oidc-deploy - a start, OAuth2 use cases, thoughts on addressing each
Subject: OIDC Deployment Working Group
List archive
- From: Steven Carmody <>
- To:
- Subject: a start, OAuth2 use cases, thoughts on addressing each
- Date: Thu, 9 Aug 2018 11:42:34 -0400
- Ironport-phdr: 9a23:Rj3u1xNqpqqLl25yXqMl6mtUPXoX/o7sNwtQ0KIMzox0I/j+rarrMEGX3/hxlliBBdydt6oazbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlJiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr8zRDqi8rxrSAf2hygbKz43/mbXislqg6JaphKquhhzzoHQbY2QMvdxeb/QcN0YSGdPR8pdSyNMCZ64Y4YPE+YNOOBVpJT/qVQTtxuzHQmiCv3yxDFLiHH506I13PguHwzdwAwtHcgDvGjIoNj7NqofV/2+wqnSzTXEavNbwSrz6JTWfRA/v/6MW697fNTLxkk1EgPFiUifqIz4ND6SzeQNr3aU7/R+WuKpk2Eotxt+oiKqxscrl4bIhpkYxUve9SV+zoc1I8e0R1Bmbt65CZZdsTyROYVxQsMnWW5ouSA6x6UJuZ68eygKx5AnyADFZ/ObdIiI5xTuX/uSLzdgnH9pZrOyiwqw/EWlxO3xVdK73EpPoydKjtXAqm0C2hnP5cSbTvZw+0Ks1SiR2w3X8u1IPF44mKnBJ5I8zbM9lYAfvVrNEyPogkn7jambfVg+9Oey8eToeLDmq4ecN4BqjgH+NbwjmsmlDuQ5NggCRnGb+eeg2LH68kz1XqtGg/ksnqnWt5DaIssbpqqnDANPzokj7BO/Ay+n0NQeg3YHMEpIdAyGgoT1OVzDJf74APSkjFiwlTpmyOzKMqH8DZjIMnfPjLPscLN45kJC1gY+ychT55dOBbEAJPLzVFXxtNvdDhIhKAy03/joCMtj2YMYQW2AHrWWMLnXsV+P++0uI/KBa5QPuDb6Jfkl4eTigmEkll8AZaWpx4cYaGikHvR6JEWUeXvsgtEdHmcNuwo+SevqiFuYXT5UfXayULsw5jY6CI27EYjPX52ij6KZ3Ce/GZ1XZntLClSNEXfza4WEQOkAZDiTIs9njjwLS6KhS4k/2hGyqgP20aRoIffJ+n5QiZW209l57KjfmAk28i1cDsKW1GSISGcymXkHFBEs26UqmlBw1FqFmYNxmflfGc0bs+hVXxk3M6nXxvZ/DNzjcgjbeciPDluqX4P1UnkKUtstzopWMA5GENK4g0WSjic=
Hi,
On last week's call, Alan, Roland, and I volunteered to identify the most common OAuth2 use cases currently in place on campuses; step 2 was to identify best practice for addressing each; step 3 would be to see how much of the required support is already available in the Shibboleth-GEANT-Finish OIDC work.
We had an email conversation, but it quickly became clear that this would benefit from participation by the broader group.
I've created a new google doc:
https://docs.google.com/document/d/15G_YRWisEa-5Kj5gU_D-i4MLMh-IJWl0Q5CAsqSy4ag/edit?usp=sharing
everyone should be able to edit that doc. It includes large portions of the email that Alan and I exchanged.
I'm on the way out the door to a family wedding (this won't be anywhere near as much fun as our daughter's wedding in Dublin this past June -- that was five days of parties!), but fun nonetheless !
As you'll quickly see, this doc needs a lot of editing. More than that, it needs people with more OAuth2 knowledge than me working on it. I'm also not completely sure that I may be operating with out-of-date assumptions. For instance, a couple of years ago most Native Apps were using OAuth2 to authenticate users -- is that still true ? The current recommendation for Native Apps seems to be to use "Authorization Code Grant Type with PKCE (Proof Key for Code Exchange)" -- do apps really use that ?
The doc also leaves too many open questions hanging ... again, here's hoping that people with more knowledge and more current knowledge can improve the doc.
Here's hoping people have a chance to review this, mark it up, improve it, and perhaps discuss it on the next call. Unfortunately, I'll miss the next call. Sorry.
- a start, OAuth2 use cases, thoughts on addressing each, Steven Carmody, 08/09/2018
- RE: a start, OAuth2 use cases, thoughts on addressing each, Eric Goodman, 08/09/2018
- Re: a start, OAuth2 use cases, thoughts on addressing each, Nick Roy, 08/09/2018
- RE: a start, OAuth2 use cases, thoughts on addressing each, Eric Goodman, 08/09/2018
Archive powered by MHonArc 2.6.19.