IETF Logo Mail Archive

Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?

Bill Mills <wmills_92105@yahoo.com> Mon, 17 March 2014 17:19 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 349691A045C for <kitten@ietfa.amsl.com>; Mon, 17 Mar 2014 10:19:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.454
X-Spam-Level:
X-Spam-Status: No, score=0.454 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, J_CHICKENPOX_45=0.6, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.547] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CBZ1uIze7qFb for <kitten@ietfa.amsl.com>; Mon, 17 Mar 2014 10:19:18 -0700 (PDT)
Received: from nm41.bullet.mail.bf1.yahoo.com (nm41.bullet.mail.bf1.yahoo.com [216.109.114.57]) by ietfa.amsl.com (Postfix) with ESMTP id F40A21A045A for <kitten@ietf.org>; Mon, 17 Mar 2014 10:19:17 -0700 (PDT)
Received: from [66.196.81.174] by nm41.bullet.mail.bf1.yahoo.com with NNFMP; 17 Mar 2014 17:19:09 -0000
Received: from [98.139.212.224] by tm20.bullet.mail.bf1.yahoo.com with NNFMP; 17 Mar 2014 17:19:09 -0000
Received: from [127.0.0.1] by omp1033.mail.bf1.yahoo.com with NNFMP; 17 Mar 2014 17:19:09 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 796904.70079.bm@omp1033.mail.bf1.yahoo.com
Received: (qmail 29607 invoked by uid 60001); 17 Mar 2014 17:19:09 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1395076749; bh=3rai32R33N9yb9lJLFBMTmaPIuBdx4oqYEq0HhFTg6o=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=avHgcSJ3ACIkf9BMcREZ7IG4Ew1Ev0gREIS+w8E1jGfnp2yZE6YfOpy94Qd96GpPK5ZzhHBa9p37lhNagLd5V4MPhks/RqnVYMxlgwFVnDNinM63lqFSki+0HDWZ2/J1SacAJs/ANvm9+pLKpb3uWD2eB4FyMaltOPu/jt56L+s=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=kklOds/qeD/2sV8ERjQkI1I5ZOrmsS+6Xn3/z7SOjvZXpZYo7SP3hPgz4eb+WjC8FEiHSXLjj8mhvFTh6w6YF6n09D4bi84/daQLMtqK5omFG5vnel3TkM3THMRTdcpcVjQiGQ3xoqEgNMoiHB6eXb8peBoFMa2ss93AV/45Tbg=;
X-YMail-OSG: 6Dx4xyAVM1nVNfDucfJSDnvDXPthDZWnfqSKyHZeP94gp4V Y0V2eNlaA_uBfP6Yj22eLTlP1QO_vmqaez0LC.kf39K0Voo27FHoNsko8hCy dwy.Ir3Gy48X8IBfB0nO2OPZiE.rLcv72Jw_3Ok6MHDaLMvDGuOCpw78eEDa d2FWdsjM1jg19qw79KktA27ugY9399Ao_ZQWX1S7YbjU4NAx6htwQosvZskn EBdXgKQ9QsvhD03Yd5kHWHpTyRISSz3bjrxCip5x1gfOKoS4xMmaMLvmxsLP ymLTUf8zYKefG5i9aLXkS9qCxc0sKCZsKomOuypiDIMByl4lKhpsiYMT0RfD