IETF Logo Mail Archive

Re: Oauth blog post

Yaron Sheffer <yaronf.ietf@gmail.com> Sun, 29 July 2012 21:39 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE13721F8644 for <ietf@ietfa.amsl.com>; Sun, 29 Jul 2012 14:39:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0LzNuJs8zWrD for <ietf@ietfa.amsl.com>; Sun, 29 Jul 2012 14:39:48 -0700 (PDT)
Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) by ietfa.amsl.com (Postfix) with ESMTP id 44E3521F863B for <ietf@ietf.org>; Sun, 29 Jul 2012 14:39:48 -0700 (PDT)
Received: by wibhr14 with SMTP id hr14so954800wib.13 for <ietf@ietf.org>; Sun, 29 Jul 2012 14:39:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=/Oe88iqAUUziaQY9w34YLrT2AGGmFUrcpPgwK6iLoTg=; b=ygrdXoeP2ccy6hvO6K/jAXdoxGF41mlsiTGcG/XGLEM/0c3/Iafs80qhLkaOTZAmdc n+OlX8U0kN+rYxM1+amRUAjCIt0znXLLyC98QCms1pwp9v1U2KljzvLZ5UjO5MUFe5x5 y1Xz6LxAol1tBzM9V4gSDK9EWe/Wwfp86AqO+GY9Y+eV4f0PqPt5X+TnaZpSgu0SAnP+ zzJnlEBpvg5suVo4Q5uUhtg/zU6budu0IKchWpHbLQ7dDB9xXhXqAWG1/qUYHFT30F8v 6byNLen1WoPWdmmm4QTADcEqkRtYyvKIeuMUyNihGMRcT39DOrGhpmPFgU7A7pFRMRcH EpPg==
Received: by 10.216.99.199 with SMTP id x49mr896928wef.171.1343597987378; Sun, 29 Jul 2012 14:39:47 -0700 (PDT)
Received: from [10.0.0.4] ([109.67.179.185]) by mx.google.com with ESMTPS id bc2sm18861486wib.0.2012.07.29.14.39.46 (version=SSLv3 cipher=OTHER); Sun, 29 Jul 2012 14:39:46 -0700 (PDT)
Message-ID: <5015ADA1.9010304@gmail.com>
Date: Mon, 30 Jul 2012 00:39:45 +0300
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120714 Thunderbird/14.0
MIME-Version: 1.0
To: ietf@ietf.org
Subject: Re: Oauth blog post
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Jul 2012 21:39:49 -0000

Trying to step away from the "big vendors vs. users" discussion...

I admit I have not followed events in the oauth WG, but I did read 
Eran's post and his own follow-on comments, plus some others' who were 
burnt by our processes. Some may want to construe it as "IETF bashing", 
but what I'm reading is three concrete statements that IETF members can 
respond to, and (if we accept them as true) consider how to address in 
the future:

- A Web-focused protocol was forced to adopt enterprise use cases.
- The Security Area did not do a good job of providing the protocol with 
useful review/feedback/support. (The original wording is much harsher).
- The third statement is a cliché as far as SDOs, but we still need to 
face it: simple protocols coming into the IETF are made complex, 
sometime too complex, in the process.

Thanks,
     Yaron

PS: some background: OAuth is an important Web security protocol, very 
widely used (Wikipedia link here). The blog post was written by the 
person who has led (or co-led) the protocol for years, and actually 
brought it into the IETF.

v2.35.0 | Report a Bug | By Email | System Status