Hi Smith,
Thank you very much for your help!
BTW, have you considered using an HTTP response header (see
https://tools.ietf.org/html/rfc6750#section-3) to communicate "server-uri"
and "scope" to the client?
In this case, we would not have to expose Get-System-Attributes
and Get-Printer-Attributes to everyone.
Best regards,
Piotr
On Wed, Oct 7, 2020 at 2:14 PM Kennedy, Smith (Wireless & IPP Standards) <
smith.kennedy at hp.com> wrote:
> Hi Piotr,
>> I filed two errata against 5100.22: one to have Get-System-Attributes
> authentication semantics clarified, and another to have
> "oauth-authorization-server-uri" and "oauth-authorization-scope" attributes
> added as System Description attributes. The expectation is that a System
> object MUST NOT challenge a Client for authentication. Given that, if a
> System object supported OAuth, it ought to provide the
> "oauth-authorization-server-uri" and "oauth-authorization-scope" attributes
> as System Description attributes.
>> Smith
>> /**
> Smith Kennedy
> HP Inc.
> */
>> On Oct 7, 2020, at 2:56 PM, Piotr Pawliczek <pawliczek at chromium.org>
> wrote:
>> Hi Smith,
>> Yes! Thank you very much. This is the problem I run into.
> I just forgot to check Get-System-Attributes, so I didn't mention it.
>> Piotr
>>> On Wed, Oct 7, 2020 at 1:51 PM Kennedy, Smith (Wireless & IPP Standards) <
>smith.kennedy at hp.com> wrote:
>>> Hi there,
>>>> In "IPP Authentication Methods v1.0" on page 19 (
>>https://ftp.pwg.org/pub/pwg/informational/bp-ippauth10-20190816-5199.10.pdf#page=19),
>> edge 13 says 'Check for "oauth-authorization-server-uri" and
>> "oauth-authorization-scope" Printer Description attributes'. If the IPP
>> System supported OAuth, then presumably a Client could do a
>> Get-System-Attributes operation to get these same two attributes.
>>>> But if the System is allowed to respond with an authentication challenge
>> (similar to Get-User-Printer-Attributes but not similar to
>> Get-Printer-Attributes) then we have a problem because those two OAuth
>> attributes can't be acquired by the Client. I cannot tell from the
>> definition of "Get-System-Attributes" in IPP System v1.0 (
>>http://ftp.pwg.org/pub/pwg/candidates/cs-ippsystem10-20191122-5100.22.pdf#page=70)
>> whether a System object is allowed to challenge a Client for authentication
>> in response to a Get-System-Attributes operation request.
>>>> Piotr, did I capture your "chicken-and-egg" concerns here?
>>>> Smith
>>>> /**
>> Smith Kennedy
>> HP Inc.
>> */
>>>> On Oct 7, 2020, at 2:16 PM, Michael Sweet via ipp <ipp at pwg.org> wrote:
>>>> Piotr,
>>>> > On Oct 7, 2020, at 4:08 PM, Piotr Pawliczek via ipp <ipp at pwg.org>
>> wrote:
>> >
>> > Hi,
>> >
>> > I am trying to figure out how to implement oauth authentication for the
>> IPP System (e.g.: needed to send the Get-Printers request). I cannot find
>> any references to oauth authorization in the document "IPP System Service
>> v1.0 (SYSTEM)". Is there any plan to describe oauth authentication on the
>> level of IPP System?
>>>> OAuth happens at the HTTP level, so the IPP Authentication Methods v1.0
>> document applies to all IPP services, not just printing.
>>>> ________________________
>> Michael Sweet
>>>>>>>> _______________________________________________
>> ipp mailing list
>>ipp at pwg.org>>https://www.pwg.org/mailman/listinfo/ipp>>>>>>>-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20201009/186f8efe/attachment.html>