Re: [GNAP] [Txauth] Revisiting the photo sharing example (a driving use case for the creation of OAuth)
Dick Hardt <dick.hardt@gmail.com> Thu, 13 August 2020 15:41 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: txauth@ietfa.amsl.com
Delivered-To: txauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FF693A0DB3 for <txauth@ietfa.amsl.com>; Thu, 13 Aug 2020 08:41:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bOt6NPeJj39D for <txauth@ietfa.amsl.com>; Thu, 13 Aug 2020 08:41:14 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1CFBC3A0DAD for <txauth@ietf.org>; Thu, 13 Aug 2020 08:41:13 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id t6so6672180ljk.9 for <txauth@ietf.org>; Thu, 13 Aug 2020 08:41:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HmJYf/c+aIeBqlqULEgJDZokKVt9ckeStoctnXyH7zQ=; b=uvalEiUDD+RaDcAZck47Tb0Q4btbt3DbYCJ44r9x7Vuu5C+LZ016MQm1W06Btl3HS3 Xv+ytdQ3l+PRg5Fv5YSURXD6jtccsQ+ggUeLXlPeySeIB5RQma6SQPrMSi7xXGRmMOoN 3ggU6L0HD6O4XIM0+hyWXJuGv/QprR0aPHmfIexMVI+juZ4JA8AuZj+F3ob8DlnDzlL4 DQWr6bqnAHCFR51Qx8JKirzT4FqrlMhDNRPgRIqYnHOVEqrwXtuX8Cf0+q09uwSFpc7G ULcH9vtyR9Ip2MoV3mGGSqL+5a63rntThEIiBcyuR2D6EE7ImaSaspnKsvBbNxyM2KRR WjtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HmJYf/c+aIeBqlqULEgJDZokKVt9ckeStoctnXyH7zQ=; b=gYTWFXxU3ji3C0Y007mBxpOinf6o9fyp5PH9ZGMwgsPof9KcBxxuLKRhwLD1IOz/J3 s0PTpGdOSTm3wg0O/Vryzb7HUn/B2pM7k57AExoY/frr0s85pygpw/q0EJoQoGHj3uYr liVgF8a0Ztnq6uPIlhzigsvkDOtnf4mnNqOKSiD+5HNnGVVlWqAg9EMBtpsNzHW7FAvS pwq/mBJirP1eSD69JmxJQ5g4jAZCUevypKoTljLwE49FemB2pMtRVqEwYSkHIYdoh7VM uotxnIPIxMyCn5K6DjlL2Xn4M0+dIcG41jucuBsqMisxBdDz19FZmJhRhXHP/Ah4IedV 5SMA==
X-Gm-Message-State: AOAM530lYG+8qSutEYF3yrWSJpfjoU/KdUp0thqtkAHur7wi8mDfJI91 kLqHNpM267J0Rf4rVGvphpAWWcZcN86AL3GvO8A=
X-Google-Smtp-Source: ABdhPJxHGAEXogN+GtLT5e7fft/C14M9IT9NfsSIgB3x9qBy3YYd3owddsq8yGerNAu2gzEr+7v/jYp6sP0fYjQCWAA=
X-Received: by 2002:a2e:a16f:: with SMTP id u15mr2502931ljl.5.1597333271874; Thu, 13 Aug 2020 08:41:11 -0700 (PDT)
MIME-Version: 1.0
References: <c5f40413-93b8-2e8c-0a3e-14a07cd27ad0@free.fr> <ECF217AE-1D67-4EAE-AE51-531F6EE6E222@mit.edu> <583aedda-ae41-1f3e-6623-671f2197614c@free.fr> <20200804185313.GT92412@kduck.mit.edu> <CAJot-L2hykst2vFxcwLn_auDMMaw7psVwsKFHKhQp9DA49ydWg@mail.gmail.com> <A4DC7B4E-FD34-454F-9396-B971CF5D57A4@mit.edu> <CAD9ie-tKEp+PV3F4p84Zbu7Kd1dQutawnzHybt8cmg-XniLYLQ@mail.gmail.com> <CAOW4vyN4ifCXmk1XAyGK4cEfY1jTp6+AWOL-uNjEpVcp0Ku0UQ@mail.gmail.com> <CAD9ie-ugjNevqKAPWFjKqGMMpCvX6yyC=M4bs9naenJf-k9uqg@mail.gmail.com> <CAOW4vyOrXstAvc3eKbsUh+gOPT-79nevR8nT5FyKTe+aAQ1pSw@mail.gmail.com> <CAD9ie-sZbxBKuLgC3Bu+yzJATOETdto=S83B6FOmC3gFJWz1jw@mail.gmail.com> <1b4a6a43-4c57-92b4-f442-2da58a2d0d70@free.fr> <CAD9ie-s5_tOZhE57tj1b+XaqDw+D43n_wStOPSmi7cioG2Z+gw@mail.gmail.com> <6678f154-31e7-2d01-2002-f3600f589c96@free.fr> <CD0AE256-7868-4B00-9235-300CB55506BC@mit.edu> <CAM8feuS0K3OTmNY6fzYKOtZeh1_6r_+UhW3uBzT96agw56akRA@mail.gmail.com> <08DEE9CF-F828-4221-AD51-B10AA1B2E9F2@mit.edu> <CAM8feuS8xZTsTrEuumRGgOhUfSvyJshhD9z8AgH-RZb2j2oerg@mail.gmail.com>
In-Reply-To: <CAM8feuS8xZTsTrEuumRGgOhUfSvyJshhD9z8AgH-RZb2j2oerg@mail.gmail.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Thu, 13 Aug 2020 08:40:35 -0700
Message-ID: <CAD9ie-uEDzF08RZJMwRq8B0nNYqoE-vfWCyace5GFL+cqRJMvA@mail.gmail.com>
To: Fabien Imbault <fabien.imbault@gmail.com>
Cc: Justin Richer <jricher@mit.edu>, Denis <denis.ietf@free.fr>, "txauth@ietf.org" <txauth@ietf.org>, Francis Pouatcha <fpo@adorsys.de>, Benjamin Kaduk <kaduk@mit.edu>
Content-Type: multipart/alternative; boundary="0000000000004211a305acc4223f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/txauth/fOAb7GG8yC49e33exCBax6gN4tI>
Subject: Re: [GNAP] [Txauth] Revisiting the photo sharing example (a driving use case for the creation of OAuth)
X-BeenThere: txauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <txauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/txauth>, <mailto:txauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/txauth/>
List-Post: <mailto:txauth@ietf.org>
List-Help: <mailto:txauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/txauth>, <mailto:txauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Aug 2020 15:41:16 -0000
