Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?
Bill Mills <wmills@yahoo-inc.com> Mon, 17 March 2014 21:13 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 01DBD1A056D for <kitten@ietfa.amsl.com>; Mon, 17 Mar 2014 14:13:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.92
X-Spam-Level:
X-Spam-Status: No, score=-16.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779, USER_IN_DEF_WHITELIST=-15] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G1F8ktLDZEKK for <kitten@ietfa.amsl.com>; Mon, 17 Mar 2014 14:13:29 -0700 (PDT)
Received: from mrout1.yahoo.com (mrout1.yahoo.com [216.145.54.171]) by ietfa.amsl.com (Postfix) with ESMTP id 7FEA51A04C1 for <kitten@ietf.org>; Mon, 17 Mar 2014 14:13:29 -0700 (PDT)
Received: from BF1-EX10-CAHT01.y.corp.yahoo.com (bf1-ex10-caht01.corp.bf1.yahoo.com [10.74.209.56]) by mrout1.yahoo.com (8.14.4/8.14.4/y.out) with ESMTP id s2HLD4Wb001465 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <kitten@ietf.org>; Mon, 17 Mar 2014 14:13:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yahoo-inc.com; s=cobra; t=1395090785; bh=PuKWHAvc/AuG7qE80kwxruvUObVvH9zymwj0Gg33YiI=; h=References:Date:From:Reply-To:Subject:To:CC:In-Reply-To; b=eYcJzmwfvynaHl0Bx9NSu0WqJ2CM/rB4Rlv3aXJqD5zlojxZbM+ekehTDw61fDgos 7y7SCoKaW7hBYFzdbtuuMuPdHjWqg/0rb4yLJCiB1LM1pBphmQCH7ZyiLunrp7Nu+F MLEskQLOV34ImyMI3Q1YBHtbQP0stNT/QW8CsNdc=
Received: from omp1059.mail.ne1.yahoo.com (98.138.89.245) by BF1-EX10-CAHT01.y.corp.yahoo.com (10.74.209.170) with Microsoft SMTP Server (TLS) id 14.3.181.6; Mon, 17 Mar 2014 17:13:03 -0400
Received: (qmail 9897 invoked by uid 1000); 17 Mar 2014 21:13:02 -0000
Received: (qmail 53181 invoked by uid 60001); 17 Mar 2014 21:13:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1395090782; bh=obVwktaXjX+qT7q6pHuYCJmd8002YFLvX2Ju0/bawsA=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=mzRLbLy7CQtiFAfQnNg/KQQ9/uOdPiF1QBCWmmcA8IxjtMOvO+HgerX8ZGx/gvx8hiWubOBBr+Ph7sx7DxNdKz2TBPc8UEycJMIRNIySM6MYZf3VyuYqGGfge86bX2cVESIEwwlkgztctwMQ0VSmVv7FF6VrI1fQJk/1m6iP+xk=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=UUaWz8kppr8ci/Mm7vbDunCtBfCYeeaiZNR5RAf4feBcnI8V30Kh6qiJpBpUvJLQavRy1vpkegcDDLk2sn1/5SnjWYWXjYzEcdD/a6uUaXK00ovBatbrZdXa0nJWdZwNBW5bSFrAwVK85aO4q6mwU7TfCeMEW+WeYdcxIW4QFOo=;
X-YMail-OSG: 80YNKh0VM1kWC.txTthN5aGmxQBpPfmywja2RziFg0geLYH 6oORFxoxChoCbvrt_AuCkbSDKOXjCkMBQBMl5yBpKcHZgakBy7jn1rGUx.ou XxSHFTBn32JxXoN8YyaX7KY5wzFog7rZsk1IoFKW8PiX09AjLpCpzy.yY_EZ UjmBSNkoOFAmldOaCovYb47NavkjyWZrC3EpGCTVqiCvgKGNQBv_etbxUAop HSDZuiJvkYQwdnoJK9JZbYW33lea.nkUK5Kc1RCdXvimjNprIul.of3ky8k4 8MLyG1hJY7eLDRhkZ6Vs-
Received: from [66.228.162.52] by web125604.mail.ne1.yahoo.com via HTTP; Mon, 17 Mar 2014 14:13:02 PDT
X-Rocket-MIMEInfo: 002.001, T0ssIHNvIGdpdmVuIEdvb2dsZSdzIGV4dGFudCBpbXBsZW1lbnRhdGlvbiwgaWYgd2UgY2hhbmdlIGl0IHRvIFNIT1VMRCB0aGUgTVVTVCBpcyBpbXBsaWNpdCBhbmQgdGhlIGRlIGZhY3RvIHN0YW5kYXJkIGFueXdheSBpZiB5b3Ugd2FudCBpdCB0byB3b3JrIHdpdGggR29vZ2xlLgoKCkknZCByYXRoZXIgaGF2ZSB0aGUgc3RhbmRhcmQgZXhwbGljaXRseSBkb2N1bWVudCB3aGF0IGlzIHdvcmtpbmcgbm93LCBidXQgSSBjYW4gbWFrZSB0aGUgY2hhbmdlIGVhc2lseS4KCsKgCi1iaWxsCgoKCi0tLS0tLS0tLS0BMAEBAQE-
X-Mailer: YahooMailWebService/0.8.178.641
References: <1393869321.174.YahooMailNeo@web125602.mail.ne1.yahoo.com> <tslr46j2kbm.fsf@mit.edu> <1393875779.29082.YahooMailNeo@web125604.mail.ne1.yahoo.com> <tsld2i21j7u.fsf@mit.edu> <1393926562.54403.YahooMailNeo@web125603.mail.ne1.yahoo.com> <1393948558.69282.YahooMailNeo@web125602.mail.ne1.yahoo.com> <CAPe4Cjoh7n-cQAuy17MWs66wigqTQvGBVVtEJ0_3zjaSg-5JmQ@mail.gmail.com> <1394650561.77489.YahooMailNeo@web142801.mail.bf1.yahoo.com> <1394833947.5753.YahooMailNeo@web142802.mail.bf1.yahoo.com> <CAK3OfOhr0ksktckcBK5UG7OYb4-Z=QP6DXCcyArk6A3qVWK3gA@mail.gmail.com> <53275BC1.50808@cisco.com>
