Re: [kitten] SASL OAuth: Next Steps
William Mills <wmills@yahoo-inc.com> Mon, 12 March 2012 01:02 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ADC8D21F8619 for <kitten@ietfa.amsl.com>; Sun, 11 Mar 2012 18:02:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.387
X-Spam-Level:
X-Spam-Status: No, score=-17.387 tagged_above=-999 required=5 tests=[AWL=0.212, BAYES_00=-2.599, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iX0SRo33EyuO for <kitten@ietfa.amsl.com>; Sun, 11 Mar 2012 18:02:12 -0700 (PDT)
Received: from nm25-vm3.bullet.mail.ne1.yahoo.com (nm25-vm3.bullet.mail.ne1.yahoo.com [98.138.91.155]) by ietfa.amsl.com (Postfix) with SMTP id A60E421F8609 for <kitten@ietf.org>; Sun, 11 Mar 2012 18:02:06 -0700 (PDT)
Received: from [98.138.90.54] by nm25.bullet.mail.ne1.yahoo.com with NNFMP; 12 Mar 2012 01:02:02 -0000
Received: from [98.138.87.11] by tm7.bullet.mail.ne1.yahoo.com with NNFMP; 12 Mar 2012 01:02:02 -0000
Received: from [127.0.0.1] by omp1011.mail.ne1.yahoo.com with NNFMP; 12 Mar 2012 01:02:02 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 711790.89379.bm@omp1011.mail.ne1.yahoo.com
Received: (qmail 53562 invoked by uid 60001); 12 Mar 2012 01:02:02 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1331514122; bh=xj+ElpBna1jAOrgvzSLxgI6AjiyXbjhw9EcETKLtyI4=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=NsATHaFDy4XPKTeGZECEIgBJDZmY0D3vgWn4YJRVuWFRIKMGIrbRB5CwGscSD2BC0adSpB+3+uB48R0wHLXh7X4v5gkCEwIM4WPzGGCVYUvKSQbedVAS9gNcdPmP9Q0O+IXyQhMSHhur8a2kCFckKylpWcx0r6O77JMEMNymXsA=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=XkSxxi6VII146a84zcwrRZAnw2ajnZJ4TWXSO/2ufdLYbgdkiQq8Ke1MoFODBvXwHX+BCs30LAab0fwcFw9yXzHpyMyJ5ZoNhvA9zqb5qIGvnY8rZgB439POQLGraRsHhNfH4SzuNkMS77rfAwi9O1TnTwv2u2PTTrcS4dJzuiU=;
X-YMail-OSG: bXQS1CQVM1l0gMwgEo7nCTBhriFSfgo3P0fGY4CIIYmKGJg HPEB6s98urrnmew6Ry_BOz9LbpcbuUHhE_S8VJr88599Dwa.xlQAdEmGVRUM 11jB1Ocf7vFzt537aJf.CPShdTDcbdjmc_lijI9r8NZQ3cPxedH04trekHXP WU_0Y1OYZqlLywMCguPwurn35IsAE4jLjZDVJVjeQDsbiY6rQBMopPxBXrQX 0aYkxB5oNLtG.._S0PAi5atJEuesbs1ZFTJm9To9t5i3gGtK96bssMXuusjr YPp8dqgXaGBLXwf85e1EAU.Cd9toyCmWpzTbzM2iLuqtD8R46Z7npdT6UC5b VcFX8Dj0bUihjUIR8JFXZgr89egAhIkpUJ1N4dMgdBXf1P6waa4UoBiKFT0I mDSzZ7FLYF2c0618yB0z35dN33wts
Received: from [99.31.212.42] by web31806.mail.mud.yahoo.com via HTTP; Sun, 11 Mar 2012 18:02:02 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.117.340979
References: <999913AB42CC9341B05A99BBF358718DE38797@FIESEXC035.nsn-intra.net> <4F04E442.4000702@yahoo-inc.com> <C0B5568F50F6582F8EE6E4BA@96B2F16665FF96BAE59E9B90> <8762gqev30.fsf@windlord.stanford.edu> <4F06183B.4010401@yahoo-inc.com> <1325808084.1216.YahooMailNeo@web31812.mail.mud.yahoo.com> <1327389000.74641.YahooMailNeo@web31807.mail.mud.yahoo.com> <84A8F86B-0866-4C7D-91C3-CE0671CBA24E@gmx.net> <4F5D3CCB.3070102@babelmonkeys.de>
Message-ID: <1331514122.47869.YahooMailNeo@web31806.mail.mud.yahoo.com>
Date: Sun, 11 Mar 2012 18:02:02 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Florian Zeitz <florob@babelmonkeys.de>, "kitten@ietf.org" <kitten@ietf.org>
In-Reply-To: <4F5D3CCB.3070102@babelmonkeys.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [kitten] SASL OAuth: Next Steps
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2012 01:02:13 -0000
