Re: [OAUTH-WG] Using Oauth2 token to SOAP web services
Torsten Lodderstedt <torsten@lodderstedt.net> Wed, 28 March 2012 06:26 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 722DF21F8734 for <oauth@ietfa.amsl.com>; Tue, 27 Mar 2012 23:26:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.248
X-Spam-Level:
X-Spam-Status: No, score=-2.248 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c4ZeWADQvgpQ for <oauth@ietfa.amsl.com>; Tue, 27 Mar 2012 23:26:40 -0700 (PDT)
Received: from smtprelay01.ispgateway.de (smtprelay01.ispgateway.de [80.67.31.28]) by ietfa.amsl.com (Postfix) with ESMTP id 0DB1C21F8733 for <oauth@ietf.org>; Tue, 27 Mar 2012 23:26:39 -0700 (PDT)
Received: from [130.129.68.209] (helo=dhcp-44d1.meeting.ietf.org) by smtprelay01.ispgateway.de with esmtpsa (TLSv1:RC4-MD5:128) (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1SCmL7-0004uQ-Dl; Wed, 28 Mar 2012 08:26:37 +0200
References: <704876DE7EC20A49B6D0A5892068B0130B093AC1FD@DFW1MBX10.mex07a.mlsrvr.com> <DC4208DB-E834-401E-865F-2F5856FDA69B@oracle.com>
User-Agent: K-9 Mail for Android
In-Reply-To: <DC4208DB-E834-401E-865F-2F5856FDA69B@oracle.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----79IIXAOTZQK50AK9I13HC68PMF3NYS"
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Date: Wed, 28 Mar 2012 08:26:35 +0200
To: Guang Yang <guang.g.yang@oracle.com>, Jay Thorne <jthorne@layer7tech.com>
Message-ID: <f156424f-182a-4d28-8bd6-4755909d94e3@email.android.com>
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC1vbmxpbmUuZGU=
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Using Oauth2 token to SOAP web services
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Mar 2012 06:26:41 -0000
Hi Grant, did you consider to use the binary security token feature of WS-Security? http://schemas.xmlsoap.org/specs/ws-security/ws-security.htm#ws-security__toc6201554 We use it for some services. regards, Torsten. Guang Yang <guang.g.yang@oracle.com> schrieb: Thank you. Actually I am looking for a standard spec defines how to put the access token in soap request. I know several vendors in the industry have their solution of it but none of them is following a public standardization. So could you please do me a favor on letting me know how your product does for soap? Appreciate for your help. To the community, according recent emails back and force looks like we agree that it makes sense to have oauth enabled for soap, but nobody is giving a suggestion how to do it except using saml. I will appreciate to hear more suggestions before choosing a private way of my organization. Thanks a lot, Grant. Oracle Communications, SDP On Mar 28, 2012, at 4:38 AM, Jay Thorne <jthorne@layer7tech.com> wrote: http://www.layer7tech.com/ http://www.layer7tech.com/products/oauth-toolkit Yes, we can work with OAuth2 in SOAP context. Let me know if you want to hear more about it. -- Jay Thorne, Director of Development, Tactical Group Layer 7 Technologies t: 778 329 9974 c:604 836 7257 From: Chris Dryden Sent: Tuesday, March 27, 2012 1:04 PM To: Jay Thorne Subject: FW: [OAUTH-WG] Using Oauth2 token to SOAP web services Jay, this message was posted to the OAuth working group today. I have seen someone else asking for the same thing -- OAuth tokens in a SOAP context. This seems like our area of expertise, doesn't it? From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Grant Yang Sent: Wednesday, March 14, 2012 10:41 PM To: oauth@ietf.org Subject: [OAUTH-WG] Using Oauth2 token to SOAP web services Hi all, We were discussing the possibility to use Oauth2 token on SOAP in our product. The preferred way in mentioned in RFC is of course to put it to HTTP Authorization header, but in this case it will beyond the scope of SOAP stack and I am not sure it shall be the correct way to go. It is also recognized that there is some implementation (such as salesforce) is using some SOAP header (“sessionId”) to put this token, but it looks like a private implementation and I did not find any specification supporting it. Could any experts here illustrate any organization or forum is working on using Oauth2 token for SOAP request? As there are quite some legacy SOAP based web services, hopefully it is a question makes sense for you as well. Thoughts? Grant Yang Architect, SDP of ORACLE Communications _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Using Oauth2 token to SOAP web services Grant Yang
- Re: [OAUTH-WG] Using Oauth2 token to SOAP web ser… Grant Yang
- Re: [OAUTH-WG] Using Oauth2 token to SOAP web ser… Hannes Tschofenig
- Re: [OAUTH-WG] Using Oauth2 token to SOAP web ser… Phil Hunt
- Re: [OAUTH-WG] Using Oauth2 token to SOAP web ser… Paul Madsen
- Re: [OAUTH-WG] Using Oauth2 token to SOAP web ser… Igor Faynberg
- Re: [OAUTH-WG] Using Oauth2 token to SOAP web ser… Guang Yang
- Re: [OAUTH-WG] Using Oauth2 token to SOAP web ser… Torsten Lodderstedt