[http-auth] Fwd: [apps-discuss] HTTP MAC Authentication Scheme
"KIHARA, Boku" <bkihara.l@gmail.com> Tue, 10 May 2011 06:48 UTC
Return-Path: <bkihara.l@gmail.com>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36915E0791 for <http-auth@ietfa.amsl.com>; Mon, 9 May 2011 23:48:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.49
X-Spam-Level:
X-Spam-Status: No, score=-2.49 tagged_above=-999 required=5 tests=[AWL=1.110, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nWTDb7j5piBQ for <http-auth@ietfa.amsl.com>; Mon, 9 May 2011 23:48:21 -0700 (PDT)
Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by ietfa.amsl.com (Postfix) with ESMTP id 8F0E2E0686 for <http-auth@ietf.org>; Mon, 9 May 2011 23:48:21 -0700 (PDT)
Received: by pwi5 with SMTP id 5so3640971pwi.31 for <http-auth@ietf.org>; Mon, 09 May 2011 23:48:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding; bh=b0aESN3r1UrQL3AZIoy+uGckcUCi6OUez5hM48GxvVM=; b=D11HHh+D1GmUjf7EwEdoxANRlKhYIila4reXsBBht+FzUKOrLf5nDRSfIK8SRPk/7B 4bMdW55WZAXtjzmpU3a8yzocYzk7ltGgOlFHlkX7CJW7PVDN2uqTguEwGOLKGpmlrNQv RdoIvGS5/yCF7J9mhaTYtQzEM175HoXdCnTik=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=e5c2/hdzI3ABn1LNsTISepH2xzZWWEIOrEzMoQYfUlYUdEqphwkLm8vbcNC0t5Bsf+ ATwdpIt+tzuAlPFqep2DXoPRA9j++chhJ13wCNl2nAhmOv0aiZTw7vMGug1/fF67q7Cj yZUpEyM9Zds+SacSM6Eee6edpN0Cm8z60y8l0=
MIME-Version: 1.0
Received: by 10.142.249.9 with SMTP id w9mr4423342wfh.2.1305010101168; Mon, 09 May 2011 23:48:21 -0700 (PDT)
Received: by 10.142.161.18 with HTTP; Mon, 9 May 2011 23:48:21 -0700 (PDT)
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E723447581DA8EA@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Tue, 10 May 2011 15:48:21 +0900
Message-ID: <BANLkTikTbpAGgvyk8VJbhsmC0UuhyHG_DA@mail.gmail.com>
From: "KIHARA, Boku" <bkihara.l@gmail.com>
To: http-auth@ietf.org
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Subject: [http-auth] Fwd: [apps-discuss] HTTP MAC Authentication Scheme
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2011 06:48:22 -0000
Maybe related to http-auth WG. ---------- Forwarded message ---------- From: Eran Hammer-Lahav <eran@hueniverse.com> Date: 2011/5/10 Subject: [apps-discuss] HTTP MAC Authentication Scheme To: "apps-discuss@ietf.org" <apps-discuss@ietf.org> Cc: Ben Adida <ben@adida.net>, "http-state@ietf.org" <http-state@ietf.org>, OAuth WG <oauth@ietf.org>, "Adam Barth (adam@adambarth.com)" <adam@adambarth.com>, HTTP Working Group <ietf-http-wg@w3.org> (Please discuss this draft on the Apps-Discuss <apps-discuss@ietf.org> mailing list) http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token The draft includes: * An HTTP authentication scheme using a MAC algorithm to authenticate requests (via a pre-arranged MAC key). * An extension to the Set-Cookie header, providing a method for associating a MAC key with a session cookie. * An OAuth 2.0 binding, providing a method of returning MAC credentials as an access token. Some background: OAuth 1.0 introduced an HTTP authentication scheme using HMAC for authenticating an HTTP request with partial cryptographic protection of the HTTP request (namely, the request URI, host, and port). The OAuth 1.0 scheme was designed for delegation-based use cases, but is widely “abused” for simple client-server authentication (the poorly named ‘two-legged’ use case). This functionality has been separated from OAuth 2.0 and has been reintroduced as a standalone, generally applicable HTTP authentication scheme called MAC. Comments and feedback is greatly appreciated. EHL
- [http-auth] Fwd: [apps-discuss] HTTP MAC Authenti… KIHARA, Boku