I posted a new version of the draft on the OAuth use cases today.
Your comments are welcome.
Zachary
-Original Message-
From: IETF I-D Submission Tool [mailto:idsubmiss...@ietf.org]
Sent: Friday, February 04, 2011 4:44 PM
To: Zeltsan, Zachary (Zachary)
Cc: gffle...@aol.com; tors...@lodde
The changes in this draft are only editorial cleanup items. Review
and feedback is always welcome, however.
-- Forwarded message --
From:
Date: Fri, Feb 4, 2011 at 2:30 PM
Subject: [OAUTH-WG] I-D Action:draft-ietf-oauth-saml2-bearer-03.txt
To: i-d-annou...@ietf.org
Cc: oauth@ie
I was thinking along the lines of simply returning the HTTP Authorization
header schemes that are supported. In the OAuth 2 context that would be
WWW-Authenticate: 401 error="blah blah blah" auth_types="Bearer MAC
Basic"
The client has to be aware of the authentication scheme names.
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Open Authentication Protocol Working Group of
the IETF.
Title : SAML 2.0 Bearer Assertion Grant Type Profile for
OAuth 2.0
Author(s) : B. Campbell, C.
> -Original Message-
> From: Marius Scurtescu [mailto:mscurte...@google.com]
> Sent: Friday, February 04, 2011 9:39 AM
> >> > - schemes are not easily reusable outside OAuth.
> >>
> >> Sure. But I really don't see this group trying to create generic
> >> authentication schemes.
> >
> > M
I agree, that is still to be defined. There seems to be some push back on
discovery, but this is likely warranted. If only because web sites may have
both browser clients and app clients.
In a previous message, I did suggest the web site return HTTP 401 as below...
>> 401 Unauthorized
>> WWW-Au
I was thinking more about how the client knows what to use. The ubiquitous
"service documentation" may come in to play here. Some form of serv ice
discovery/webfinger thing could also be used.
> -Original Message-
> From: Phil Hunt [mailto:phil.h...@oracle.com]
> Sent: Friday, February
Yes. This should be defined in each token type specification.
Phil
phil.h...@oracle.com
On 2011-02-04, at 11:29 AM, William Mills wrote:
> The only challenge is to know what scheme to use and what the nuances are of
> how to present the credential.
>
>> -Original Message-
>> From: o
The only challenge is to know what scheme to use and what the nuances are of
how to present the credential.
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Phil Hunt
> Sent: Friday, February 04, 2011 9:42 AM
> To: Marius Scurtescu
> Cc: O
Section 4.1.3 (v12) says:
The authorization server MUST:
o Validate the client credentials and ensure they match the
authorization code.
o Verify that the authorization code and redirection URI are valid
and match its stored association.
The ³stored association² does not a
I vote for #1. I really do not like the downsides of #4 (promoting
bearer to preferred token type).
Minoo
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Eran Hammer-Lahav
Sent: Thursday, February 03, 2011 12:34 AM
To: OAuth WG
Subject: [OAUTH-WG] Bearer token typ
OAuth should be able to support other token schemes.
Or conversely you don't have to have OAuth to use MAC, JWT, or whatever.
Phil
phil.h...@oracle.com
On 2011-02-04, at 9:39 AM, Marius Scurtescu wrote:
> On Thu, Feb 3, 2011 at 11:39 AM, Eran Hammer-Lahav
> wrote:
>> Hey Marius,
>>
>>>
On Thu, Feb 3, 2011 at 11:39 AM, Eran Hammer-Lahav wrote:
> Hey Marius,
>
>> -Original Message-
>> From: Marius Scurtescu [mailto:mscurte...@google.com]
>> Sent: Thursday, February 03, 2011 10:36 AM
>> To: Eran Hammer-Lahav
>> Cc: OAuth WG
>> Subject: Re: [OAUTH-WG] Bearer token type and s
FWIW, I agree with Brian - it should say OAuth somewhere, because it's an
OAuth token. My vote would be for OAuth2 for bearer tokens, and OAuth2Signed
for MAC tokens, for all the backward-compatibility issues with oauth_bearer,
etc.
Dirk.
On Fri, Feb 4, 2011 at 12:07 AM, Eran Hammer-Lahav wrote:
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Brian Eaton
> Sent: Thursday, February 03, 2011 11:58 PM
> To: Manger, James H
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] Bearer token type and scheme name (deadline:
> 2/10)
>
> How do we rec
15 matches
Mail list logo
