Re: [OAUTH-WG] Oauth Server to Server

Fri, 27 Sep 2013 01:50:02 -0700 

On 27/09/13 09:33, Antonio Sanso wrote:


On Sep 26, 2013, at 2:34 PM, Sergey Beryozkin <sberyoz...@gmail.com> wrote:


On 24/09/13 13:08, Antonio Sanso wrote:

Hi *,

apologis to be back to this argument :).

Let me try to better explain one use case that IMHO would be really good to 
have in the OAuth specification family :)

At the moment the only "OAuth standard" way I know to do OAuth server to server 
is to use [0] namely Resource Owner Password Credentials Grant.

Let me tell I am not a big fun of this particular flow :) (but this is another 
story).

An arguable better way to solve this scenario is to user (and why not to 
standardise :S?) the method used by Google (or a variant of it) see [1].


2-way TLS and Resource Owner Password Credentials should be secure
enough, right ?



secure is secure what I do not like of that flow though is the fact that the 
resource owner should give the AS username/password to the client


Sure I agree to some extent; FYI, the integration scenarios I've been 
aware of (ex, Big Query server to server with no user having to sit in 
front of the application, with the application design being driven from 
a tooling studio) would work IMHO perfectly well with RO grant due to 
the clients & resource owners being most likely in the same 
organization; working with a json token complicates things quite a lot 
in our particular case :-), obviously it is more secure on the Web at 
large,


Cheers, Sergey


regards

antonio


Cheers, Sergey


Couple of more things:

- I do not know if Google would be interested to put some effort to standardise 
it (is anybody from Google lurking :) e.g.Tim Bray :D )
- I am not too familiar with IETF process. Would the OAuth WG take in 
consideration such proposal draft??

Thanks and regards

Antonio

[0] http://tools.ietf.org/html/rfc6749#section-4.3
[1] https://developers.google.com/accounts/docs/OAuth2ServiceAccount
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth





--
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth























					Reply via email to