Trying to imagine a real world use case. For example, section 2.2, how would the public terminal know that a user device exists, let alone where?
Thanks, Marius On Mon, Oct 18, 2010 at 9:03 AM, Niklas Neumann <[email protected]> wrote: > Hello everybody, > > I am currently working on a projected related to authentication and secure > token transfer between multiple devices. As such we are employing a simple > protocol that handles token transfers independent of the actual type of > token. We have adapted the protocol to be used with OAuth tokens and > submitted it as an Internet Draft: > http://tools.ietf.org/html/draft-neumann-oauth-token-transfer > > I was wondering if there is interest in employing such a protocol in cases > where the HTTP redirection schemes of OAuth are not available or not working > well (e.g. desktop applications without access to a user agent or > authentication from a different device/application than the one accessing > the consumer). > > Compared to other proposals such as > draft-dehora-farrell-oauth-accesstoken-creds the STTP is more heavyweight > but in turn it also has more options. With regards to authentication we > didn't use SASL for complexity reasons in our work initialy but I don't see > any reason not to include it if this is deemed more appropriate. > > The work that the draft is based on is still ongoing. Please understand the > draft as no more than a discussion proposal on how OAuth could be opened to > non-web-based environments and scenarios that involve multiple devices > without overloading the OAuth specification itself. I am happy to further > improve the draft if you think this might be a viable option. > > Best regards > Niklas > > -- > Niklas Neumann - University of Goettingen, Institute of Computer Science > http://user.informatik.uni-goettingen.de/~nneuman1/ > Tel: +49 551 39-172053 > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
