From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Tomas Hlavaty <tom@logand.com>
Newsgroups: gmane.emacs.devel
Subject: Re: gmail+imap+smtp (oauth2)
Date: Thu, 12 May 2022 09:10:31 +0200
Message-ID: <87pmkj9qfs.fsf@logand.com>
References: <871qxbdulc.fsf@mat.ucm.es>
 <ed5b8ef5-439f-d0c4-0854-0198b90d9ea5@secure.kjonigsen.net>
 <87k0b2tkg1.fsf@mat.ucm.es> <87zgjx4qhs.fsf@gmail.com>
 <87bkwcgmr3.fsf@mat.ucm.es> <m2pmkst729.fsf@fastmail.fm>
 <87levfzqj2.fsf@yale.edu> <871qx7scvi.fsf@gmail.com>
 <87v8ujqec5.fsf@logand.com> <87ee172fjz.fsf@gmail.com>
 <87a6bur4z7.fsf@logand.com> <871qx6e96v.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="33043"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: "Jorge A. Alfaro-Murillo" <jorge@democraciareal.org>, emacs-devel@gnu.org
To: Tim Cross <theophilusx@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu May 12 09:13:03 2022
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1np30R-0008TO-2q
	for ged-emacs-devel@m.gmane-mx.org; Thu, 12 May 2022 09:13:03 +0200
Original-Received: from localhost ([::1]:36990 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1np30P-0006gi-Po
	for ged-emacs-devel@m.gmane-mx.org; Thu, 12 May 2022 03:13:01 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:41154)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <tom@logand.com>) id 1np2y4-00050D-OU
 for emacs-devel@gnu.org; Thu, 12 May 2022 03:10:37 -0400
Original-Received: from logand.com ([37.48.87.44]:48660)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <tom@logand.com>) id 1np2y3-0002FG-5w
 for emacs-devel@gnu.org; Thu, 12 May 2022 03:10:36 -0400
Original-Received: by logand.com (Postfix, from userid 1001)
 id 738FB1A0010; Thu, 12 May 2022 09:10:33 +0200 (CEST)
X-Mailer: emacs 27.2 (via feedmail 11-beta-1 I)
In-Reply-To: <871qx6e96v.fsf@gmail.com>
Received-SPF: pass client-ip=37.48.87.44; envelope-from=tom@logand.com;
 helo=logand.com
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:289665
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/289665>

On Sat 07 May 2022 at 04:55, Tim Cross <theophilusx@gmail.com> wrote:
> No, the University has considerable say. Typically, it has control over

how does one obtain the client_id?
from the university?

> Putting aside that applicaiton ID and client ID are not the same thing,
> not the bit

they seem to be instances of the same concept, whitelist items
one whitelist item for the university controlled whitelist
one whitelist item for google controlled whitelist

> I disagree. The spec is open and anyone can implmeent it in any
> language

that is true but not very useful due to the whitelists

>> one of the features seems to be that there is a (usually extra) party with special role
>> having absolute authority about who to let through the gate
>
> How is that any different to any other service (including SMTP).

traditionally, there used to be two actors involved in client-server
protocols like smtp and there were no whitelists

oauth2 involves more actors and whitelist(s)

> Even if you had a fully open source oauth2 implementaiton, there will
> still be a party (resource owner) who controls access and
> approves/rejects requests for access.

so far people could use whatever smtp client they chose
without having to whitelist it
(it was even possible to manually enter commands)

with oauth2, people cannot use whatever smtp client they choose;
that's why this thread exists