[kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?
Bill Mills <wmills_92105@yahoo.com> Wed, 12 March 2014 18:56 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9AE71A0744 for <kitten@ietfa.amsl.com>; Wed, 12 Mar 2014 11:56:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.06
X-Spam-Level: *
X-Spam-Status: No, score=1.06 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, HTTP_ESCAPED_HOST=1.125, J_CHICKENPOX_45=0.6, J_CHICKENPOX_46=0.6, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=0.77, RP_MATCHES_RCVD=-0.547, T_HTML_ATTACH=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U8yZED2N3Z55 for <kitten@ietfa.amsl.com>; Wed, 12 Mar 2014 11:56:09 -0700 (PDT)
Received: from nm1-vm1.bullet.mail.bf1.yahoo.com (nm1-vm1.bullet.mail.bf1.yahoo.com [98.139.213.163]) by ietfa.amsl.com (Postfix) with ESMTP id 830F21A0709 for <kitten@ietf.org>; Wed, 12 Mar 2014 11:56:08 -0700 (PDT)
Received: from [98.139.215.142] by nm1.bullet.mail.bf1.yahoo.com with NNFMP; 12 Mar 2014 18:56:02 -0000
Received: from [98.139.212.226] by tm13.bullet.mail.bf1.yahoo.com with NNFMP; 12 Mar 2014 18:56:02 -0000
Received: from [127.0.0.1] by omp1035.mail.bf1.yahoo.com with NNFMP; 12 Mar 2014 18:56:01 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 981326.55552.bm@omp1035.mail.bf1.yahoo.com
Received: (qmail 7489 invoked by uid 60001); 12 Mar 2014 18:56:01 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1394650561; bh=Qis6cXXXngirAp8Bm8tMeNvVt6akaBpNFuC7SUqf/YQ=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=xAXDqgilzx0fRozkpI38XfSjhMfbQ3rNIcwLDS8VC05z/tXvhAxqr0OEalHiQEg4goQgL2aRuivn/G8zMDiBLQPL2UKMSTWgboBExeb8dclvihpdvXkLQO57+l1d3dCoJQ2VZRslusxrmoJ3TuW/hqEx8NFaJQsrUhnuSzKArnI=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=6RcUsqN5pXDIi6Lhddd2GtPcvX0YzPNEG70nN2aBwGNEx4mWqvSrUuUI/X56Y7ux5p+MbUz1ospXSS/nXG3djdO+0FD75bb/nJXUG3TGxweBa0jipmY95TQZwslbZl8xNoAzW30zt5DlwLSGffHyYD4HH2V+7p4h0FxJDnJvvK8=;
X-YMail-OSG: FFTRIjIVM1knE2Z4ZNfxJgeQln8flGBk8Lubni6fFO4o6N. juCftvnHlOgUBAmA75_.1n49Oi6Y9CC6I1WsL8sYkpXmuaA3YIx7RDmqnt.8 TIaXTx6cU5b2KgsdwkYcY.A0jAU3YI886HsnugPJjoqxZThFM7VbzRkymb.F TF4ztp.oamdTADpFkWSEoVE7nUPolpLeMtD258G1JjdZ_EjRoUd5_vCwKG_U cU.Y6U0m2kSpAanAaXc6NWH9_ss_bslgImQZ2GMn6yKFP05nGx6pqyETjLrd 6d63WcYzAfnc0s6AwFgqbzhO8zd0wUhn0YpRHj5GWFc6zjWqgtptmx04qyWm Wy.ETD5NMVe64pS1pqS0J00bGYDZAaIZOd09oAk5jXdm9oW4JdBTzrpGf.iW JMSxjLA6VqbNguZLVFLSER7kB9LiJiupV6AZF5yuXtpXdX0D9EeLUh6R421B umpetVfavkzxtXFd3azE3WdkbX6TLIXtaD7S5f8H_5wbcK1vznsyLWn7FiC2 aAjm8d99I6pRhxe2pPlpAZ8kr4Hx60c3ufyBQw0Y8gxg4fePsNxoC2HniYVy 27W5xR95ipEvQDTuOCM95AH909DibIyUIAgjDKOIqhU6LrIt6XuiDt4RqmL5 hM27W4DUB0RV3U.jwsCxvF.gGFJVg47NUa136jzdHPKAkm4OFtG2ynMDRku3 CTSZYYnIXc6Kz_FYc
Received: from [99.31.212.42] by web142801.mail.bf1.yahoo.com via HTTP; Wed, 12 Mar 2014 11:56:01 PDT
X-Rocket-MIMEInfo: 002.001, UGxlYXNlIHRha2UgYSBsb29rIGF0IHRoZSBhdHRhY2hlZCwgc3BlY2lmaWNhbGx5IDMuMSwgYW5kIHNlZSBpZiBpdCBjYXB0dXJlcyB3aGF0J3MgYmVlbiBkaXNjdXNzZWQuCgpUaGFua3MsCgotYmlsbAoKCgpPbiBUaHVyc2RheSwgTWFyY2ggNiwgMjAxNCAzOjM4IFBNLCBSeWFuIFRyb2xsIDxydHJvbGxAZ29vZ2xlcnMuY29tPiB3cm90ZToKIApBcG9sb2dpZXMgZm9yIHRoZSBkZWxheSBpbiByZXNwb25kaW5nLgoKSSB1bmRlcnN0YW5kIHRoaXMgd2FzIGRpc2N1c3NlZCBpbiB0b2RheSdzIG1lZXRpbmc7IGEBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.178.641
References: <1393869321.174.YahooMailNeo@web125602.mail.ne1.yahoo.com> <tslr46j2kbm.fsf@mit.edu> <1393875779.29082.YahooMailNeo@web125604.mail.ne1.yahoo.com> <tsld2i21j7u.fsf@mit.edu> <1393926562.54403.YahooMailNeo@web125603.mail.ne1.yahoo.com> <1393948558.69282.YahooMailNeo@web125602.mail.ne1.yahoo.com> <CAPe4Cjoh7n-cQAuy17MWs66wigqTQvGBVVtEJ0_3zjaSg-5JmQ@mail.gmail.com>