Message-ID: <1395090782.52393.YahooMailNeo@web125604.mail.ne1.yahoo.com>
Date: Mon, 17 Mar 2014 14:13:02 -0700
From: Bill Mills <wmills@yahoo-inc.com>
To: Matt Miller <mamille2@cisco.com>, Nico Williams <nico@cryptonector.com>, Bill Mills <wmills_92105@yahoo.com>
In-Reply-To: <53275BC1.50808@cisco.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-685807438-769530606-1395090782=:52393"
X-Milter-Version: master.31+4-gbc07cd5+
X-CLX-ID: 090785001
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/CpcNFA_iADEHyFydin5pIu67Izs
X-Mailman-Approved-At: Mon, 17 Mar 2014 14:15:25 -0700
Cc: "kitten@ietf.org" <kitten@ietf.org>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills@yahoo-inc.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 21:13:32 -0000
OK, so given Google's extant implementation, if we change it to SHOULD the MUST is implicit and the de facto standard anyway if you want it to work with Google. I'd rather have the standard explicitly document what is working now, but I can make the change easily. -bill -------------------------------- William J. Mills "Paranoid" MUX Yahoo! On Monday, March 17, 2014 1:32 PM, Matt Miller <mamille2@cisco.com> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 3/17/14, 2:13 PM, Nico Williams wrote: > On Fri, Mar 14, 2014 at 4:52 PM, Bill Mills > <wmills_92105@yahoo.com> wrote: >> Quoting here, in the hope that it piques someone's interest. New >> proposed language is: >> >> " Client responses are a GS2 [RFC5801] header followed by a >> key/value pair sequence, or may be empty. The gs2-header is >> defined here for compatibility with GS2 if a GS2 mechanism is >> formally defined, but this document does not > > s/formally/eventually/ ? > >> define one. These key/value pairs carry the equivalent values >> from an HTTP context in order to be able to complete an OAuth >> style HTTP authorization. Unknown key/value pairs MUST be ignored >> by the server. The ABNF [RFC5234] syntax is: >> >> >> kvsep = %x01 key = 1*(ALPHA / ",") value >> = *(VCHAR / SP / HTAB / CR / LF ) kvpair = key "=" value >> kvsep ;;gs2-header = See RFC 5801 client_resp = >> (gs2-header kvsep 0*kvpair kvsep) / kvsep >> >> The GS2 header MUST inclde the user name asociated with the >> resource being accessed, the "authzid"." > > Hmm, MUST? SASL allows the app to not use an authzid if it > doesn't want to. I understand that Google's OAuth use case > requires an authzid, but it's not obvious to me that all OAuth use > cases will. > > + the two typos Ryan noticed. > I had the same pause as Nico. The implementation I was looking into did not require such information. - -- - - m&m Matt Miller < mamille2@cisco.com > Cisco Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJTJ1vBAAoJEDWi+S0W7cO1GbIH/jB145C0XvBjgngGNcVKs/Be 15zEdvojCNdDY0wHdjUXbwIbWs7LHA5ltO8NJhUVLU8E+Rmjl6ow+GvtlwqxCEFm IogrbU3uLEtB2liMGXBxLk2u4SbMV92e8g0WNQ7Qmo5Yws8urzkBFrcIG/Yu2gbe yUjvp8ai1E7o3y6xBZtzgZqIebF063mVMRGXJvIR5Z5DcgjQ0UMW0GLhGslYX6yB +pQ+faA2IsTDIVVBuOu9weP8mwgxU2tqtMcxe7ffWy1iPZrxk21pLvVmHL4sLHXO 4znnhsGApj+OzDojLPXh2jEdGOiO2goz2DWcV04rqpMSeMjLYK7jLw3N0YqMMZw= =W7/c -----END PGP SIGNATURE-----
- [kitten] sasl-oauth "user" as a kvpair or in the … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Sam Hartman
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Sam Hartman
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Ryan Troll
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- [kitten] Pending draft 15 Re: sasl-oauth "user" a… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Ryan Troll
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Matt Miller
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Sam Hartman
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Matt Miller