I've often thought of front channel as an interaction visible to the user, and back channel as being between two software systems, in this case, the client and GS. Consent from the user is the front channel, independent of how the user gets to the GS, or if an app is part of the GS, or is the GS. ᐧ On Thu, Aug 13, 2020 at 8:34 AM Fabien Imbault <fabien.imbault@gmail.com> wrote: > Indeed. > > On Thu, Aug 13, 2020 at 5:33 PM Justin Richer <jricher@mit.edu> wrote: > >> A point I forgot to make below: the “front channel” isn’t going to exist >> for a lot of systems anymore, where interaction happens through an app or >> communication happens through some separate communication fabric. So there >> are cases, just like in OAuth 2, where there’s only a “back channel” and >> the other aspect of the AS never comes into play. >> >> — Justin >> >> On Aug 13, 2020, at 11:17 AM, Fabien Imbault <fabien.imbault@gmail.com> >> wrote: >> >> Without surprise, +1 to differentiate between the back-channel and the >> front-channel. >> >> On Thu, Aug 13, 2020 at 5:15 PM Justin Richer <jricher@mit.edu> wrote: >> >>> Denis, I want to focus on one point here: >>> >>> In OAuth 2.0, the user consent is performed by the AS using an authorize >>> endpoint where the user consent is solicited and captured. >>> >>> Since a user, with no prior experience, shall first connect to a RS to >>> perform an operation, the user consent shall be performed by the RS, >>> instead of the AS. This means that we should define a "consent" >>> endpoint at the RS. >>> >>> >>> One of my goals with XYZ’s design was to be able to separate the >>> interaction with the user from the web-based flows for the delegation >>> protocol, and that aspect is enshrined in the GNAP charter as well. >>> >>> It points to the reality that there are two different aspects of the >>> traditional AS that we might need to talk about separately now. One deals >>> with delegation, issuing tokens, returning data directly to the client (not >>> through a separate API, since that’s the RS), and other back-channel stuff. >>> The other aspect deals with interacting with the user and/or resource >>> owner. >>> >>> We already saw bits of this in OAuth 2: the AS is defined by the pair of >>> the token endpoint and authorization endpoint, each filling the respective >>> roles above. What if we formally separate these? Strawman names: >>> >>> >>> Delegation Server (DS) - handles the back-channel stuff >>> >>> Interaction Server (IS) - handles the front-channel stuff >>> >>> >>> — Justin >>> >>> -- >>> TXAuth mailing list >>> TXAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/txauth >>> >> >>
- [Txauth] Revisiting the photo sharing example (a … Denis
- Re: [Txauth] Revisiting the photo sharing example… Dick Hardt
- Re: [Txauth] Revisiting the photo sharing example… Justin Richer
- Re: [Txauth] Revisiting the photo sharing example… Tom Jones
- Re: [Txauth] Revisiting the photo sharing example… Denis
- Re: [Txauth] Revisiting the photo sharing example… Denis
- Re: [Txauth] Revisiting the photo sharing example… Justin Richer
- Re: [Txauth] Revisiting the photo sharing example… Dick Hardt
- Re: [Txauth] Revisiting the photo sharing example… Dick Hardt
- Re: [Txauth] Revisiting the photo sharing example… Benjamin Kaduk
- Re: [Txauth] Revisiting the photo sharing example… Warren Parad
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] Revisiting the photo sharing example (… Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Revisiting the photo sharing example (… Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- [GNAP] Terminology Denis
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Dave Tonge
- Re: [GNAP] Terminology Tom Jones
- Re: [GNAP] Terminology Mike Jones
- Re: [GNAP] Terminology Denis
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Francis Pouatcha
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] Terminology Dave Tonge
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] Terminology Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Tom Jones
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Tom Jones
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Denis
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Francis Pouatcha
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dick Hardt
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Dave Tonge
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] Terminology Denis
- [GNAP] User consent Denis
- [GNAP] User consent Denis
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] Terminology Justin Richer
- Re: [GNAP] Terminology - into Github Issues Francis Pouatcha
- Re: [GNAP] Terminology - into Github Issues Denis
- Re: [GNAP] User consent Francis Pouatcha
- Re: [GNAP] User consent Tom Jones
- Re: [GNAP] User consent Denis
- Re: [GNAP] User consent Denis
- Re: [GNAP] User consent Francis Pouatcha
- Re: [GNAP] Terminology Tom Jones
- Re: [GNAP] Terminology - into Github Issues Fabien Imbault
- Re: [GNAP] Terminology - into Github Issues Warren Parad
- Re: [GNAP] User consent Dick Hardt
- Re: [GNAP] Terminology Dick Hardt
- Re: [GNAP] Terminology Fabien Imbault
- Re: [GNAP] User consent Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Justin Richer
- Re: [GNAP] [Txauth] Revisiting the photo sharing … Fabien Imbault