RE: Oauth blog post
"Worley, Dale R (Dale)" <dworley@avaya.com> Mon, 30 July 2012 04:11 UTC
Return-Path: <dworley@avaya.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 008F421F85DF for <ietf@ietfa.amsl.com>; Sun, 29 Jul 2012 21:11:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.229
X-Spam-Level:
X-Spam-Status: No, score=-103.229 tagged_above=-999 required=5 tests=[AWL=0.370, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3EjE6-cMMH+f for <ietf@ietfa.amsl.com>; Sun, 29 Jul 2012 21:11:01 -0700 (PDT)
Received: from de307622-de-outbound.net.avaya.com (de307622-de-outbound.net.avaya.com [198.152.71.100]) by ietfa.amsl.com (Postfix) with ESMTP id 0D81121F85DB for <ietf@ietf.org>; Sun, 29 Jul 2012 21:11:00 -0700 (PDT)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAHcIFlDGmAcF/2dsb2JhbAAvFrlOgQeCIAEBAQECARJsCwIBCA0IFhshESUBAQQTCBqHXAMGBp0JklcNiU6KaGuFf2ADk3QBh1GFDYUDgns
X-IronPort-AV: E=Sophos;i="4.77,677,1336363200"; d="scan'208";a="317593010"
Received: from unknown (HELO co300216-co-erhwest.avaya.com) ([198.152.7.5]) by de307622-de-outbound.net.avaya.com with ESMTP; 30 Jul 2012 00:06:35 -0400
Received: from dc-us1hcex1.us1.avaya.com (HELO DC-US1HCEX1.global.avaya.com) ([135.11.52.20]) by co300216-co-erhwest-out.avaya.com with ESMTP; 30 Jul 2012 00:06:39 -0400
Received: from DC-US1MBEX4.global.avaya.com ([169.254.2.202]) by DC-US1HCEX1.global.avaya.com ([2002:870b:3414::870b:3414]) with mapi; Mon, 30 Jul 2012 00:10:57 -0400
From: "Worley, Dale R (Dale)" <dworley@avaya.com>
To: "ietf@ietf.org" <ietf@ietf.org>
Date: Mon, 30 Jul 2012 00:10:57 -0400
Subject: RE: Oauth blog post
Thread-Topic: Oauth blog post
Thread-Index: Ac1t0rL2n4pTcA5bTcG1sD8GYJMJuwANbWwP
Message-ID: <CD5674C3CD99574EBA7432465FC13C1B22726A0BCE@DC-US1MBEX4.global.avaya.com>
References: <5015ADA1.9010304@gmail.com>
In-Reply-To: <5015ADA1.9010304@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jul 2012 04:11:08 -0000
> From: Yaron Sheffer [yaronf.ietf@gmail.com] > > [...] but what I'm reading is three concrete statements that IETF > members can respond to, and (if we accept them as true) consider how > to address in the future: > > - A Web-focused protocol was forced to adopt enterprise use cases. > [...] My first impulse is to say, yes, protocols that solve "enterprise" problems are a lot more difficult than ones that solve individual-user problems. One that showed up in my field (SIP) was the concept of "securely" identifying the party you have called. If I normally call John Smith at my bank to do business, and if John Smith is replaced at his job by another person, and I call "John Smith at the bank", should I authenticate that I am talking to John Smith, or should I authenticate that I am talking to the person who holds the job at the bank that John Smith used to have? > Tim bray writes in an essay: > > Enterpriseyness · One of Eran’s central gripes is the immense > difficulty of knitting "Enterprise" requirements into OAuth — or any > other standards work, for that matter. He’s right. The Web use cases > may not be easy to solve, but they’re easy to understand. [...] > > On the other hand, whenever I get into a conversation with someone on > the Enterprise side, even when I think I understand the problem > domain, I lose the plot, and fast. The requirements these people claim > to have around both authentication and authorization are so arcane and > subtle and legacy-laden that you have to be a full-time professional > to even understand them. Which reminds me that large organizations have the problem that every new activity is necessarily a small change on a monstrous base of current systems, and has to work harmoniously with them. As someone once observed: > The reason God could create the Universe in six days is that He didn't > have to make it upward compatible. Dale
- Oauth blog post Yaron Sheffer
- Re: Oauth blog post Randy Bush
- Re: Oauth blog post SM
- RE: Oauth blog post Tschofenig, Hannes (NSN - FI/Espoo)
- Re: Oauth blog post Hannes Tschofenig
- Re: Oauth blog post Glen Zorn
- RE: Oauth blog post Worley, Dale R (Dale)
- Re: Oauth blog post Hannes Tschofenig
- Re: Oauth blog post Hannes Tschofenig
- Re: Oauth blog post Yoav Nir
- Re: Oauth blog post Hannes Tschofenig
- Re: Oauth blog post Glen Zorn
- RE: Oauth blog post Worley, Dale R (Dale)
- Re: Oauth blog post Glen Zorn
- Re: Oauth blog post Yaron Sheffer
- Re: Oauth blog post Hannes Tschofenig
- Re: Oauth blog post Hannes Tschofenig
- Re: Oauth blog post Tim Bray
- RE: Oauth blog post Worley, Dale R (Dale)
- Re: Oauth blog post SM
- Re: Oauth blog post Murray S. Kucherawy
- Re: Oauth blog post Murray S. Kucherawy
- Re: Oauth blog post SM
- RE: Oauth blog post Worley, Dale R (Dale)
- RE: Oauth blog post Glen Zorn
- Re: Oauth blog post Hannes Tschofenig
- Re: Oauth blog post Hannes Tschofenig
- RE: Oauth blog post Worley, Dale R (Dale)
- Re: Oauth blog post Hector Santos