[IPP] Oauth for IPP System Service

[IPP] Oauth for IPP System Service

Kennedy, Smith (Wireless & IPP Standards) smith.kennedy at hp.com
Wed Oct 7 21:08:52 UTC 2020 

Errata filed: https://www.pwg.org/dynamo/issues.php?U0+P-1+S-2+I0+E0+Z68+Q <https://www.pwg.org/dynamo/issues.php?U0+P-1+S-2+I0+E0+Z68+Q>

Smith



> On Oct 7, 2020, at 3:03 PM, Michael Sweet <msweet at msweet.org> wrote:
> 
> Smith/All,
> 
> I think given the precedent of Get-Printer-Attributes, we should consider that Get-System-Attributes has a similar limitation (no authentication) in order to allow Clients to discover a system service. And we can log an issue against the system service spec to track a future errata update that clarifies all of this... :/
> 
> 
> > On Oct 7, 2020, at 4:51 PM, Kennedy, Smith (Wireless & IPP Standards) <smith.kennedy at hp.com> wrote:
> >
> > Hi there,
> >
> > In "IPP Authentication Methods v1.0" on page 19 (https://ftp.pwg.org/pub/pwg/informational/bp-ippauth10-20190816-5199.10.pdf#page=19 <https://ftp.pwg.org/pub/pwg/informational/bp-ippauth10-20190816-5199.10.pdf#page=19>), edge 13 says 'Check for "oauth-authorization-server-uri" and "oauth-authorization-scope" Printer Description attributes'. If the IPP System supported OAuth, then presumably a Client could do a Get-System-Attributes operation to get these same two attributes.
> >
> > But if the System is allowed to respond with an authentication challenge (similar to Get-User-Printer-Attributes but not similar to Get-Printer-Attributes) then we have a problem because those two OAuth attributes can't be acquired by the Client. I cannot tell from the definition of "Get-System-Attributes" in IPP System v1.0 (http://ftp.pwg.org/pub/pwg/candidates/cs-ippsystem10-20191122-5100.22.pdf#page=70 <http://ftp.pwg.org/pub/pwg/candidates/cs-ippsystem10-20191122-5100.22.pdf#page=70>) whether a System object is allowed to challenge a Client for authentication in response to a Get-System-Attributes operation request.
> >
> > Piotr, did I capture your "chicken-and-egg" concerns here?
> >
> > Smith
> >
> > /**
> > Smith Kennedy
> > HP Inc.
> > */
> >
> >> On Oct 7, 2020, at 2:16 PM, Michael Sweet via ipp <ipp at pwg.org> wrote:
> >>
> >> Piotr,
> >>
> >> > On Oct 7, 2020, at 4:08 PM, Piotr Pawliczek via ipp <ipp at pwg.org> wrote:
> >> >
> >> > Hi,
> >> >
> >> > I am trying to figure out how to implement oauth authentication for the IPP System (e.g.: needed to send the Get-Printers request). I cannot find any references to oauth authorization in the document "IPP System Service v1.0 (SYSTEM)". Is there any plan to describe oauth authentication on the level of IPP System?
> >>
> >> OAuth happens at the HTTP level, so the IPP Authentication Methods v1.0 document applies to all IPP services, not just printing.
> >>
> >> ________________________
> >> Michael Sweet
> >>
> >>
> >>
> >> _______________________________________________
> >> ipp mailing list
> >> ipp at pwg.org
> >> https://www.pwg.org/mailman/listinfo/ipp <https://www.pwg.org/mailman/listinfo/ipp>
> >
> 
> ________________________
> Michael Sweet
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20201007/202103ce/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://www.pwg.org/pipermail/ipp/attachments/20201007/202103ce/attachment.sig>

More information about the ipp mailing list