[OSLC-CM] How many tools support (or plan to) OAuth?
Dragos Cojocari
dcojoca at us.ibm.com
Tue Nov 24 02:17:49 EST 2009
Hey all,
authentication is discussed on this page:
http://open-services.net/bin/view/Main/ReportingRESTApi
As hinted at the bottom of the page, it is unlikely that a reporting tool
will use OAuth. In our experience with tools based on JFS the reporting
tool is an OAuth Client and it always communicates with a Fronting Service
which is the OAuth consumer. The Fronting Service communicates with JFS
which is the OAuth Provider. The OAuth protocol covers the communication
between the Consumer and Provider but does not define the protocol between
the OAuth Client and the OAuth Consumer. I assume this is caused by the
fact that the client is assumed to be a human operator in most cases.
Actors
RRC/Cool School - OAuth Consumer
Jazz Foundation Server - OAuth Provider
RPE/Insight/User - Client
Regards,
Dragos
Tack Tong/Toronto/IBM at IBMCA
11/23/2009 08:59 PM
To
Steve K Speicher <sspeiche at us.ibm.com>
cc
oslc-cm at open-services.net, oslc-cm-bounces at open-services.net, Dragos
Cojocari/San Jose/Contr/IBM at IBMUS
Subject
Re: [OSLC-CM] How many tools support (or plan to) OAuth?
Steve,
Insight and RPE, as data consumers, support OAuth, basic, and form.
There were some issues re:OAuth in the area of protocol between OAuth User
and OAuth Consumer. Dragos would have the details.
Tack Tong
IBM Rational software
tacktong at ca.ibm.com
905-413-3232
tie line 313-3232
Steve K Speicher <sspeiche at us.ibm.com>
Sent by: oslc-cm-bounces at open-services.net
11/20/2009 12:14 PM
To
oslc-cm at open-services.net
cc
Subject
[OSLC-CM] How many tools support (or plan to) OAuth?
In our next meeting, I wanted to bring up this topic but just couldn't
wait.
For ALM tool interoperability, a good authentication story is needed. In
CM 1.0, we sort of "punted" on the issue and made some general statements
about what SHOULD be supported: HTTP Basic auth, OAuth and SSL. We never
made it a MUST hard mandatory requirement.
I'd like get some more information about where participants are with
respect to OAuth. If you don't know much about OAuth, there are some good
introductory resources at http://oauth.net
So the kind of feedback I'm looking for is:
What solutions are used today for cross-system authentication?
What are the current issues with today's solutions?
Do any of your tools support OAuth today? If not, any plans. If no plans,
reasons for not adopting?
Feel free to respond or we can talk on Wednesday.
So I'll respond to my own questions for Rational:
Team Concert:
Currently supports OAuth
ClearQuest / Change:
Currently support HTTP basic auth. Investigating OAuth support,
might be available in an upcoming release. Integrating service providers
must flow credentials through their servers, requiring careful handling.
Thanks,
Steve Speicher | IBM Rational Software | (919) 254-0645
_______________________________________________
OSLC-CM mailing list
OSLC-CM at open-services.net
http://open-services.net/mailman/listinfo/oslc-cm_open-services.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://open-services.net/pipermail/oslc-cm_open-services.net/attachments/20091124/54b5c210/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 10800 bytes
Desc: not available
URL: <http://open-services.net/pipermail/oslc-cm_open-services.net/attachments/20091124/54b5c210/attachment.gif>
More information about the Oslc-Cm
mailing list