Message-ID: <1394650561.77489.YahooMailNeo@web142801.mail.bf1.yahoo.com>
Date: Wed, 12 Mar 2014 11:56:01 -0700
From: Bill Mills <wmills_92105@yahoo.com>
To: Ryan Troll <rtroll@googlers.com>, Bill Mills <wmills@yahoo-inc.com>
In-Reply-To: <CAPe4Cjoh7n-cQAuy17MWs66wigqTQvGBVVtEJ0_3zjaSg-5JmQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="469468616-147888852-1394650561=:77489"
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/CPGu0Z4r609HrD4mEvVJ3lajfrI
Cc: "kitten@ietf.org" <kitten@ietf.org>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Mar 2014 18:56:16 -0000
Please take a look at the attached, specifically 3.1, and see if it captures what's been discussed. Thanks, -bill On Thursday, March 6, 2014 3:38 PM, Ryan Troll <rtroll@googlers.com> wrote: Apologies for the delay in responding. I understand this was discussed in today's meeting; and we're going to have a follow-up to discuss further - very reasonable. To answer Bill's original question: user= or a= --> Either works for us. If one has better implications than the other, we'll use it. -R On Tue, Mar 4, 2014 at 7:55 AM, Bill Mills <wmills@yahoo-inc.com> wrote: > >It is not used as a SASL identity. Quoting from -03 and -14 in progress: > >"user (REQUIRED): > > >Contains the user name being authenticated. The server MAY use this as a routing or database lookup hint. The server MUST NOT use this as authoritative, the user name MUST be asserted by the OAuth credential." > >Also, looking at the Google API docs for XOAUTH2, they implemented based on the -03 spec and have the "user=$username" syntax. See https://developers.google.com/gmail/xoauth2_protocol > >Based on Google's server API and the extant clients they have I'd like to ask for a consensus call on the following: > >1) Add the -03 "user" kvpair back into the spec. > >a) YES or b) NO. > >2) Should we include a GS2 header" > >a) No, let's wait for the GS2 update that deals with things that lack mutual auth and then write a spec that defines a GS2 header for SASL+OAUTH. > >b) Change the definition of "key" in kvpair to 1*(ALPHA / ","). This makes a GS2 header followed by a ^A (i.e. "n,a=user@example.com^A") a valid kvpair which would be ignored by servers that don't understand it. > >c) Define a stub OPTIONAL GS2 header explicitly. > >d) Include a fully defined GS2 header (language from draft -10). > > >My own feedback is 1: YES, 2: a or b. > > >-bill > > > >-------------------------------- >William J. Mills >"Paranoid" MUX Yahoo! > > > > > > >On Tuesday, March 4, 2014 12:06 AM, Sam Hartman <hartmans-ietf@mit.edu> wrote: > >t's discuss Thursday. >I'd like to understand what the user= value signifies and whether it's >actually a SASL authorization identifier. > >I'd like to understand whether there's value in an unprotected SASL >authorization identifier. > > > > > > >_______________________________________________ >Kitten mailing list >Kitten@ietf.org >https://www.ietf.org/mailman/listinfo/kitten > > _______________________________________________ Kitten mailing list Kitten@ietf.org https://www.ietf.org/mailman/listinfo/kitten
- [kitten] sasl-oauth "user" as a kvpair or in the … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Sam Hartman
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Sam Hartman
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Ryan Troll
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- [kitten] Pending draft 15 Re: sasl-oauth "user" a… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Ryan Troll
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Matt Miller
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Sam Hartman
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Matt Miller