Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP, that is the question...
Matt Peterson <Matt.Peterson@quest.com> Mon, 09 April 2012 17:02 UTC
Return-Path: <Matt.Peterson@quest.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E50721F86DE for <kitten@ietfa.amsl.com>; Mon, 9 Apr 2012 10:02:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o18SV9VF7lFH for <kitten@ietfa.amsl.com>; Mon, 9 Apr 2012 10:02:00 -0700 (PDT)
Received: from alvetxw01.quest.com (alvetxw01.quest.com [12.106.87.93]) by ietfa.amsl.com (Postfix) with ESMTP id C42C521F86B4 for <kitten@ietf.org>; Mon, 9 Apr 2012 10:02:00 -0700 (PDT)
Received: from ALVHTXW02.prod.quest.corp (10.1.135.18) by alvetxw01.quest.com (10.1.100.93) with Microsoft SMTP Server (TLS) id 14.1.355.2; Mon, 9 Apr 2012 09:59:05 -0700
Received: from ALVMBXW01.prod.quest.corp ([fe80::48dd:e065:86b3:9cee]) by ALVHTXW02.prod.quest.corp ([::1]) with mapi id 14.01.0355.002; Mon, 9 Apr 2012 10:01:59 -0700
From: Matt Peterson <Matt.Peterson@quest.com>
To: "kitten@ietf.org" <kitten@ietf.org>
Thread-Topic: [kitten] OAUTH/SASL... to HTTP or not to HTTP, that is the question...
Thread-Index: AQHNEgF6shtgFz/if0epyUjjcuNTnJaSwIDQ
Date: Mon, 09 Apr 2012 17:01:59 +0000
Message-ID: <7F2B7AC6C3EEDC4A9C067A7852FA8A2D10156D4A@ALVMBXW01.prod.quest.corp>
References: <1333498239.81695.YahooMailNeo@web31804.mail.mud.yahoo.com> <1333501139.69852.YahooMailNeo@web31807.mail.mud.yahoo.com> <CAK3OfOjPJK6cBdtCMwtdOwSdkF9vkPybDCnShbGezAUAFrjhvw@mail.gmail.com>
In-Reply-To: <CAK3OfOjPJK6cBdtCMwtdOwSdkF9vkPybDCnShbGezAUAFrjhvw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.5.37.19]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Mailman-Approved-At: Mon, 09 Apr 2012 11:08:29 -0700
Subject: Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP, that is the question...
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Apr 2012 17:02:01 -0000
Ditto. -----Original Message----- From: kitten-bounces@ietf.org [mailto:kitten-bounces@ietf.org] On Behalf Of Nico Williams Sent: Tuesday, April 03, 2012 7:23 PM To: William Mills Cc: kitten@ietf.org Subject: Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP, that is the question... On Tue, Apr 3, 2012 at 7:58 PM, William Mills <wmills@yahoo-inc.com> wrote: > The major question remaining for my draft is HTTP(like) or not for the SASL > message format? Please select one of the following: > > A) The current message format is fine. > B) HTTP-like is OK as long as we limit the insanity. > C) HTTP in any form is a deal breaker for me. Give me something simple. > D) None of the above, and I have a possible solution of my own to > propose. I'm not an implementor of this protocol. Some day I might be. I'm OK with (B), but I'd prefer something saner than HTTP. JSON is almost perfectly sane (missing only a self-describing encoding of binary data). I want it to be simple, and I think HTTP-like-but-lite would be OK, but there's so much off-the-shelf code and experience with JSON... If there's running code that has been deployed then I think (B) is the best option. HTTP-like with HTTP insanity is a deal breaker though. So count me as in favor of (B) if there's not enough support for (C). Nico -- _______________________________________________ Kitten mailing list Kitten@ietf.org https://www.ietf.org/mailman/listinfo/kitten
- [kitten] Feedback from IETF #83 on the OAUTH/SASL… William Mills
- [kitten] OAUTH/SASL... to HTTP or not to HTTP, th… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Nico Williams
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Simon Josefsson
- Re: [kitten] Feedback from IETF #83 on the OAUTH/… Simon Josefsson
- Re: [kitten] Feedback from IETF #83 on the OAUTH/… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Matt Peterson