IETF Logo Mail Archive

Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?

Matt Miller <mamille2@cisco.com> Tue, 18 March 2014 20:03 UTC

Return-Path: <mamille2@cisco.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7C5811A0296 for <kitten@ietfa.amsl.com>; Tue, 18 Mar 2014 13:03:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.027
X-Spam-Level:
X-Spam-Status: No, score=-9.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MISSING_HEADERS=1.021, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oldhnjGt3-GT for <kitten@ietfa.amsl.com>; Tue, 18 Mar 2014 13:03:25 -0700 (PDT)
Received: from alln-iport-5.cisco.com (alln-iport-5.cisco.com [173.37.142.92]) by ietfa.amsl.com (Postfix) with ESMTP id BF3111A02FB for <kitten@ietf.org>; Tue, 18 Mar 2014 13:03:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2409; q=dns/txt; s=iport; t=1395172997; x=1396382597; h=message-id:date:from:mime-version:cc:subject:references: in-reply-to:content-transfer-encoding; bh=dT33PpLFqfv3fXQKAEbcwGvmLxTuE035teKw4chR/jg=; b=etn22aZdSNgtBmaPBumK32GncqkSt/vlGRLF1DYrvU1x1QNVQOomHUQ7 5fj4cWLwUn9p39emg51L1AcEEiFF+23zeCmbwdbJkO/ipT5Zaiqbhp5mq OpZ4NK16JNo6EF7xQETe0qqXuY3opN/TrIwK53py5RgcYB8X6eHsbhDoa U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArIbAEOmKFOtJXG9/2dsb2JhbABagwY7V6kRBIIklmolgQgWdIIdCAEBAQR4ARALGAkMAwcIBwkDAgECATMBERMBBQIBAYVygW8DEdAvF4xKgWUzBwoOgmaBOgEDiRo4jQ2BZ4xohUiBb4Fdggw
X-IronPort-AV: E=Sophos;i="4.97,679,1389744000"; d="scan'208";a="28442882"
Received: from rcdn-core2-2.cisco.com ([173.37.113.189]) by alln-iport-5.cisco.com with ESMTP; 18 Mar 2014 20:03:17 +0000
Received: from xhc-rcd-x05.cisco.com (xhc-rcd-x05.cisco.com [173.37.183.79]) by rcdn-core2-2.cisco.com (8.14.5/8.14.5) with ESMTP id s2IK3Hbi031876 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <kitten@ietf.org>; Tue, 18 Mar 2014 20:03:17 GMT
Received: from MAMILLE2-M-T03K.local (64.101.72.44) by xhc-rcd-x05.cisco.com (173.37.183.79) with Microsoft SMTP Server (TLS) id 14.3.123.3; Tue, 18 Mar 2014 15:03:16 -0500
Message-ID: <5328A685.1020703@cisco.com>
Date: Tue, 18 Mar 2014 14:03:17 -0600
From: Matt Miller <mamille2@cisco.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
CC: "kitten@ietf.org" <kitten@ietf.org>
References: <1393869321.174.YahooMailNeo@web125602.mail.ne1.yahoo.com> <tslr46j2kbm.fsf@mit.edu> <1393875779.29082.YahooMailNeo@web125604.mail.ne1.yahoo.com> <tsld2i21j7u.fsf@mit.edu> <1393926562.54403.YahooMailNeo@web125603.mail.ne1.yahoo.com> <1393948558.69282.YahooMailNeo@web125602.mail.ne1.yahoo.com> <CAPe4Cjoh7n-cQAuy17MWs66wigqTQvGBVVtEJ0_3zjaSg-5JmQ@mail.gmail.com> <1394650561.77489.YahooMailNeo@web142801.mail.bf1.yahoo.com> <1394833947.5753.YahooMailNeo@web142802.mail.bf1.yahoo.com> <CAK3OfOhr0ksktckcBK5UG7OYb4-Z=QP6DXCcyArk6A3qVWK3gA@mail.gmail.com> <53275BC1.50808@cisco.com> <1395090919.78935.YahooMailNeo@web142806.mail.bf1.yahoo.com> <CAK3OfOiQeZXs4iBP2C3WyZ4y69ejA3QG2fv8ne3C99PJNRySNQ@mail.gmail.com> <1395093378.75479.YahooMailNeo@web142803.mail.bf1.yahoo.com> <CAK3OfOhzLr8TckHB6FjMohskrEd_MBq+vL6HJC0y6_TwnY210g@mail.gmail.com> <1395096345.90762.YahooMailNeo@web142803.mail.bf1.yahoo.com>
In-Reply-To: <1395096345.90762.YahooMailNeo@web142803.mail.bf1.yahoo.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Originating-IP: [64.101.72.44]
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/PFz3UglL3nUj4sBwA9a4y8Unagc
Subject: Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Mar 2014 20:03:27 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

That change works for me.

- -- 
- - m&m

Matt Miller < mamille2@cisco.com >
Cisco Systems, Inc.

On 3/17/14, 4:45 PM, Bill Mills wrote:
> Changed MUST to MAY.  Added "It is worth noting that application 
> protocols are allowed to require an authzid, as are specific
> server implementations."
> 
> 
> On Monday, March 17, 2014 3:28 PM, Nico Williams
> <nico@cryptonector.com> wrote: On Mon, Mar 17, 2014 at 4:56 PM,
> Bill Mills <wmills_92105@yahoo.com <mailto:wmills_92105@yahoo.com>>
> wrote:
>> This feels like soft-selling what the implementer actually has to
>> do.
> It's
>> like how HTTP evolved to be bug-compliant with major browser or
>> server
> bugs.
>> Never actually documented but are the de facto standard anyway.
>> Why
> leave a
>> landmine like that unspecified?
> 
> Because the way it works in practice is that the app has something 
> like a dialog or panel where the user is invited to "set/create an 
> account" or something like that.  The user will be invited to
> specify a server name, pick a mechanism, and for the mechnism
> selection perhaps addition inputs, and finally they'll be invited
> to specify an authzid.  Some of these account parameters are
> generic:
> 
> - a local name for whatever this "account" is - the server name
> (and port) - the authzid - the name of the mechanism
> 
> everything else is mechanism-specific (e.g., "password",
> "keystore", "principal name", ...).
> 
> The generic bits are generic.  And authzid has always been 
> application-specific.  Application protocols are allowed to require
> an authzid.  Servers are allowed to require an authzid.  Mechanisms
> are NOT allowed to require an authzid.
> 
> 
> Nico --
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCgAGBQJTKKaEAAoJEDWi+S0W7cO1IGIH/3dMfLiDSY6PVLK46Iar14m7
yDViiMOVMUGSPuuV9p2imv2CTn1hGUmz9Ca16HMZtyqncQauM0wuO86hgr2L7RAI
h1AtgGCIrepwPMeVMDUnSb+Kv7T4JEeMpszLlIOcEellIAN+dBWOby3UJUsVR822
yWWz5F/6LR/dIws9SP6wJPq2Y0xn40KDwL+20ofjOMMI3cCsEnjdCX4fSdEAOufE
LTBDyhxRK2nY7UrleWXW/flJeb5fJX2n/Mf51uSDmG0Z5h00DZhmrqA8pexwYFek
mqnDs9tY/tDuDVdDmZzhHzLmLk8a/nvR4kRRobNIisVD3HwmOGoisMCUZNMFR28=
=Zei6
-----END PGP SIGNATURE-----

v2.29.0 | Report a Bug | By Email | System Status