Sent from my iPhone

> On Jun 29, 2017, at 4:00, [email protected] wrote:
> 
> Send OAuth mailing list submissions to
>    [email protected]
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://www.ietf.org/mailman/listinfo/oauth
> or, via email, send a út message with subject or body 'help' to
>    [email protected]
> 
> You can reach the person managing the list at
>    [email protected]
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OAuth digest..."
> 
> 
> Today's Topics:
> 
>   1. Re: WGLC draft-ietf-oauth-device-flow-06 (Rifaat Shekh-Yusef)
>   2. Re: WGLC draft-ietf-oauth-device-flow-06 (Justin Richer)
>   3. Re: WGLC draft-ietf-oauth-device-flow-06 (Rifaat Shekh-Yusef)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Wed, 28 Jun 2017 08:27:01 -0400
> From: Rifaat Shekh-Yusef <[email protected]>
> To: oauth <[email protected]>
> Subject: Re: [OAUTH-WG] WGLC draft-ietf-oauth-device-flow-06
> Message-ID:
>    <cagl6epjv_ymy5cne5fjhyoxryprcfs3hpl6-dg2wwzmy-cu...@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Hi (as individual),
> 
> I have reviewed the Device Flow document, and I have a question about the
> polling part.
> The current draft is calling for the Device Client to poll the AS for a
> token (steps E & F of Figure 1).
> 
> Presumably, the process started with the user pushing some button on the
> Device Client to initiate the process.
> One way to avoid the need for polling is for the Device Access Token
> Request to be sent to the AS only after the user for example pushed that
> same button again.
> This would allow the user to perform steps C and D to authorize the device,
> and then push the button again to get the token.
> 
> Thoughts?
> 
> Regards,
> Rifaat
> 
> 
> On Thu, Jun 1, 2017 at 8:32 AM, Rifaat Shekh-Yusef <[email protected]>
> wrote:
> 
>> All,
>> 
>> We are starting a WGLC on the Device Flow document:
>> https://tools.ietf.org/html/draft-ietf-oauth-device-flow-06
>> 
>> Please, review the document and provide feedback on any issues you see
>> with the document.
>> 
>> The WGCL will end in two weeks, on June 16, 2017.
>> 
>> Regards,
>> Rifaat and Hannes
>> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: 
> <https://mailarchive.ietf.org/arch/browse/oauth/attachments/20170628/e20dfd7b/attachment.html>
> 
> ------------------------------
> 
> Message: 2
> Date: Wed, 28 Jun 2017 11:33:28 -0400
> From: Justin Richer <[email protected]>
> To: Rifaat Shekh-Yusef <[email protected]>
> Cc: "<[email protected]>" <[email protected]>
> Subject: Re: [OAUTH-WG] WGLC draft-ietf-oauth-device-flow-06
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset="utf-8"
> 
> This is functionally equivalent to polling, as far as the spec is concerned. 
> Instead of it being a timeout-based poll, it?s an interaction-based poll. 
> Either way, the device makes a new HTTP request to the AS to see if the 
> device code is good or not, and either option is possible at that point as 
> far as the device knows? the user could go mash buttons as fast as possible 
> without ever entering the user code.
> 
> In practice, this isn?t very likely to happen, as it requires additional 
> steps for the user and makes for a more clunky experience. If anything, we 
> might see it as an optimization in some environments for some clients. In any 
> event, it?s not any different from the spec?s perspective.
> 
> ? Justin
> 
>> On Jun 28, 2017, at 8:27 AM, Rifaat Shekh-Yusef <[email protected]> 
>> wrote:
>> 
>> Hi (as individual),
>> 
>> I have reviewed the Device Flow document, and I have a question about the 
>> polling part.
>> The current draft is calling for the Device Client to poll the AS for a 
>> token (steps E & F of Figure 1).
>> 
>> Presumably, the process started with the user pushing some button on the 
>> Device Client to initiate the process.
>> One way to avoid the need for polling is for the Device Access Token Request 
>> to be sent to the AS only after the user for example pushed that same button 
>> again.
>> This would allow the user to perform steps C and D to authorize the device, 
>> and then push the button again to get the token.
>> 
>> Thoughts?
