[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OAUTH-WG] RSA signing and web delegation

From: Eran Hammer-Lahav <eran at hueniverse.com>
To: Brian Eaton <beaton at google.com>
Cc: "oauth at ietf.org" <oauth at ietf.org>
Date: Fri, 6 Nov 2009 13:16:54 -0700
In-reply-to: <daf5b9570911060923q4e2341cbp6fc7d38e42d77deb at mail.gmail.com>
References: <daf5b9570911051731q5a7602e7l45afa598582dfa78 at mail.gmail.com> <cb5f7a380911052152o59b27e70qb0ef14926d7620d0 at mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E7234378507844E at P3PW5EX1MB01.EX1.SECURESERVER.NET> <cb5f7a380911052230vbeb279bu2f4c0f763cb18b85 at mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E7234378507844F at P3PW5EX1MB01.EX1.SECURESERVER.NET> <daf5b9570911060923q4e2341cbp6fc7d38e42d77deb at mail.gmail.com>

The "Basic auth alternative" would be a single request flow with shared secret (either symmetric or asymmetric). I am not sure how the flow below applies (when compared to Basic auth).

EHL

> -----Original Message-----
> From: Brian Eaton [mailto:beaton at google.com]
> Sent: Friday, November 06, 2009 9:23 AM
> To: Eran Hammer-Lahav
> Cc: John Panzer; oauth at ietf.org
> Subject: Re: [OAUTH-WG] RSA signing and web delegation
> 
> On Thu, Nov 5, 2009 at 10:33 PM, Eran Hammer-Lahav
> <eran at hueniverse.com> wrote:
> > Do you need an RSA option for the "Basic Auth Alternative" case?
> 
> Yes.  I've been thinking of it as "role account authentication with
> OAuth", because that's the main place I see it being really useful.
> 
> Here's how I would model it:
> 
> - send an RSA-signed message to an authorization server
> - authorization server returns an access token (and possibly a secret)
> to the client
> - client uses the access token for data access
> 
> Cheers,
> Brian

Follow-Ups:
- Re: [OAUTH-WG] RSA signing and web delegation
  - From: Brian Eaton

References:
- [OAUTH-WG] RSA signing and web delegation
  - From: Brian Eaton
- Re: [OAUTH-WG] RSA signing and web delegation
  - From: John Panzer
- Re: [OAUTH-WG] RSA signing and web delegation
  - From: Eran Hammer-Lahav
- Re: [OAUTH-WG] RSA signing and web delegation
  - From: John Panzer
- Re: [OAUTH-WG] RSA signing and web delegation
  - From: Eran Hammer-Lahav
- Re: [OAUTH-WG] RSA signing and web delegation
  - From: Brian Eaton

Prev by Date: Re: [OAUTH-WG] RSA vs PKI?
Next by Date: Re: [OAUTH-WG] RSA signing and web delegation
Previous by thread: Re: [OAUTH-WG] RSA signing and web delegation
Next by thread: Re: [OAUTH-WG] RSA signing and web delegation
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.