On 4/2/2023 2:49 PM, Warren Parad wrote:
But why these scopes?
Separate read and write scopes for the three pieces of a groupware
service seemed appropriate. And separating the three pieces of
groupware seemed appropriate as not all domains or users will use all of
them.
But since the most common use cases would include both read and write, I
defined short-hand scopes that included both permissions.
If that doesn't answer your question, then I'm not sure what you're
looking for.
On Sun, Apr 2, 2023 at 9:37 PM Clinton Bunch <cdb_i...@zentaur.org> wrote:
On 4/2/2023 2:26 PM, Warren Parad wrote:
Sorry, I'm asking why these scopes at all? I personally have
never seen any of them used ever (and I'm not being hyperbolic),
How did you come up with these suggestions?
The naming seemed logical given the IANA URI namespace. I was
looking for something that would be a common set of scopes for
this application domain that wasn't tied to a single vendor.
The purpose *could* be served by widespread adoption of Google's
scopes such as
https://www.googleapis.com/auth/calendar
but I believe that the reliance on a specific vendor name would
hamper wide-spread adoption, so a namespace defined by a neutral
party such as IETF seemed best.
On Sun, Apr 2, 2023 at 8:46 PM Clinton Bunch
<cdb_i...@zentaur.org> wrote:
On 4/2/2023 1:34 PM, Warren Parad wrote:
I propose a set of nine well-known scopes
Can you elaborate on what you mean by "well-known"? Is there
some canonical list, where these were pulled from?
I was trying to avoid the use of standard, as that implies
they must be used. To encourage adoption, I didn't want to
imply that the large providers would be required to change
their software to accommodate these, though it would be nice
if they did. These scopes are not currently in use as far as
I know.
The sense of well-known is that once this was published they
would be well-known scopes that could be implemented with
well-defined semantics.
- Warren
On Sun, Apr 2, 2023 at 8:12 PM Clinton Bunch
<cdb_i...@zentaur.org> wrote:
This seemed the most appropriate working group to post
this suggestion.
I would like to see a new Internet-Draft/RFC to add some
well-known
scopes to the IANA registry to promote adoption of Oauth
in Groupware
domains. I will try to write it myself, but have no
experience with
I-Ds or as a technical writer and could use some help.
Since the publication of RFC 7628 there is a push to
migrate groupware
servers to use Oauth2. This is hampered by the fact
that there are
several different server implementations and client
implementations are
often written by different organizations with little
overlap. One of
the barriers to widespread adoption is that each
authorization server
has a different set of scopes to cover the necessary user
authorizations. One groupware client I know has only a
few Auth Servers
available that are hardcoded and nearly every one has a
different set of
scopes. Servers have to have appropriate scopes
configured by the
administrator in order for the server to know which
scopes to check. It
also makes it hard for clients to know which scopes to
request without
some sort of configuration file provided by the domain
or worse, having
the user enter the appropriate scopes by hand. The
latter especially
seems like a support headache for the admin of the
groupware servers.
I propose a set of nine well-known scopes be added to
the Oauth URI IANA
registry to address this.
urn:ietf:params:oauth:scope:mail:read -
Authorization to read
email (IMAP,POP)
urn:ietf:params:oauth:scope:mail:send -
Authorization to send
mail on the user's behalf (SMTP)
urn:ietf:params:oauth:scope:mail -
Combination of the
previous two scopes
urn:ietf:params:oauth:scope:calendar:read -
Authorization to read
calendar entries
urn:ietf:params:oauth:scope:calendar:update -
Authorization to
update/create/delete calendar entries
urn:ietf:params:oauth:scope:calendar -
Combination of the
previous two scopes
urn:ietf:params:oauth:scope:contacts:read -
Authorization to read
contacts information
urn:ietf:params:oauth:scope:contacts:update -
Authorization to
update/create/delete contact information.
urn:ietf:params:oauth:scope:contacts -
Combination of the
previous two scopes
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth