IETF Logo Mail Archive

[kitten] proposed softer revision to 3.2.2 Re: I-D Action: draft-ietf-kitten-sasl-oauth-16.txt

Bill Mills <wmills_92105@yahoo.com> Thu, 16 October 2014 19:13 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 425341A87DB for <kitten@ietfa.amsl.com>; Thu, 16 Oct 2014 12:13:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.791
X-Spam-Level: *
X-Spam-Status: No, score=1.791 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, J_CHICKENPOX_74=0.6, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gyAxxFrmbswZ for <kitten@ietfa.amsl.com>; Thu, 16 Oct 2014 12:13:27 -0700 (PDT)
Received: from nm41.bullet.mail.bf1.yahoo.com (nm41.bullet.mail.bf1.yahoo.com [216.109.114.57]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E32D1A7D83 for <Kitten@ietf.org>; Thu, 16 Oct 2014 12:13:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1413486806; bh=ZfaSA9jVfkrATSwfGNNk9U3XvCxVUneXHQVjTBeBsmI=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=jBEAQurbo00/8Y3XpLtS4itC6soMVMH+5IsKmInCfPBsmKJfwattEOORyA8hXejJAJnIQMzXdEsO5w56IvvtCUtXRjb242vL9D7cU9bKGWO5ihM1RtGVwGzoLccuLf4J61+jFr+fhU7uU+X0bCXqe10vKLZM6AIgl47dR+YzQvfEpoVAH7GzX9LOulS3DAPcP7Yaa5OJ8Ze7GN+vjVUrylRl+ScBW/vWmcHs79iTyOvifXuIHvAfdjZxy9by8/gsljgOTyjcPwKD/YkmUkodRQUR9GKw0iSV7aLP/IucFDu1M490H2g30QpxfQ/f+255wiyNBUdRwj3SEhLw5C+JsQ==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=d3YKsV6xGIeYYLFcjoYE0ehEfuPva/EvtBNg39H1Fw7JdLmp4KQzbENFkWEKpU4xl3Fce3f4uCLcEZt6wLTZHBGmEkcAfTc2x20UXexHtnz51X+ZaKgdiELMLwzz15FxCSAwdbqI4yXbdMZDzNTiHIrHmVuKuDgMszT33XqEouRYDLQ1SnLKXgv5ISLjiFTq1nILpcXyD78ZAn7kDlOrntA79HRCuAAIj8YR+Qb/Vya5u226GE8u75qF54bQ4lpDlFLNwfL2aLcv0xM7U6EfgYZSE2SoOf3OclXQMROfODIb5AL2O2zz07d6NTRghLC+iKaqY/goXM/ofuJpHfOa0Q==;
Received: from [98.139.215.143] by nm41.bullet.mail.bf1.yahoo.com with NNFMP; 16 Oct 2014 19:13:26 -0000
Received: from [98.139.212.226] by tm14.bullet.mail.bf1.yahoo.com with NNFMP; 16 Oct 2014 19:13:26 -0000
Received: from [127.0.0.1] by omp1035.mail.bf1.yahoo.com with NNFMP; 16 Oct 2014 19:13:26 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 523320.18825.bm@omp1035.mail.bf1.yahoo.com
X-YMail-OSG: _oaYAgAVM1n34eUPig1c8bdMRKVnyojWYt0aFUi1X0YmsVd.JI6fGJjQRJOnj02 0H7QLmETNM3tSiqbLRJH0oO_hTYn0qc915boETg05E5fGuJRnjV296Gjr2XqeUlvVb_A3jKPNJl5 LhmZMlguBxJieupnPqR.ilO0.WZcH__XZ560zcegleRS0mbMQAXbHK5kSGK7orznUa8v0YmcghMg 7kIyA_yaocSDPjVbnaMtgP74CPVK5eYdVCWz5zd5dvWkzoK8POn3kMCxAfHJAnwnYUDxkzm3H2Aq dKvdm4i.zyB4an6atUVSbyl_h9fyHjd9cAWG51PRp8fE1mzK0Q.dSYy9cK_dyN2PZ8KHmNy8freU JQje6rlnVQrKGG.vIkva1X2wHyRzbyH2bImVA66NFMi_tJ5uLsOowjj28kFWEglsc.mQKcOEPV0T UYEVVVhCgoiy..2AForLrp2ttQhuhljyqd7X.yfjs7VSKqa7naG4WXwoZQ.dqXOFATlCxS_CT1IE-
Date: Thu, 16 Oct 2014 19:12:23 +0000
From: Bill Mills <wmills_92105@yahoo.com>
To: Bill Mills <wmills_92105@yahoo.com>, Torsten Lodderstedt <torsten@lodderstedt.net>, "Kitten@ietf.org" <Kitten@ietf.org>
Message-ID: <346516680.91005.1413486743123.JavaMail.yahoo@jws10661.mail.bf1.yahoo.com>
In-Reply-To: <1150607927.180478.1413398863008.JavaMail.yahoo@jws10636.mail.bf1.yahoo.com>
References: <1150607927.180478.1413398863008.JavaMail.yahoo@jws10636.mail.bf1.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_91004_328883782.1413486743114"
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/BY4Dz9m9uqLIinZkjmEwxHfI3q4
Cc: "tjs@psaux.com" <tjs@psaux.com>
Subject: [kitten] proposed softer revision to 3.2.2 Re: I-D Action: draft-ietf-kitten-sasl-oauth-16.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2014 19:13:29 -0000

