[IPP] Add "oauth-authorization-resource" attribute?

[IPP] Add "oauth-authorization-resource" attribute?

Kennedy, Smith (Wireless & IPP Standards) smith.kennedy at hp.com
Tue Nov 8 02:46:04 UTC 2022 

That sounds right - I couldn't remember how this played out and it doesn't seem to be covered in the wiki page.

However, I'm worried about that conclusion. If we advise that the Client supplies the "printer-uri" value as the resource identifier, wouldn't this mean that the Authentication Service needs to know the printer's current URI? That could be in the .local domain which isn't really any more useful or verifiable than a printer-uuid value. (Obviously how the printer and Authentication Service talk to one another is outside our scope of concern but that would affect whether the printer could register its URI with the Authentication Service.)

It seems like we could define the attribute but then provide guidance for how best to use it?

Smith



> On Nov 7, 2022, at 10:13 AM, Michael Sweet <msweet at msweet.org> wrote:
> 
> CAUTION: External Email
> 
> From: Michael Sweet <msweet at msweet.org>
> Subject: Re: [IPP] Add "oauth-authorization-resource" attribute?
> Date: November 7, 2022 at 10:13:17 AM MST
> To: "Kennedy, Smith (Wireless & IPP Standards)" <smith.kennedy at hp.com>, PWG IPP Workgroup <ipp at pwg.org>
> 
> 
> Smith,
> 
> I thought we had resolved this a couple IPP concalls ago - basically, "resource" for token exchange is explicitly the URI you are using to talk to the Printer (printer-uri) or System (system-uri) and not a self-advertised and unverifiable value (printer/system-uuid) provided by the Printer/System.
> 
> 
>> On Nov 7, 2022, at 11:17 AM, Kennedy, Smith (Wireless & IPP Standards) via ipp <ipp at pwg.org> wrote:
>> 
>> Hi there,
>> 
>> I had intended to mention earlier, but in the discussion of OAuth 2.0 and IPP, it would be useful to Clients if the Printer indicated the "resource" parameter for the Token Exchange in step 34 of ipp-authentication-6-http-oauth2.pdf. Otherwise one deployment will want the value to be "printer-uuid" while another will want it to be "printer-uri" and universal clients will find it challenging to know what to use in what context.
>> 
>> Thoughts?
>> 
>> Smith
>> 
>> /**
>>    Smith Kennedy
>>    HP Inc.
>> */
>> 
>> _______________________________________________
>> ipp mailing list
>> ipp at pwg.org
>> https://www.pwg.org/mailman/listinfo/ipp
> 
> ________________________
> Michael Sweet
> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20221108/a3960c07/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://www.pwg.org/pipermail/ipp/attachments/20221108/a3960c07/attachment.sig>

More information about the ipp mailing list