WUOfICRmmwNhZx2aLJwKgwJmKnQgSQW3KuqQNodjMRs2l1DGZde2uaSXhBU8 bcQ_KvM2BDE7K7RcggjKbkcQTh1wNUANewMuTEQALr6t4FurG9PX1g0TKCJq 4A2jl2jZmJv.Ma.zgNqS_Mvhp439zZp7LtSvXhpleOXVLBmKUSj2sEYN9a7b 34y5Bx9uZ2THdn.uhOsLThCBy2XbTtWzWQsexlbBXUpItWD5SeUAZWQsjOfP MZ8c16YY1zsYm7j3geHofFBG3FQDEW3tS2nxaq2jz8UcK1HuleCuevdSwZyR g3C9lGPfEAE1TEmd7QKWBVvUYphcJZlWxRFL1LSdgxCbG_9QWjTlGq160Pzy PVl0b3jZJyD8js6CWDWUZlhgIEOvpByRKlw2luyRN_5CIiVr0w3.X7O0XVag wJKSCdj3dFKn.WLP6dHdosWAEq.SS1d_SvY9zKZkXbs.uHkyeVl3hJ7Ofp96 wj0TyIRG3NokDF7zQonHd3.c-
Received: from [99.31.212.42] by web142806.mail.bf1.yahoo.com via HTTP; Mon, 17 Mar 2014 10:19:09 PDT
X-Rocket-MIMEInfo: 002.001, Rml4ZWQuIFRoYW5rcy4KCgoKT24gTW9uZGF5LCBNYXJjaCAxNywgMjAxNCAxMDoxNCBBTSwgUnlhbiBUcm9sbCA8cnRyb2xsQGdvb2dsZXJzLmNvbT4gd3JvdGU6CiAKU2VlbXMgcmVhc29uYWJsZS4KClRoZSBsYXN0IHNlbnRlbmNlIGNvbnRhaW5zIHR3byB0eXBvcy4KCi1SCgoKCk9uIEZyaSwgTWFyIDE0LCAyMDE0IGF0IDI6NTIgUE0sIEJpbGwgTWlsbHMgPHdtaWxsc185MjEwNUB5YWhvby5jb20.IHdyb3RlOgoKUXVvdGluZyBoZXJlLCBpbiB0aGUgaG9wZSB0aGF0IGl0IHBpcXVlcyBzb21lb25lJ3MgaW4BMAEBAQE-
X-Mailer: YahooMailWebService/0.8.178.641
References: <1393869321.174.YahooMailNeo@web125602.mail.ne1.yahoo.com> <tslr46j2kbm.fsf@mit.edu> <1393875779.29082.YahooMailNeo@web125604.mail.ne1.yahoo.com> <tsld2i21j7u.fsf@mit.edu> <1393926562.54403.YahooMailNeo@web125603.mail.ne1.yahoo.com> <1393948558.69282.YahooMailNeo@web125602.mail.ne1.yahoo.com> <CAPe4Cjoh7n-cQAuy17MWs66wigqTQvGBVVtEJ0_3zjaSg-5JmQ@mail.gmail.com> <1394650561.77489.YahooMailNeo@web142801.mail.bf1.yahoo.com> <1394833947.5753.YahooMailNeo@web142802.mail.bf1.yahoo.com> <CAPe4CjrQK+6EFyNCuj5t9OknLOMacH=XiW1Aq6R1nf9Vy2d=5Q@mail.gmail.com>
Message-ID: <1395076749.76185.YahooMailNeo@web142806.mail.bf1.yahoo.com>
Date: Mon, 17 Mar 2014 10:19:09 -0700
From: Bill Mills <wmills_92105@yahoo.com>
To: Ryan Troll <rtroll@googlers.com>
In-Reply-To: <CAPe4CjrQK+6EFyNCuj5t9OknLOMacH=XiW1Aq6R1nf9Vy2d=5Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="515012262-276450129-1395076749=:76185"
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/D-XxlB5HuVNh3g3H2KgiAi6psEU
Cc: "kitten@ietf.org" <kitten@ietf.org>, Bill Mills <wmills@yahoo-inc.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 17:19:20 -0000

