QX for oauth@ietf.org; Mon, 18 Oct 2010 18:03:08 +0200
Message-ID: <4CBC6FC0.5040708@cs.uni-goettingen.de>
Date: Mon, 18 Oct 2010 18:03:12 +0200
From: Niklas Neumann <niklas.neumann@cs.uni-goettingen.de>
Organization: University of Goettingen
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8
MIME-Version: 1.0
To: oauth@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: (clean) by exiscan+sophie
Subject: [OAUTH-WG] Token Transfer Protocol
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Oct 2010 16:01:46 -0000
Hello everybody, I am currently working on a projected related to authentication and secure token transfer between multiple devices. As such we are employing a simple protocol that handles token transfers independent of the actual type of token. We have adapted the protocol to be used with OAuth tokens and submitted it as an Internet Draft: http://tools.ietf.org/html/draft-neumann-oauth-token-transfer I was wondering if there is interest in employing such a protocol in cases where the HTTP redirection schemes of OAuth are not available or not working well (e.g. desktop applications without access to a user agent or authentication from a different device/application than the one accessing the consumer). Compared to other proposals such as draft-dehora-farrell-oauth-accesstoken-creds the STTP is more heavyweight but in turn it also has more options. With regards to authentication we didn't use SASL for complexity reasons in our work initialy but I don't see any reason not to include it if this is deemed more appropriate. The work that the draft is based on is still ongoing. Please understand the draft as no more than a discussion proposal on how OAuth could be opened to non-web-based environments and scenarios that involve multiple devices without overloading the OAuth specification itself. I am happy to further improve the draft if you think this might be a viable option. Best regards Niklas -- Niklas Neumann - University of Goettingen, Institute of Computer Science http://user.informatik.uni-goettingen.de/~nneuman1/ Tel: +49 551 39-172053
- [OAUTH-WG] Token Transfer Protocol Niklas Neumann
- Re: [OAUTH-WG] Token Transfer Protocol Justin Richer
- Re: [OAUTH-WG] Token Transfer Protocol Igor Faynberg
- Re: [OAUTH-WG] Token Transfer Protocol Marius Scurtescu
- Re: [OAUTH-WG] Token Transfer Protocol Niklas Neumann
- Re: [OAUTH-WG] Token Transfer Protocol George Fletcher
- Re: [OAUTH-WG] Token Transfer Protocol Niklas Neumann