Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?
Matt Miller <mamille2@cisco.com> Mon, 17 March 2014 20:32 UTC
Return-Path: <mamille2@cisco.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D66F11A0200 for <kitten@ietfa.amsl.com>; Mon, 17 Mar 2014 13:32:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.048
X-Spam-Level:
X-Spam-Status: No, score=-15.048 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R5nZ8bggNmnL for <kitten@ietfa.amsl.com>; Mon, 17 Mar 2014 13:32:07 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) by ietfa.amsl.com (Postfix) with ESMTP id C64BD1A0223 for <kitten@ietf.org>; Mon, 17 Mar 2014 13:32:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2227; q=dns/txt; s=iport; t=1395088320; x=1396297920; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=k2B688x+v9EgxwmJJbodUWUOHSuUo36wv1tAQYBxUWI=; b=bllNJp5onct0xqDHieXzms56Od1e2/BNixD9fXtZcb8jtuAOKivkF9Op H9AhZs3+gPQUEI9Gjoryja5ofKe4ga/yPKhh/PD8IfAcqK0jkSG/2tA5L v1qgFWkjUy1ALNd3fVw1yPLiN7hP8Qrfme9x55J42OZY8j2CPXFW8bPAO s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ApULAN9aJ1OtJV2Y/2dsb2JhbABZgwY7V6kCBIIklmmBJBZ0giUBAQEEeRALGAkNGA8CNBIGAQwBBQIBAYdhAxHUABeMUIFlMwcSDYQZAQOJGjiLCIIFgWeMaIVIgW+BXYFTOQ
X-IronPort-AV: E=Sophos;i="4.97,672,1389744000"; d="scan'208";a="310926844"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-6.cisco.com with ESMTP; 17 Mar 2014 20:31:59 +0000
Received: from xhc-rcd-x05.cisco.com (xhc-rcd-x05.cisco.com [173.37.183.79]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s2HKVxwP001625 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 17 Mar 2014 20:31:59 GMT
Received: from MAMILLE2-M-T03K.local (10.89.11.106) by xhc-rcd-x05.cisco.com (173.37.183.79) with Microsoft SMTP Server (TLS) id 14.3.123.3; Mon, 17 Mar 2014 15:31:59 -0500
Message-ID: <53275BC1.50808@cisco.com>
Date: Mon, 17 Mar 2014 14:32:01 -0600
From: Matt Miller <mamille2@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: Nico Williams <nico@cryptonector.com>, Bill Mills <wmills_92105@yahoo.com>
References: <1393869321.174.YahooMailNeo@web125602.mail.ne1.yahoo.com> <tslr46j2kbm.fsf@mit.edu> <1393875779.29082.YahooMailNeo@web125604.mail.ne1.yahoo.com> <tsld2i21j7u.fsf@mit.edu> <1393926562.54403.YahooMailNeo@web125603.mail.ne1.yahoo.com> <1393948558.69282.YahooMailNeo@web125602.mail.ne1.yahoo.com> <CAPe4Cjoh7n-cQAuy17MWs66wigqTQvGBVVtEJ0_3zjaSg-5JmQ@mail.gmail.com> <1394650561.77489.YahooMailNeo@web142801.mail.bf1.yahoo.com> <1394833947.5753.YahooMailNeo@web142802.mail.bf1.yahoo.com> <CAK3OfOhr0ksktckcBK5UG7OYb4-Z=QP6DXCcyArk6A3qVWK3gA@mail.gmail.com>
In-Reply-To: <CAK3OfOhr0ksktckcBK5UG7OYb4-Z=QP6DXCcyArk6A3qVWK3gA@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.89.11.106]
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/ACwHvPvZAQlOXzc15Ad4OCowzGU
Cc: "kitten@ietf.org" <kitten@ietf.org>, Bill Mills <wmills@yahoo-inc.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 20:32:10 -0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 3/17/14, 2:13 PM, Nico Williams wrote: > On Fri, Mar 14, 2014 at 4:52 PM, Bill Mills > <wmills_92105@yahoo.com> wrote: >> Quoting here, in the hope that it piques someone's interest. New >> proposed language is: >> >> " Client responses are a GS2 [RFC5801] header followed by a >> key/value pair sequence, or may be empty. The gs2-header is >> defined here for compatibility with GS2 if a GS2 mechanism is >> formally defined, but this document does not > > s/formally/eventually/ ? > >> define one. These key/value pairs carry the equivalent values >> from an HTTP context in order to be able to complete an OAuth >> style HTTP authorization. Unknown key/value pairs MUST be ignored >> by the server. The ABNF [RFC5234] syntax is: >> >> >> kvsep = %x01 key = 1*(ALPHA / ",") value >> = *(VCHAR / SP / HTAB / CR / LF ) kvpair = key "=" value >> kvsep ;;gs2-header = See RFC 5801 client_resp = >> (gs2-header kvsep 0*kvpair kvsep) / kvsep >> >> The GS2 header MUST inclde the user name asociated with the >> resource being accessed, the "authzid"." > > Hmm, MUST? SASL allows the app to not use an authzid if it > doesn't want to. I understand that Google's OAuth use case > requires an authzid, but it's not obvious to me that all OAuth use > cases will. > > + the two typos Ryan noticed. > I had the same pause as Nico. The implementation I was looking into did not require such information. - -- - - m&m Matt Miller < mamille2@cisco.com > Cisco Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJTJ1vBAAoJEDWi+S0W7cO1GbIH/jB145C0XvBjgngGNcVKs/Be 15zEdvojCNdDY0wHdjUXbwIbWs7LHA5ltO8NJhUVLU8E+Rmjl6ow+GvtlwqxCEFm IogrbU3uLEtB2liMGXBxLk2u4SbMV92e8g0WNQ7Qmo5Yws8urzkBFrcIG/Yu2gbe yUjvp8ai1E7o3y6xBZtzgZqIebF063mVMRGXJvIR5Z5DcgjQ0UMW0GLhGslYX6yB +pQ+faA2IsTDIVVBuOu9weP8mwgxU2tqtMcxe7ffWy1iPZrxk21pLvVmHL4sLHXO 4znnhsGApj+OzDojLPXh2jEdGOiO2goz2DWcV04rqpMSeMjLYK7jLw3N0YqMMZw= =W7/c -----END PGP SIGNATURE-----
- [kitten] sasl-oauth "user" as a kvpair or in the … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Sam Hartman
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Sam Hartman
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Ryan Troll
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- [kitten] Pending draft 15 Re: sasl-oauth "user" a… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Ryan Troll
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Matt Miller
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Sam Hartman
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Matt Miller