>> 
>> Regards,
>> Rifaat
>> 
>> 
>> On Thu, Jun 1, 2017 at 8:32 AM, Rifaat Shekh-Yusef <[email protected] 
>> <mailto:[email protected]>> wrote:
>> All,
>> 
>> We are starting a WGLC on the Device Flow document:
>> https://tools.ietf.org/html/draft-ietf-oauth-device-flow-06 
>> <https://tools.ietf.org/html/draft-ietf-oauth-device-flow-06>
>> 
>> Please, review the document and provide feedback on any issues you see with 
>> the document.
>> 
>> The WGCL will end in two weeks, on June 16, 2017.
>> 
>> Regards,
>> Rifaat and Hannes
>> 
>> _______________________________________________
>> OAuth mailing list
>> [email protected]
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: 
> <https://mailarchive.ietf.org/arch/browse/oauth/attachments/20170628/4af5963c/attachment.html>
> 
> ------------------------------
> 
> Message: 3
> Date: Wed, 28 Jun 2017 14:35:33 -0400
> From: Rifaat Shekh-Yusef <[email protected]>
> To: Justin Richer <[email protected]>
> Cc: "<[email protected]>" <[email protected]>
> Subject: Re: [OAUTH-WG] WGLC draft-ietf-oauth-device-flow-06
> Message-ID:
>    <CAGL6epLPXRA=31WhV=jU3FAXQKhY99=rsxpg2hmkfezqwe+...@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
>> On Wed, Jun 28, 2017 at 11:33 AM, Justin Richer <[email protected]> wrote:
>> 
>> This is functionally equivalent to polling, as far as the spec is
>> concerned. Instead of it being a timeout-based poll, it?s an
>> interaction-based poll. Either way, the device makes a new HTTP request to
>> the AS to see if the device code is good or not, and either option is
>> possible at that point as far as the device knows? the user could go mash
>> buttons as fast as possible without ever entering the user code.
>> 
>> 
> You are correct that this does not change the communication model, but if
> there is a large number of devices being configured at the same time, then
> the polling as it is defined in the document unnecessarily overloads the AS
> whether the user is doing anything or not.
> 
> 
> 
>> In practice, this isn?t very likely to happen, as it requires additional
>> steps for the user and
>> 
> 
> It requires one more step (not steps), which is the user pushing the button
> one more time after the user is done with authenticating and authorizing
> the device; do you see any other steps needed here?
> 
> 
> 
>> makes for a more clunky experience.
>> 
> 
> I guess this is subjective, but why do you think it is clunky?
> 
> Regards,.
> Rifaat
> 
> 
> 
> 
>> If anything, we might see it as an optimization in some environments for
>> some clients. In any event, it?s not any different from the spec?s
>> perspective.
>> 
>> ? Justin
>> 
>> On Jun 28, 2017, at 8:27 AM, Rifaat Shekh-Yusef <[email protected]>
>> wrote:
>> 
>> Hi (as individual),
>> 
>> I have reviewed the Device Flow document, and I have a question about the
>> polling part.
>> The current draft is calling for the Device Client to poll the AS for a
>> token (steps E & F of Figure 1).
>> 
>> Presumably, the process started with the user pushing some button on the
>> Device Client to initiate the process.
>> One way to avoid the need for polling is for the Device Access Token
>> Request to be sent to the AS only after the user for example pushed that
>> same button again.
>> This would allow the user to perform steps C and D to authorize the
>> device, and then push the button again to get the token.
>> 
>> Thoughts?
>> 
>> Regards,
>> Rifaat
>> 
>> 
>> On Thu, Jun 1, 2017 at 8:32 AM, Rifaat Shekh-Yusef <[email protected]>
>> wrote:
>> 
>>> All,
>>> 
>>> We are starting a WGLC on the Device Flow document:
>>> https://tools.ietf.org/html/draft-ietf-oauth-device-flow-06
>>> 
>>> Please, review the document and provide feedback on any issues you see
>>> with the document.
>>> 
>>> The WGCL will end in two weeks, on June 16, 2017.
>>> 
>>> Regards,
>>> Rifaat and Hannes
>>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> [email protected]
>> https://www.ietf.org/mailman/listinfo/oauth
>> 
>> 
>> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: 
> <https://mailarchive.ietf.org/arch/browse/oauth/attachments/20170628/050d51cc/attachment.html>
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth
> 
> 
> ------------------------------
> 
> End of OAuth Digest, Vol 104, Issue 30
> **************************************

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to