IETF Logo Mail Archive

Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?

Bill Mills <wmills_92105@yahoo.com> Mon, 17 March 2014 22:45 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 514921A045F for <kitten@ietfa.amsl.com>; Mon, 17 Mar 2014 15:45:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.045
X-Spam-Level:
X-Spam-Status: No, score=-2.045 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sVVLvs0vlWIy for <kitten@ietfa.amsl.com>; Mon, 17 Mar 2014 15:45:54 -0700 (PDT)
Received: from nm27-vm1.bullet.mail.bf1.yahoo.com (nm27-vm1.bullet.mail.bf1.yahoo.com [98.139.213.148]) by ietfa.amsl.com (Postfix) with ESMTP id 433FD1A0436 for <kitten@ietf.org>; Mon, 17 Mar 2014 15:45:54 -0700 (PDT)
Received: from [98.139.212.150] by nm27.bullet.mail.bf1.yahoo.com with NNFMP; 17 Mar 2014 22:45:46 -0000
Received: from [98.139.212.227] by tm7.bullet.mail.bf1.yahoo.com with NNFMP; 17 Mar 2014 22:45:46 -0000
Received: from [127.0.0.1] by omp1036.mail.bf1.yahoo.com with NNFMP; 17 Mar 2014 22:45:46 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 44301.7305.bm@omp1036.mail.bf1.yahoo.com
Received: (qmail 9335 invoked by uid 60001); 17 Mar 2014 22:45:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1395096345; bh=XpTWCkIAmalqdZsyRKo6aVI2XM5FBUrrw029wTON+ks=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=cBwV7WcROD2fhYkuHuume9alsAEWNwH845mEdWS5lgA/hUpivlQTGlicWp0SYz4nGahb1HC3k+FB/3QJUyBpOEFw+Il1zgSvlXdwbTR9cixcICwCuVE0uouRgjTjwNvCVeAqPsaPMEQBui+uApxnGwr+p7wdzqsXCUvepSG9Q84=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=DPIB2/Nej69PoN9dwYvU+bzUIttZSdWWtXGyz0t7TnHQyx8O+w1++LSXCQL9Gfqs8woCdz+UyEoaCh6Yh16U58P3xSF4rUDowtunmDTIAHavZTdWjX1aXGZ/krSL9FwdJY7L+93wnRvjctohd5Cjt8CvWVHWvG7wu8AdHx65LHQ=;
X-YMail-OSG: 4egw1DUVM1ntjE9.OtSmcInZWbJNCg34FlCbHEMj6KNMBb5 md8alwIjAQuZts.uTcecHBgZ1RhbO56CC.cLAzzxi8u2551zVN4q_acNBZsd t64sqQt5YN.2wvExU6O0o37Q.dOxzr.V5yApVx_K7ievG6Lo7S1u7ue_R6c7 18JQz0uoAqkGWkrBpnP6kN7UA0U_FZQrmU5RR.dCiNhchpDqnXFAjF1GpZPp XQulaUwM8pnz0YR1LcInMOjH8lwH58QXUPPF7NA0rA0GRFBibXS2BBsvn3jk dmIBKW2LIra_sGF1myZhurPm4xMs9G3SAOwOpB17BQN.v2VMOjNf7cMM9zpP y3olD7CrG1RDHQN7Ro06waaEzOEWzp10ZVKkYzDF1IjmtxEWgxBUltbN2hF_ P_pRVv3aU91totRh6IyGzmpb8CrYYE_.sfn_xROrM.1EkH5IX9PVaMK4pzdW ZMfYg6F5elcA11NOAdyPZOQuPnMP2DecMWnIZRaIog7y15DLZysdbIOcALK7 eYV2CWGy_56.D._pvSwzh5wBlgigaac30GoeqmqaRxfWbkCeyfljHc2U2QND grHuA_kKieAQ2b1eR5htUzffAow--
Received: from [66.228.162.52] by web142803.mail.bf1.yahoo.com via HTTP; Mon, 17 Mar 2014 15:45:45 PDT
X-Rocket-MIMEInfo: 002.001, Q2hhbmdlZCBNVVNUIHRvIE1BWS4gwqBBZGRlZCAiSXQgaXMgd29ydGggbm90aW5nIHRoYXQgYXBwbGljYXRpb24KcHJvdG9jb2xzIGFyZSBhbGxvd2VkIHRvIHJlcXVpcmUgYW4gYXV0aHppZCwgYXMgYXJlIHNwZWNpZmljIHNlcnZlciBpbXBsZW1lbnRhdGlvbnMuIgoKCgpPbiBNb25kYXksIE1hcmNoIDE3LCAyMDE0IDM6MjggUE0sIE5pY28gV2lsbGlhbXMgPG5pY29AY3J5cHRvbmVjdG9yLmNvbT4gd3JvdGU6CiAKT24gTW9uLCBNYXIgMTcsIDIwMTQgYXQgNDo1NiBQTSwgQmlsbCBNaWxscyA8d21pbGxzXzkBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.178.641
References: <1393869321.174.YahooMailNeo@web125602.mail.ne1.yahoo.com> <tslr46j2kbm.fsf@mit.edu> <1393875779.29082.YahooMailNeo@web125604.mail.ne1.yahoo.com> <tsld2i21j7u.fsf@mit.edu> <1393926562.54403.YahooMailNeo@web125603.mail.ne1.yahoo.com> <1393948558.69282.YahooMailNeo@web125602.mail.ne1.yahoo.com> <CAPe4Cjoh7n-cQAuy17MWs66wigqTQvGBVVtEJ0_3zjaSg-5JmQ@mail.gmail.com> <1394650561.77489.YahooMailNeo@web142801.mail.bf1.yahoo.com> <1394833947.5753.YahooMailNeo@web142802.mail.bf1.yahoo.com> <CAK3OfOhr0ksktckcBK5UG7OYb4-Z=QP6DXCcyArk6A3qVWK3gA@mail.gmail.com> <53275BC1.50808@cisco.com> <1395090919.78935.YahooMailNeo@web142806.mail.bf1.yahoo.com> <CAK3OfOiQeZXs4iBP2C3WyZ4y69ejA3QG2fv8ne3C99PJNRySNQ@mail.gmail.com> <1395093378.75479.YahooMailNeo@web142803.mail.bf1.yahoo.com> <CAK3OfOhzLr8TckHB6FjMohskrEd_MBq+vL6HJC0y6_TwnY210g@mail.gmail.com>
Message-ID: <1395096345.90762.YahooMailNeo@web142803.mail.bf1.yahoo.com>
Date: Mon, 17 Mar 2014 15:45:45 -0700
From: Bill Mills <wmills_92105@yahoo.com>
To: Nico Williams <nico@cryptonector.com>
In-Reply-To: <CAK3OfOhzLr8TckHB6FjMohskrEd_MBq+vL6HJC0y6_TwnY210g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="905790552-1963799861-1395096345=:90762"
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/XOg1gaa84AyKWRy_YdiFWlU6q8w
Cc: "kitten@ietf.org" <kitten@ietf.org>, Bill Mills <wmills@yahoo-inc.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 22:45:56 -0000