Fixed. Thanks.



On Monday, March 17, 2014 10:14 AM, Ryan Troll <rtroll@googlers.com> wrote:
 
Seems reasonable.

The last sentence contains two typos.

-R



On Fri, Mar 14, 2014 at 2:52 PM, Bill Mills <wmills_92105@yahoo.com> wrote:

Quoting here, in the hope that it piques someone's interest.  New proposed language is:
>
>
>" Client responses are a GS2 [RFC5801] header followed by a key/value pair sequence, or may be empty. The gs2-header is defined here for compatibility with GS2 if a GS2 mechanism is formally defined, but this document does not define one. These key/value pairs carry the equivalent values from an HTTP context in order to be able to complete an OAuth style HTTP authorization. Unknown key/value pairs MUST be ignored by the server. The ABNF [RFC5234] syntax is:
>kvsep          = %x01 key            = 1*(ALPHA / ",") value          = *(VCHAR / SP / HTAB / CR / LF ) kvpair         = key "=" value kvsep
;;gs2-header     = See RFC 5801 client_resp    = (gs2-header kvsep 0*kvpair kvsep) / kvsep 
>The GS2 header MUST inclde the user name asociated with the resource being accessed, the "authzid"."
>
>
>Hoping to wrap this up soon.
>
>
>Thanks,
>
>
>-bill
>
>
>
>
>
>On Wednesday, March 12, 2014 11:56 AM, Bill Mills <wmills_92105@yahoo.com> wrote:
> 
>Please take a look at the attached, specifically 3.1, and see if it captures what's been discussed.
>
>
>Thanks,
>
>
>-bill
>
>
>
>On Thursday, March 6, 2014 3:38 PM, Ryan Troll <rtroll@googlers.com> wrote:
> 
>Apologies for the delay in responding.
>
>
>I understand this was discussed in today's meeting; and we're going to have a follow-up to discuss further - very reasonable.
>
>
>To answer Bill's original question: user= or a= --> Either works for us.  If one has better implications than the other, we'll use it.
>
>
>-R
>
>
>
>
>
>On Tue, Mar 4, 2014 at 7:55 AM, Bill Mills <wmills@yahoo-inc.com> wrote:
>
>
>>
>>It is not used as a SASL identity.  Quoting from -03 and -14 in progress:
>>
>>"user (REQUIRED):
>>
>>
>>Contains the user name being 
authenticated.  The server MAY use this as a routing or database lookup 
hint.  The server MUST NOT use this as authoritative, the user name MUST be asserted by the OAuth credential."
>> 
>>Also, looking at the Google API docs for XOAUTH2, they implemented based on the -03 spec and have the "user=$username" syntax.  See https://developers.google.com/gmail/xoauth2_protocol 
>>
>>Based on Google's server API and the extant clients they have I'd like to ask for a consensus call on the following:
>>
>>1) Add the -03 "user" kvpair back into the spec.
>>
>>a) YES or b) NO.  
>>
>>2) Should we include a GS2 header"
>>
>>a) No, let's wait for the GS2 update that deals with things that lack mutual auth and then write a spec that defines a GS2 header for SASL+OAUTH.
>>
>>b) Change the definition of "key" in kvpair to 1*(ALPHA / ",").  This makes a GS2 header followed by a ^A (i.e.
 "n,a=user@example.com^A") a valid kvpair which would be ignored by servers that don't understand it. 
>>
>>c) Define a stub OPTIONAL GS2 header explicitly.
>>
>>d) Include a fully
 defined GS2 header (language from draft -10).
>>
>>
>>My own feedback is 1: YES, 2: a or b.
>>
>>
>>-bill
>>
>>
>>
>>--------------------------------
>>William J. Mills
>>"Paranoid" MUX Yahoo!
>>
>>
>>
>>
>>
>>
>>On Tuesday, March 4, 2014 12:06 AM, Sam Hartman <hartmans-ietf@mit.edu> wrote:
>> 
>>t's discuss Thursday.
>>I'd like to understand what the user= value signifies and whether it's
>>actually a SASL authorization identifier.
>>
>>I'd like to understand whether there's value in an unprotected SASL
>>authorization identifier.
>>
>>
>>
>>
>>
>>
>>_______________________________________________
>>Kitten mailing list
>>Kitten@ietf.org
>>https://www.ietf.org/mailman/listinfo/kitten
>>
>>
>
>
>_______________________________________________
>Kitten mailing list
>Kitten@ietf.org
>https://www.ietf.org/mailman/listinfo/kitten
>
>
>
>_______________________________________________
>Kitten mailing list
>Kitten@ietf.org
>https://www.ietf.org/mailman/listinfo/kitten
>
>
>

v2.29.0 | Report a Bug | By Email | System Status