Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-12

Bill Mills <wmills@yahoo-inc.com> Tue, 07 January 2014 00:25 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 153B41ADAEA for <kitten@ietfa.amsl.com>; Mon, 6 Jan 2014 16:25:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.92
X-Spam-Level:
X-Spam-Status: No, score=-16.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779, USER_IN_DEF_WHITELIST=-15] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m3RxX7wbKrzP for <kitten@ietfa.amsl.com>; Mon, 6 Jan 2014 16:25:47 -0800 (PST)
Received: from mrout1.yahoo.com (mrout1.yahoo.com [216.145.54.171]) by ietfa.amsl.com (Postfix) with ESMTP id 29AA21AE387 for <kitten@ietf.org>; Mon, 6 Jan 2014 16:25:47 -0800 (PST)
Received: from GQ1-EX10-CAHT01.y.corp.yahoo.com (gq1-ex10-caht01.corp.gq1.yahoo.com [10.73.118.80]) by mrout1.yahoo.com (8.14.4/8.14.4/y.out) with ESMTP id s070P9Bm059737 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <kitten@ietf.org>; Mon, 6 Jan 2014 16:25:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yahoo-inc.com; s=cobra; t=1389054310; bh=Cwx+V2UTbWVqGGQax9MDFnXCfql2AO/BOBRcIThhzB0=; h=References:Message-ID:Date:From:Reply-To:Subject:To:CC: In-Reply-To:MIME-Version:Content-Type; b=vnWgHvw4HTpQefZoPctSMYqH9qA1ih0gBRyI0r7udLs2I8y3hqy9u+Ax/HtqP3LFm hyLAQJbeHk3D4JV3xbVXzu5s3LgB66qFpaTIFFyerMWpkj9MOYIxeTyKp7A7Jc7T2B FLBN5gP5pCs0AYu3/yFXmG2EoEXazmqECYDAfycw=
Received: from omp1021.mail.ne1.yahoo.com (98.138.89.165) by GQ1-EX10-CAHT01.y.corp.yahoo.com (10.72.228.24) with Microsoft SMTP Server (TLS) id 14.3.174.1; Mon, 6 Jan 2014 16:25:09 -0800
Received: (qmail 58952 invoked by uid 1000); 7 Jan 2014 00:25:08 -0000
Received: (qmail 33728 invoked by uid 60001); 7 Jan 2014 00:25:08 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1389054308; bh=YE/Ui88/S0mlgzDiMG9XwsqeKMjAzC/J72gaubAoLao=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=WDuLlTi7BI2/jAW/ZXdSv6hefcdKaz7TU6In4CunlquEe6dADVrd+SC5enVUhh2QqFHeoqg1o0RRag1+eNVRyQnlNcV5g3HwMzlYVoC6rpXlAifb0TcmFAMwsWBYA+SlIoq9BkXDOBlB9frxsEXY43D9N+fHslICfYWk9r4HgCc=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=AQX5LKaJbSaDXS78BrIa+MxqX+ClQz/F7ZNUPHIxbOk92mOjpVqJf+iGHkyKM/A7Txo3IwKv0+UH6ntGrEwN4TbiKW339XvWpN7wMV6kqTIaK5I4MWRLceFMcUvg8jIKiJdqZDYTEbn8oduLbrS9wDXSkscUmm+h8bx9TosFz+U=;
X-YMail-OSG: 17z7r9QVM1kD1Yf8VrKMDgBgtCs2ScvSuqS7iIir9aZ6jml GLCduXRgNSEHba5AHwQbF3fWTbqMQwTQmDeKl_wwA9jW43Wdb3hjUYOpFVa2 XAKlPugBo3Ld3.32Ci4_xz8OoswNrWC3j0d6rGqOsa8wUG3AGXRXwkYK9Ezk KwdZLkIwLi3ZCnLPyINXlguh3o5vALAIqeBuc_bAbEHWbp_9vo94MLAiqtHE prmqtHfx0P8OcvKyY9Qzfkkmb36vo6atwjGfGesVcgXrvGspAR2Lgcxoy7Yx qn5hev8IwAZXZDBu6xjLLMmIQ
Received: from [209.131.62.115] by web125604.mail.ne1.yahoo.com via HTTP; Mon, 06 Jan 2014 16:25:08 PST
X-Rocket-MIMEInfo: 002.001, VGhhdCBzYWlkLCB5b3VyIGV4dGFudCBpbXBsZW1lbnRhdGlvbiBtaWdodCBhcmd1ZSBmb3IgbGVhdmluZyB0aGUgR1MyIGhlYWRlciBpbiB0aGVyZS4uLgoKCsKgCi1iaWxsCgoKCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tCldpbGxpYW0gSi4gTWlsbHMKIlBhcmFub2lkIiBZYWhvbyEKCgoKCgpPbiAsIEJpbGwgTWlsbHMgPHdtaWxsc0B5YWhvby1pbmMuY29tPiB3cm90ZToKIApOb3cgdGhhdCBpdCdzIG5vdCBkdXBsaWNhdGluZyB0aGUgZ3MyIHN0dWZmIGl0IG1ha2VzIHNvbWUgc2Vuc2UuwqABMAEBAQE-
X-Mailer: YahooMailWebService/0.8.172.614
References: <52AE9A65.1010700@oracle.com> <C2752600-AC7C-4839-8BD0-3D850ECB19EB@cisco.com> <CAPe4CjpsuGrb+8_bwWa1raFbhgUBVyZBN7bO-JWOSRs5Ambygg@mail.gmail.com> <1389054229.19390.YahooMailNeo@web125601.mail.ne1.yahoo.com>
Message-ID: <1389054308.10730.YahooMailNeo@web125604.mail.ne1.yahoo.com>
Date: Mon, 06 Jan 2014 16:25:08 -0800
From: Bill Mills <wmills@yahoo-inc.com>
To: Ryan Troll <rtroll@googlers.com>, "Matt Miller (mamille2)" <mamille2@cisco.com>
In-Reply-To: <1389054229.19390.YahooMailNeo@web125601.mail.ne1.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-685807438-956567121-1389054308=:10730"
X-Milter-Version: master.31+4-gbc07cd5+
X-CLX-ID: 054310000
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-12
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills@yahoo-inc.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 00:25:50 -0000