Changed MUST to MAY.  Added "It is worth noting that application
protocols are allowed to require an authzid, as are specific server implementations."



On Monday, March 17, 2014 3:28 PM, Nico Williams <nico@cryptonector.com> wrote:
 
On Mon, Mar 17, 2014 at 4:56 PM, Bill Mills <wmills_92105@yahoo.com> wrote:
> This feels like soft-selling what the implementer actually has to do.  It's
> like how HTTP evolved to be bug-compliant with major browser or server bugs.
> Never actually documented but are the de facto standard anyway.  Why leave a
> landmine like that unspecified?

Because the way it works in practice is that the app has something
like a dialog or panel where the user is invited to "set/create an
account" or something like that.  The user will be invited to specify
a server name, pick a mechanism, and for the mechnism selection
perhaps addition inputs, and finally they'll be invited to specify an
authzid.  Some of these account parameters are generic:

- a local name for whatever this "account" is
- the server name (and port)
- the authzid
- the name of the mechanism

everything else is mechanism-specific (e.g., "password", "keystore",
"principal name", ...).

The generic bits are generic.  And authzid has always been
application-specific.  Application protocols are allowed to require an
authzid.  Servers are allowed to require an authzid.  Mechanisms are
NOT allowed to require an authzid.


Nico
--

v2.30.2 | Report a Bug | By Email | System Status