On 4/2/2023 2:49 PM, Warren Parad wrote:
But why these scopes?
Separate read and write scopes for the three pieces of a groupware service seemed appropriate. And separating the three pieces of groupware seemed appropriate as not all domains or users will use all of them.
But since the most common use cases would include both read and write, I defined short-hand scopes that included both permissions.
If that doesn't answer your question, then I'm not sure what you're looking for.
On Sun, Apr 2, 2023 at 9:37 PM Clinton Bunch <cdb_i...@zentaur.org> wrote: On 4/2/2023 2:26 PM, Warren Parad wrote:Sorry, I'm asking why these scopes at all? I personally have never seen any of them used ever (and I'm not being hyperbolic), How did you come up with these suggestions?The naming seemed logical given the IANA URI namespace. I was looking for something that would be a common set of scopes for this application domain that wasn't tied to a single vendor. The purpose *could* be served by widespread adoption of Google's scopes such as https://www.googleapis.com/auth/calendar but I believe that the reliance on a specific vendor name would hamper wide-spread adoption, so a namespace defined by a neutral party such as IETF seemed best.On Sun, Apr 2, 2023 at 8:46 PM Clinton Bunch <cdb_i...@zentaur.org> wrote: On 4/2/2023 1:34 PM, Warren Parad wrote:I propose a set of nine well-known scopes Can you elaborate on what you mean by "well-known"? Is there some canonical list, where these were pulled from?I was trying to avoid the use of standard, as that implies they must be used. To encourage adoption, I didn't want to imply that the large providers would be required to change their software to accommodate these, though it would be nice if they did. These scopes are not currently in use as far as I know. The sense of well-known is that once this was published they would be well-known scopes that could be implemented with well-defined semantics.- Warren On Sun, Apr 2, 2023 at 8:12 PM Clinton Bunch <cdb_i...@zentaur.org> wrote: This seemed the most appropriate working group to post this suggestion. I would like to see a new Internet-Draft/RFC to add some well-known scopes to the IANA registry to promote adoption of Oauth in Groupware domains. I will try to write it myself, but have no experience with I-Ds or as a technical writer and could use some help. Since the publication of RFC 7628 there is a push to migrate groupware servers to use Oauth2. This is hampered by the fact that there are several different server implementations and client implementations are often written by different organizations with little overlap. One of the barriers to widespread adoption is that each authorization server has a different set of scopes to cover the necessary user authorizations. One groupware client I know has only a few Auth Servers available that are hardcoded and nearly every one has a different set of scopes. Servers have to have appropriate scopes configured by the administrator in order for the server to know which scopes to check. It also makes it hard for clients to know which scopes to request without some sort of configuration file provided by the domain or worse, having the user enter the appropriate scopes by hand. The latter especially seems like a support headache for the admin of the groupware servers. I propose a set of nine well-known scopes be added to the Oauth URI IANA registry to address this. urn:ietf:params:oauth:scope:mail:read - Authorization to read email (IMAP,POP) urn:ietf:params:oauth:scope:mail:send - Authorization to send mail on the user's behalf (SMTP) urn:ietf:params:oauth:scope:mail - Combination of the previous two scopes urn:ietf:params:oauth:scope:calendar:read - Authorization to read calendar entries urn:ietf:params:oauth:scope:calendar:update - Authorization to update/create/delete calendar entries urn:ietf:params:oauth:scope:calendar - Combination of the previous two scopes urn:ietf:params:oauth:scope:contacts:read - Authorization to read contacts information urn:ietf:params:oauth:scope:contacts:update - Authorization to update/create/delete contact information. urn:ietf:params:oauth:scope:contacts - Combination of the previous two scopes _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