That said, your extant implementation might argue for leaving the GS2 header in there...


 
-bill



--------------------------------
William J. Mills
"Paranoid" Yahoo!





On , Bill Mills <wmills@yahoo-inc.com> wrote:
 
Now that it's not duplicating the gs2 stuff it makes some sense.  It can be easily added back.


Any objection to adding the "user" field back in?

 
-bill



--------------------------------
William J. Mills
"Paranoid" Yahoo!





On Monday, January 6, 2014 4:10 PM, Ryan Troll <rtroll@googlers.com> wrote:
 

>MAJOR:
>
>* Removing the GS2-header (which was done in revision -11) also removed the ability for the client to specify an authorization identity.  If the lack of an authorization identity is acceptable (and I suspect it is not for some), then the document needs to state these mechanisms do not support authz-id.


The loss of the authz-id is a problem for us.  Last year we discussed the use case with the list, came to the conclusion that what our use case needed was access to the authz-id; and agreed that we'd pull it from the GS2-header.

Now that the GS2-header is gone, it would be beneficial to provide a standard, but optional, way for clients to provide the authz-id to the service.  This would ensure compatibility across services which require the authz-id; while not requiring it for *all* SASL-OAuth clients.

The original proposal had been to define a reserved keyword ("user") which could be part of the initial client response.  Should this be re-added?


-R
 

_______________________________________________
Kitten mailing list
Kitten@ietf.org
https://www.ietf.org/mailman/listinfo/kitten