First, lemme say I'm happy to have active discussion on this! More inline... >________________________________ > From: Florian Zeitz <florob@babelmonkeys.de> >To: kitten@ietf.org >Sent: Sunday, March 11, 2012 5:01 PM >Subject: Re: [kitten] SASL OAuth: Next Steps <snip /> >Nom, tasty TOFU. > >Hi, > >I have a question/suggestion concerning this. >I'm admittedly somewhat reluctant to ask at this point, because I have >not found time to read enough of the OAuth RFCs to get the full picture, >but please bear with me. > >It seems we have a relatively well defined list of necessary >information. If this is put into JSON it appears to me that this JSON, >except for ordering of entries will not be particularly flexible. >Is there a compelling reason not to go back to a good old comma >separated key value pair list at that point? It's well defined for the current token profiles, yes, but what about for extensions and new auth profiles? I wanted to avoid having to write in a mapping per OAuth auth profile from the data in band to how it's used in authentication. > >The reason I ask is that having either a HTTP or a JSON parser (even a >limited one) just for a SASL mechanism seems like enormous over >engineering to me. On the server side it's probably more work, but on the client you have to do HTTP and JSON anyway. >This particularly struck me when people were discussing token based >authentication at the last XMPP Summit. People were suggesting we might >be able to reuse SASL OAuth for this under the assumption that it would >just amount to sending a single token string over the wire. >I find it somewhat irritating that at this point in time it is very >significantly more complex than that. The simplest token case, Bearer, could work this way. I don't think anything else does. We might be able to do it differently, but I was using this also as proposal for how to do OAuth 2 discovery. Will XMPP want auth endpoint discovery? -bill > >Regards, >Florian Zeitz >_______________________________________________ >Kitten mailing list >Kitten@ietf.org >https://www.ietf.org/mailman/listinfo/kitten > > >
- [kitten] SASL OAuth: Next Steps Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [kitten] SASL OAuth: Next Steps Peter Saint-Andre
- Re: [kitten] SASL OAuth: Next Steps William Mills
- Re: [kitten] SASL OAuth: Next Steps Simon Josefsson
- Re: [kitten] SASL OAuth: Next Steps Hannes Tschofenig
- Re: [kitten] SASL OAuth: Next Steps William Mills
- Re: [kitten] SASL OAuth: Next Steps Hannes Tschofenig
- Re: [kitten] SASL OAuth: Next Steps Tim Showalter
- Re: [kitten] SASL OAuth: Next Steps Chris Newman
- Re: [kitten] SASL OAuth: Next Steps Russ Allbery
- Re: [kitten] SASL OAuth: Next Steps Tim Showalter
- Re: [kitten] SASL OAuth: Next Steps William Mills
- Re: [kitten] SASL OAuth: Next Steps William Mills
- [kitten] newbie question... William Mills
- Re: [kitten] newbie question... Nico Williams
- Re: [kitten] newbie question... Luca Frosini
- Re: [kitten] SASL OAuth: Next Steps Hannes Tschofenig
- Re: [kitten] SASL OAuth: Next Steps Florian Zeitz
- Re: [kitten] SASL OAuth: Next Steps William Mills
- Re: [kitten] SASL OAuth: Next Steps William Mills
- Re: [kitten] SASL OAuth: Next Steps Hannes Tschofenig
- Re: [kitten] SASL OAuth: Next Steps William Mills
- Re: [kitten] SASL OAuth: Next Steps Florian Zeitz
- Re: [kitten] SASL OAuth: Next Steps William Mills
- Re: [kitten] SASL OAuth: Next Steps Jeffrey Altman