[OSLC-CM] How many tools support (or plan to) OAuth?

Dragos Cojocari dcojoca at us.ibm.com
Tue Nov 24 02:17:49 EST 2009


Hey all, 

authentication is discussed on this page: 
http://open-services.net/bin/view/Main/ReportingRESTApi

As hinted  at the bottom of the page, it is unlikely that a reporting tool 
will use OAuth. In our experience with tools based on JFS the reporting 
tool is an OAuth Client and it always communicates with a Fronting Service 
which is the OAuth consumer. The Fronting Service communicates with JFS 
which is the OAuth Provider. The OAuth protocol covers the communication 
between the Consumer and Provider but does not define the protocol between 
the OAuth Client and the OAuth Consumer. I assume this is caused by the 
fact that the client is assumed to be a human operator in most cases.

Actors
RRC/Cool School - OAuth Consumer
Jazz Foundation Server - OAuth Provider
RPE/Insight/User - Client



Regards,
        Dragos




Tack Tong/Toronto/IBM at IBMCA
11/23/2009 08:59 PM

To
Steve K Speicher <sspeiche at us.ibm.com>
cc
oslc-cm at open-services.net, oslc-cm-bounces at open-services.net, Dragos 
Cojocari/San Jose/Contr/IBM at IBMUS
Subject
Re: [OSLC-CM] How many tools support (or plan to) OAuth?





Steve,

Insight and RPE, as data consumers, support OAuth, basic, and form.

There were some issues re:OAuth in the area of protocol between OAuth User 
and OAuth Consumer. Dragos would have the details.

Tack Tong
IBM Rational software
tacktong at ca.ibm.com
905-413-3232
tie line 313-3232




Steve K Speicher <sspeiche at us.ibm.com> 
Sent by: oslc-cm-bounces at open-services.net
11/20/2009 12:14 PM

To
oslc-cm at open-services.net
cc

Subject
[OSLC-CM] How many tools support (or plan to) OAuth?







In our next meeting, I wanted to bring up this topic but just couldn't 
wait. 

For ALM tool interoperability, a good authentication story is needed.  In 
CM 1.0, we sort of "punted" on the issue and made some general statements 
about what SHOULD be supported: HTTP Basic auth, OAuth and SSL.  We never 
made it a MUST hard mandatory requirement. 

I'd like get some more information about where participants are with 
respect to OAuth.  If you don't know much about OAuth, there are some good 
introductory resources at http://oauth.net 

So the kind of feedback I'm looking for is: 
What solutions are used today for cross-system authentication? 
What are the current issues with today's solutions? 
Do any of your tools support OAuth today? If not, any plans. If no plans, 
reasons for not adopting? 

Feel free to respond or we can talk on Wednesday. 


So I'll respond to my own questions for Rational: 

Team Concert: 
        Currently supports OAuth 

ClearQuest / Change: 
        Currently support HTTP basic auth.  Investigating OAuth support, 
might be available in an upcoming release.  Integrating service providers 
must flow credentials through their servers, requiring careful handling. 

Thanks,
Steve Speicher | IBM Rational Software | (919) 254-0645
_______________________________________________
OSLC-CM mailing list
OSLC-CM at open-services.net
http://open-services.net/mailman/listinfo/oslc-cm_open-services.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://open-services.net/pipermail/oslc-cm_open-services.net/attachments/20091124/54b5c210/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 10800 bytes
Desc: not available
URL: <http://open-services.net/pipermail/oslc-cm_open-services.net/attachments/20091124/54b5c210/attachment.gif>


More information about the Oslc-Cm mailing list