Return-Path: X-Original-To: kitten@ietfa.amsl.com Delivered-To: kitten@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8300B1A04B7 for ; Tue, 18 Feb 2014 21:07:25 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.926 X-Spam-Level: X-Spam-Status: No, score=-1.926 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q78KGXNLKmtL for ; Tue, 18 Feb 2014 21:07:22 -0800 (PST) Received: from mail-qc0-x22b.google.com (mail-qc0-x22b.google.com [IPv6:2607:f8b0:400d:c01::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 75FDA1A0557 for ; Tue, 18 Feb 2014 21:07:22 -0800 (PST) Received: by mail-qc0-f171.google.com with SMTP id x3so2035773qcv.30 for ; Tue, 18 Feb 2014 21:07:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlers.com; s=googlers; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=5kukI50XRysMz5MzhIa+C5cOxz8fRssuiD3PBQEdeG8=; b=J973c6rvQIexLg89YHRYLduyS/lnfaU0H1mfAq1w/ICTRiIsqVYPkod3ygrBEZX/zw JNHr1q8FrSwlQkW22KydQFxqtESYX30iiEK89R0MkFZIYLixpNlZMw85AwqtaqP7AI0h cO9qTIiGRLo6sckoxO5tSPgy8dyb/7ShAmh64= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=5kukI50XRysMz5MzhIa+C5cOxz8fRssuiD3PBQEdeG8=; b=Gi8mgQeNFnKnIROeEKrnyG9F8I36OuOqWLSHPuGW14Ekf3TxqXVNxjD6/W59dgMSt6 lU7oM2vNzId6HOj/ULtImCd1tgUwkhaQAOkRl7QkS0npllsHSpG+xL6DLkQoQx1CRfRc pKHZuMVGJDcEG6UoXIrpr5l8qKGhtU1BI5kEni4leIeu+kFB5iTWY8OlMT7M6qQeW8AH Ct9hbzAVRIcGOsEn2LZGWC5ZAbE2rtHz8W6q0IxtM5VQPkp8Eimomec1NcnI1hmXPr3j Fi/ekO+fraETyznzvR6gqvwmWmxiHSzj4t6M7oVKPamJp4TZbag5w4Kpg/aU/0+GioGB beyg== X-Gm-Message-State: ALoCoQk/rYCiQqQYcD1gXke2V3cKDQUmlOdnZ5qs4aFSpi9FTz3N2sZcmECp4nPRwwdAnGIDLCGzak5zuC3Oov14JOuw0inqJaqMBHnzFX+SgeiG1SrnDynjxdhGBMEFkLoghuJBQq5AzLCSTjlNt2RUYGf3b7G/LRfrquGewepyg/P2s4/Lz8g5kaFNIJh5OSgF+NgtP/MO MIME-Version: 1.0 X-Received: by 10.140.39.20 with SMTP id u20mr44733qgu.73.1392786439065; Tue, 18 Feb 2014 21:07:19 -0800 (PST) Received: by 10.229.113.131 with HTTP; Tue, 18 Feb 2014 21:07:18 -0800 (PST) In-Reply-To: <1389054308.10730.YahooMailNeo@web125604.mail.ne1.yahoo.com> References: <52AE9A65.1010700@oracle.com> <1389054229.19390.YahooMailNeo@web125601.mail.ne1.yahoo.com> <1389054308.10730.YahooMailNeo@web125604.mail.ne1.yahoo.com> Date: Tue, 18 Feb 2014 21:07:18 -0800 Message-ID: From: Ryan Troll To: Bill Mills Content-Type: multipart/alternative; boundary=001a11c123b6f2fef904f2bb5c47 Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/7CQJSZSzgrM8fl3JveEa5CkANK0 Cc: "kitten@ietf.org" Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-12 X-BeenThere: kitten@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Common Authentication Technologies - Next Generation List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Feb 2014 05:07:25 -0000 --001a11c123b6f2fef904f2bb5c47 Content-Type: text/plain; charset=UTF-8 Version -13 was released, and "user=" is not present. Can this be placed back in prior to approval as an RFC? It's optional, present to encourage implementors to use the same field name for this data (if required by their implementation), and was previously part of the GS2-header which was recently removed. -R On Mon, Jan 6, 2014 at 4:25 PM, Bill Mills wrote: > That said, your extant implementation might argue for leaving the GS2 > header in there... > > > > -bill > > > -------------------------------- > William J. Mills > "Paranoid" Yahoo! > > > > On , Bill Mills wrote: > Now that it's not duplicating the gs2 stuff it makes some sense. It can > be easily added back. > > Any objection to adding the "user" field back in? > > -bill > > > -------------------------------- > William J. Mills > "Paranoid" Yahoo! > > > > On Monday, January 6, 2014 4:10 PM, Ryan Troll > wrote: > > > MAJOR: > > * Removing the GS2-header (which was done in revision -11) also removed > the ability for the client to specify an authorization identity. If the > lack of an authorization identity is acceptable (and I suspect it is not > for some), then the document needs to state these mechanisms do not support > authz-id. > > > > The loss of the authz-id is a problem for us. Last year we discussed the > use case with the list, came to the conclusion that what our use case > needed was access to the authz-id; and agreed that we'd pull it from the > GS2-header. > > Now that the GS2-header is gone, it would be beneficial to provide a > standard, but optional, way for clients to provide the authz-id to the > service. This would ensure compatibility across services which require the > authz-id; while not requiring it for *all* SASL-OAuth clients. > > The original proposal had been to define a reserved keyword ("user") which > could be part of the initial client response. Should this be re-added? > > -R > > > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten > > > > > --001a11c123b6f2fef904f2bb5c47 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Version -13 was released, and "user=3D" is not p= resent.

