Re: [OAUTH-WG] Device profile draft

2010-08-27 Thread David Recordon
While it's been a few weeks, I've made these changes and posted the Device profile as an Internet Draft: http://tools.ietf.org/html/draft-recordon-oauth-v2-device-00. We're working on an implementation at Facebook and hope to provide feedback toward the next draft. In the meantime I'd like to

[OAUTH-WG] Device profile draft

2010-07-15 Thread David Recordon
I've broken the device profile out of draft 06 so that it now lives in a separate document as an extension and have updated it to fit into the draft 10 structure. It defines a new device endpoint for the initial setup request where the client gets the two codes and URL. It then uses the existing

Re: [OAUTH-WG] Device profile draft

2010-07-15 Thread George Fletcher
Looks good. Are there any restrictions on the device_code such that it has to be under a certain size? Seems like it would be good to protect against random polling attacks (I presume this is what the Google research refers to). If there are no size restrictions then the device_code could be

Re: [OAUTH-WG] Device profile draft

2010-07-15 Thread David Recordon
On Thu, Jul 15, 2010 at 1:05 PM, George Fletcher gffle...@aol.com wrote: Looks good. Are there any restrictions on the device_code such that it has to be under a certain size? Seems like it would be good to protect against random polling attacks (I presume this is what the Google research

Re: [OAUTH-WG] Device profile draft

2010-07-15 Thread Zeltsan, Zachary (Zachary)
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of David Recordon Sent: Thursday, July 15, 2010 3:47 PM To: OAuth WG Cc: Jim Brusstar Subject: [OAUTH-WG] Device profile draft I've broken the device profile out of draft 06 so that it now lives in a separate document

Re: [OAUTH-WG] Device profile draft

2010-07-15 Thread David Recordon
this should to a must. Zachary -- *From:* oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On Behalf Of *David Recordon *Sent:* Thursday, July 15, 2010 3:47 PM *To:* OAuth WG *Cc:* Jim Brusstar *Subject:* [OAUTH-WG] Device profile draft I've broken

Re: [OAUTH-WG] Device profile draft

2010-07-15 Thread Michael D Adams
On Thu, Jul 15, 2010 at 2:11 PM, David Recordon record...@gmail.com wrote: On Thu, Jul 15, 2010 at 1:36 PM, Zeltsan, Zachary (Zachary) “The client makes the following request at an arbitrary but reasonable interval which MUST NOT exceed the minimum interval rate provided by   the authorization

Re: [OAUTH-WG] Device profile draft

2010-07-15 Thread David Recordon
Even better, thanks! On Thu, Jul 15, 2010 at 2:31 PM, Michael D Adams m...@automattic.comwrote: On Thu, Jul 15, 2010 at 2:11 PM, David Recordon record...@gmail.com wrote: On Thu, Jul 15, 2010 at 1:36 PM, Zeltsan, Zachary (Zachary) “The client makes the following request at an arbitrary but