attachment
<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi Piotr,<div class=""><br class=""></div><div class="">I filed two errata against 5100.22: one to have Get-System-Attributes authentication semantics clarified, and another to have "oauth-authorization-server-uri" and "oauth-authorization-scope" attributes added as System Description attributes. The expectation is that a System object MUST NOT challenge a Client for authentication. Given that, if a System object supported OAuth, it ought to provide the "oauth-authorization-server-uri" and "oauth-authorization-scope" attributes as System Description attributes.</div><div class=""><br class=""><div class="">
Smith<br class=""><br class="">/**<br class=""> Smith Kennedy<br class=""> HP Inc.<br class="">*/
</div>
<div><br class=""><blockquote type="cite" class=""><div class="">On Oct 7, 2020, at 2:56 PM, Piotr Pawliczek <<a href="mailto:pawliczek@chromium.org" class="">pawliczek@chromium.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div dir="ltr" class="">Hi Smith,<div class=""><br class=""></div><div class="">Yes! Thank you very much. This is the problem I run into.</div><div class="">I just forgot to check Get-System-Attributes, so I didn't mention it.</div><div class=""><br class=""></div><div class="">Piotr</div><div class=""><br class=""></div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Oct 7, 2020 at 1:51 PM Kennedy, Smith (Wireless & IPP Standards) <<a href="mailto:smith.kennedy@hp.com" class="">smith.kennedy@hp.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;" class="">Hi there,<div class=""><br class=""></div><div class="">In "IPP Authentication Methods v1.0" on page 19 (<a href="https://ftp.pwg.org/pub/pwg/informational/bp-ippauth10-20190816-5199.10.pdf#page=19" target="_blank" class="">https://ftp.pwg.org/pub/pwg/informational/bp-ippauth10-20190816-5199.10.pdf#page=19</a>), edge 13 says 'Check for "oauth-authorization-server-uri" and "oauth-authorization-scope" Printer Description attributes'. If the IPP System supported OAuth, then presumably a Client could do a Get-System-Attributes operation to get these same two attributes. </div><div class=""><br class=""></div><div class="">But if the System is allowed to respond with an authentication challenge (similar to Get-User-Printer-Attributes but not similar to Get-Printer-Attributes) then we have a problem because those two OAuth attributes can't be acquired by the Client. I cannot tell from the definition of "Get-System-Attributes" in IPP System v1.0 (<a href="http://ftp.pwg.org/pub/pwg/candidates/cs-ippsystem10-20191122-5100.22.pdf#page=70" target="_blank" class="">http://ftp.pwg.org/pub/pwg/candidates/cs-ippsystem10-20191122-5100.22.pdf#page=70</a>) whether a System object is allowed to challenge a Client for authentication in response to a Get-System-Attributes operation request.</div><div class=""><br class=""></div><div class="">Piotr, did I capture your "chicken-and-egg" concerns here?<br class=""><div class=""><br class=""><div class="">
Smith<br class=""><br class="">/**<br class=""> Smith Kennedy<br class=""> HP Inc.<br class="">*/
</div>
<div class=""><br class=""><blockquote type="cite" class=""><div class="">On Oct 7, 2020, at 2:16 PM, Michael Sweet via ipp <<a href="mailto:ipp@pwg.org" target="_blank" class="">ipp@pwg.org</a>> wrote:</div><br class=""><div class="">
<div class="">Piotr,<br class="">
<br class="">
> On Oct 7, 2020, at 4:08 PM, Piotr Pawliczek via ipp <<a href="mailto:ipp@pwg.org" target="_blank" class="">ipp@pwg.org</a>> wrote:<br class="">
> <br class="">
> Hi,<br class="">
> <br class="">
> I am trying to figure out how to implement oauth authentication for the IPP System (e.g.: needed to send the Get-Printers request). I cannot find any references to oauth authorization in the document "IPP System Service v1.0 (SYSTEM)". Is there any plan to describe oauth authentication on the level of IPP System?<br class="">
<br class="">
OAuth happens at the HTTP level, so the IPP Authentication Methods v1.0 document applies to all IPP services, not just printing.<br class="">
<br class="">
________________________<br class="">
Michael Sweet<br class="">
<br class="">
<br class="">
<br class="">
_______________________________________________<br class="">
ipp mailing list<br class="">
<a href="mailto:ipp@pwg.org" target="_blank" class="">ipp@pwg.org</a><br class="">
<a href="https://www.pwg.org/mailman/listinfo/ipp" target="_blank" class="">https://www.pwg.org/mailman/listinfo/ipp</a><br class="">
</div>
</div></blockquote></div><br class=""></div></div></div>
</blockquote></div>
</div></blockquote></div><br class=""></div></body></html>