Can this be placed back in prior to approval as = an RFC? =C2=A0It's optional, present to encourage implementors to use t= he same field name for this data (if required by their implementation), and= was previously part of the GS2-header which was recently removed.

-R




On Mon, Jan 6, 2014 = at 4:25 PM, Bill Mills <wmills@yahoo-inc.com> wrote:
That said, your extant i= mplementation might argue for leaving the GS2 header in there...


=C2=A0
-bill


--------------------------= ------
William J. Mills
"Paranoid" Yahoo!



On , Bill Mills <wmills@yahoo-inc.com> wrote:
Now that it's not duplic= ating the gs2 stuff it makes some sense.=C2=A0 It can be easily added back.=

Any objection to adding the "= user" field back in?
=C2=A0
-bill


= --------------------------------
William J. Mills
"Paranoid" Yahoo!


On Monday, January 6, 2014 4:10 PM, Ryan Troll <rtroll@googlers.com> wrote= :

MAJOR:

* Removing the GS2-header (which was done in revision -11) also removed the= ability for the client to specify an authorization identity. =C2=A0If the = lack of an authorization identity is acceptable (and I suspect it is not fo= r some), then the document needs to state these mechanisms do not support a= uthz-id.


The loss o= f the authz-id is a problem for us. =C2=A0Last year we discussed the use ca= se with the list, came to the conclusion that what our use case needed was = access to the authz-id; and agreed that we'd pull it from the GS2-heade= r.

Now that the GS2-header is gone, it woul= d be beneficial to provide a standard, but optional, way for clients to pro= vide the authz-id to the service. =C2=A0This would ensure compatibility acr= oss services which require the authz-id; while not requiring it for *all* S= ASL-OAuth clients.

The original proposal had been to define= a reserved keyword ("user") which could be part of the initial c= lient response. =C2=A0Should this be re-added?

-R
=C2=A0

_______________= ________________________________
Kitten mailing list
Kitten@ietf.org
https://www.ietf.org/mailman/listinfo/kitte= n


<= /div>



--001a11c123b6f2fef904f2bb5c47--