Based on the discussion here I've put together softer language that gives the right guidance but doesn't make major normative changes in the draft.

Section 1 Introduction -- second to last paragraph:
Again, steps (E) and (F) are not defined in [RFC6749] (but aredescribed in, for example, [RFC6750] for the OAuth Bearer Tokeninstead) and are the main functionality specified within thisdocument. Consequently, the message exchange shown in Figure 1 is theresult of this specification. The client will generally need todetermine the authentication endpoints (and perhaps the serviceendpoints) before the OAuth 2.0 protocol exchange messages in steps(A)-(D) are executed. The discovery of the resource owner, authorization server endpoints, and client registration are outside the scope of this specification. The client must discover the authorization endpoints using a discovery mechanism such as OpenIDConnect Discovery [OpenID.Discovery] or Webfinger using host-meta[RFC7033].  Once credentials are obtained the client proceeds to steps(E) and (F) defined in this specification.  Authorization endpointsMAY require client registration and generic clients SHOULD supportthe Dynamic Client Registration protocol [I-D.ietf-oauth-dyn-reg].
(Note: I struck "In band discovery is not tenable if clients support the OAuth 2.0 password grant.)


Section 3.2.2 In the "oauth-configuration (OPTIONAL):" bullet add:
(appended to/after the first paragraph)
The returned discovery document SHOULD have all dataelements required by the OpenID Connect Discovery specificationpopulated.  In addition, the discovery document SHOULD containthe 'registration_endpoint' element to learn about the endpointto be used with the Dynamic Client Registration protocol[I-D.ietf-oauth-dyn-reg] to obtain the minimum number ofparameters necessary for the OAuth protocol exchange tofunction.  Another comparable discovery or client registrationmechanism MAY be used if available. 
The use of the 'offline_access' scope, as defined in[OpenID.Core] is RECOMMENDED to give clients the capability toexplicitly request a refresh token.

(At the end of this bullet)
Since clients may interact with a number of application servers,such as email servers and XMPP servers, they need to have a wayto determine whether dynamic client registration has been performedalready and whether an already available refresh token can bere-used to obtain an access token for the desired resource server.This specification RECOMMENDs that a client uses the information inthe 'issue' element to make this determination.
 

     On Wednesday, October 15, 2014 11:47 AM, Bill Mills <wmills_92105@yahoo.com> wrote:
   

 I think that wants to be a draft that's more generalto OpenID and OAuth.  Agreed it's a good thing.
_______________________________________________
Kitten mailing list
Kitten@ietf.org
https://www.ietf.org/mailman/listinfo/kitten

v2.23.0 | Report a Bug | By Email