The same user could run the app on multiple computers and I want to
distinguish each running instance, so I think it's the app?
Thanks.
Vincent
On Wednesday, May 29, 2013, Todd W Lainhart wrote:
> On behalf of what will the access token be granted - the app (e.g. Word),
> or the user running the app?
>
> *
>
>
> Todd Lainhart
> Rational software
> IBM Corporation
> 550 King Street, Littleton, MA 01460-1250**
> 1-978-899-4705
> 2-276-4705 (T/L)
> lainh...@us.ibm.com <javascript:_e({}, 'cvml', 'lainh...@us.ibm.com');>*
>
>
>
>
> From: Vincent Tsang <vincets...@gmail.com <javascript:_e({},
> 'cvml', 'vincets...@gmail.com');>>
> To: Nat Sakimura <sakim...@gmail.com <javascript:_e({}, 'cvml',
> 'sakim...@gmail.com');>>,
> Cc: "oauth@ietf.org <javascript:_e({}, 'cvml', 'oauth@ietf.org');>"
> <oauth@ietf.org <javascript:_e({}, 'cvml', 'oauth@ietf.org');>>
> Date: 05/29/2013 12:31 AM
> Subject: Re: [OAUTH-WG] Device profile usage
> Sent by: oauth-boun...@ietf.org <javascript:_e({}, 'cvml',
> 'oauth-boun...@ietf.org');>
> ------------------------------
>
>
>
> The client is a native windows application, for instance, a document
> editor like MS Word.
> The editor can upload copies to the cloud (e.g. Amazon S3), then record
> the version history and notes associated with each cloud copy to our cloud
> service via our cloud application API (to be secured by OAuth access
> tokens).
> I think it's similar to the case with a media player application (like
> VLC/Windows Media Player) that sends playlist/history info to the cloud via
> some cloud application API.
> I'm just not sure which of the 4 scenarios described in the OAuth spec
> could fit in here...
>
> Thanks.
> Vincent
>
>
> On Wed, May 29, 2013 at 11:38 AM, Nat Sakimura
> <*sakim...@gmail.com*<javascript:_e({}, 'cvml', 'sakim...@gmail.com');>>
> wrote:
> A little more application and user context would help.
> A use case, so to speak.
>
> Nat
>
> 2013/05/29 12:04、Vincent Tsang <*vincets...@gmail.com* <javascript:_e({},
> 'cvml', 'vincets...@gmail.com');>> のメッセ�`ジ:
>
> > Hi Hannes,
> >
> > Thanks for your reply.
> > Actually I am new to OAuth and am simply trying to search for the best
> industrial practice for granting access tokens when the client to our
> application API is a simple windows applications, which in most cases runs
> on PC's with web browser installed.
> > Therefore the scenario doesn't quite match what is described in the
> document, as the user doesn't need a separate machine to perform the
> verification; it's just that the client application doesn't have internet
> browsing capability itself (in this sense it's similar to the "device"
> described in this document, though not quite) and so user needs to launch a
> separate browser application.
> > I ended up on this device profile spec just because it seems to match
> closer to our scenario when compared to the 4 cases described in the OAuth
> 2 spec, but it could be the case that I didn't understand it fully.
> > Maybe I should rephrase my question: could someone please advice what
> should be the best practice for granting OAuth tokens to clients which are
> native windows applications?
> >
> > Thanks.
> > Vincent
> >
> > _______________________________________________
> > OAuth mailing list
> > *OAuth@ietf.org* <javascript:_e({}, 'cvml', 'OAuth@ietf.org');>
> > *https://www.ietf.org/mailman/listinfo/oauth*<https://www.ietf.org/mailman/listinfo/oauth>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org <javascript:_e({}, 'cvml', 'OAuth@ietf.org');>
> https://www.ietf.org/mailman/listinfo/oauth
>
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
