IETF Logo Mail Archive

Re: [ogpx] Context for Service Establishment in OGP

"Hurliman, John" <john.hurliman@intel.com> Wed, 03 June 2009 00:21 UTC

Return-Path: <john.hurliman@intel.com>
X-Original-To: ogpx@core3.amsl.com
Delivered-To: ogpx@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ED0D93A6E13 for <ogpx@core3.amsl.com>; Tue, 2 Jun 2009 17:21:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.299
X-Spam-Level:
X-Spam-Status: No, score=-6.299 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, J_CHICKENPOX_36=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XawIur1NCQD2 for <ogpx@core3.amsl.com>; Tue, 2 Jun 2009 17:21:02 -0700 (PDT)
Received: from mga02.intel.com (mga02.intel.com [134.134.136.20]) by core3.amsl.com (Postfix) with ESMTP id C98F73A6DDA for <ogpx@ietf.org>; Tue, 2 Jun 2009 17:21:02 -0700 (PDT)
Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP; 02 Jun 2009 17:12:52 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="4.41,294,1241420400"; d="scan'208";a="418346904"
Received: from rrsmsx604.amr.corp.intel.com ([10.31.0.170]) by orsmga002.jf.intel.com with ESMTP; 02 Jun 2009 17:28:17 -0700
Received: from rrsmsx506.amr.corp.intel.com ([10.31.0.39]) by rrsmsx604.amr.corp.intel.com ([10.31.0.170]) with mapi; Tue, 2 Jun 2009 18:20:49 -0600
From: "Hurliman, John" <john.hurliman@intel.com>
To: Infinity Linden <infinity@lindenlab.com>, Christian Scholz <cs@comlounge.net>
Date: Tue, 2 Jun 2009 18:20:25 -0600
Thread-Topic: [ogpx] Context for Service Establishment in OGP
Thread-Index: AcnjzHD4ctosHyKdQuu/mrpyRN2V6AAE98Mg
Message-ID: <62BFE5680C037E4DA0B0A08946C0933D90EA8506@rrsmsx506.amr.corp.intel.com>
References: <3a880e2c0906010249n34bf1b3di1aa588a6ba9b9bde@mail.gmail.com> <4A257C13.20407@comlounge.net> <3a880e2c0906021452v2af887b0q98a5a971155dd2ef@mail.gmail.com>
In-Reply-To: <3a880e2c0906021452v2af887b0q98a5a971155dd2ef@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "ogpx@ietf.org" <ogpx@ietf.org>
Subject: Re: [ogpx] Context for Service Establishment in OGP
X-BeenThere: ogpx@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual Worlds and the Open Grid Protocol <ogpx.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ogpx>
List-Post: <mailto:ogpx@ietf.org>
List-Help: <mailto:ogpx-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ogpx>, <mailto:ogpx-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2009 00:21:04 -0000

And just for context, the Cable Beach architecture doesn't replace CAPS entirely either. One or more capabilities are returned alongside the final access token, so the access token becomes junk data (since the consumer has already received what they came for).

In my opinion, the access token in OAuth is just one common token system for implementations to use. It goes to great lengths to support other systems, and you don't get better integration with existing services or a medal for sticking "closer to the intention of the spec" if you use the default OAuth request token instead of capabilities.

John

> -----Original Message-----
> From: ogpx-bounces@ietf.org [mailto:ogpx-bounces@ietf.org] On Behalf 
> Of Infinity Linden
> Sent: Tuesday, June 02, 2009 2:52 PM
> To: Christian Scholz
> Cc: ogpx@ietf.org
> Subject: Re: [ogpx] Context for Service Establishment in OGP
> 
> hey tao. i'll be in stockholm too.
> 
> as for OAuth... i think right now we're looking at just service
> establishment, and i think the main use case is for an agent domain to
> use a remote service that already has OAuth enabled (perhaps something
> like Zha's AD pointing towards OpenSim instances with a cable beach
> asset backend.) it is NOT a complete re-imagining of the protocol to
> abandon caps and replace then with OpenID/OAuth/XRDS.
> 
> -cheers
> -m
> 
> On Tue, Jun 2, 2009 at 12:22 PM, Christian Scholz <cs@comlounge.net>
> wrote:
>> Hi!
>> 
>> First of all great to see some action again :-)
>> 
>> And who is actually coming to Stockholm?
>> 
>>> i've been talking with John Hurliman about OAuth and David Lavine
>>> regarding X.509, and at some point it made sense to abstract the three
>>> different authentication / authorization schemes into a single
>>> "service establishment pattern." The message I just sent out really
>>> describes only the mechanism (and only enough mechanism to understand
>>> the concept.) over the next couple of weeks, i'd like to add some more
>>> detail to this and integrate it into the OGP : Authentication
>>> document. So feedback will definitely be welcomed.
>>> 
>>> to recap:
>>> 
>>> * there are three different types of authentication / authorization:
>>> password, X.509 and OAuth * password auth is appropriate for user ->
>>> server authentication * X.509 is appropriate for server <-> server
>>> authentication, and * OAuth is appropriate for server -> distant peer
>>> (whom you may not have an explicit trust relationship with.) * in all
>>> cases, you start with an authenticator (a password, a certificate or a
>>> token) and by presenting it to a server at a well defined service
>>> establishment URL, you'll get a seed cap back * with that seed cap,
>>> you can request those specific capabilities you require
>>  I personally would prefer it more if OAuth would replace those caps
>> (as you probably know). Are there any plans to do more than just the
>> initial step? Also what problem we are trying to solve here? What is an
>> example use case? I think that would help me to understand the context
>> even more :-)
>> 
>> 
>> -- Christian
>> 
>> 
>> --
>> COM.lounge GmbH
>> http://comlounge.net
>> Hanbrucher Strasse 33, 52064 Aachen
>> Amtsgericht Aachen HRB 15170
>> Geschäftsführer: Dr. Ben Scheffler, Christian Scholz
>> 
>> email: info@comlounge.net
>> fon: +49-241-4007300
>> fax: +49-241-97900850
>> 
>> personal email: cs@comlounge.net
>> personal blog: http://mrtopf.de/blog personal podcasts:
>> http://openweb-podcast.de, http://datawithoutborders.net
>> 
>> 
> _______________________________________________
> ogpx mailing list
> ogpx@ietf.org
> https://www.ietf.org/mailman/listinfo/ogpx

v2.8.7 | Report a Bug | By Email