Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?
Bill Mills <wmills_92105@yahoo.com> Mon, 17 March 2014 21:15 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F9F61A05D3 for <kitten@ietfa.amsl.com>; Mon, 17 Mar 2014 14:15:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.045
X-Spam-Level:
X-Spam-Status: No, score=-2.045 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.547] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k2IcPPzEoiJe for <kitten@ietfa.amsl.com>; Mon, 17 Mar 2014 14:15:27 -0700 (PDT)
Received: from nm8-vm0.bullet.mail.bf1.yahoo.com (nm8-vm0.bullet.mail.bf1.yahoo.com [98.139.213.95]) by ietfa.amsl.com (Postfix) with ESMTP id 86C1A1A058E for <kitten@ietf.org>; Mon, 17 Mar 2014 14:15:27 -0700 (PDT)
Received: from [66.196.81.171] by nm8.bullet.mail.bf1.yahoo.com with NNFMP; 17 Mar 2014 21:15:19 -0000
Received: from [98.139.212.246] by tm17.bullet.mail.bf1.yahoo.com with NNFMP; 17 Mar 2014 21:15:19 -0000
Received: from [127.0.0.1] by omp1055.mail.bf1.yahoo.com with NNFMP; 17 Mar 2014 21:15:19 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 347813.51320.bm@omp1055.mail.bf1.yahoo.com
Received: (qmail 86972 invoked by uid 60001); 17 Mar 2014 21:15:19 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1395090919; bh=ZXgWFE58iTjdN20Ho0GCTUVdpVgeJ/B04vzV8vYKNzg=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=VkClXxdC7BnboUiT1H/B8YvDIS9tphDCeg5GmllK/GMFi8rkr0peXLXzcjUR5/Hf9Xdrxuwt86ZQZE2FBH42T1kCSgEfGhDNGlQTju2hpPKgjEyySZxD2qyGGDLTHS4M1qOppEYPXVN7tUgVJO0duGTf+QyTz0sJglzZsutB87k=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=WOeyu8KNWKR/WXmCL1gci2I4RKAXC5HG2yj+ayeC1syPi+w4VADx0yZLQCOQQAOZr4HGFacCSBlh1Y+e0ETuZHMllMapyB1Aeu6fSmYG3SWXKeP5M8hFf1vaH2tkF/jZ0bKYL10H1Ln1CEsttWkXUhHk8x5WWO9CyVg9jnJY6lk=;
X-YMail-OSG: n4hvsMwVM1lLhaMc4L0MyN7ANAD7OEL4_KAmKO8MDaRR3fl _cuRifzBc9GcAYvjv8FxSt2K24vPg3rYuHWxkcUtX6DAtZ6dkubug6JsPGSn WaDrzW646vbmbo2vAuSiiTYOaT4853CktnPKe6AzXEVcIAN7FNXhecmlFT_o OS_tevGXyd5CkE3Ku5ZdMpBaoWiJIsSeeoibt0B8NDe3xBlGRvn.kd7ngIYY 39t1Gg02mxSYC_6odaYzYbKy8tGNEYK.AUhXjd4EFZ7Hdqnhs..ZAtrxgbOk mnRXL5HyFKMceAS9e_DrPv5CBSvafs9th.QhD3xiDsymIQ7z2MTwsTQcKmQO J4Mq2oAMrpamyl2ZMvD_KOpo6D8auJl9XVX05DZDe76JhExvtb4sFORAg7Z1 MBfowOiEchmVzMveBFnHUnv3Byl7eO1SpdLxYLHPX.ipy5VYE4ZL1hd8JHiz xL6lsoR9a5EoKaGR6J8b51a0AaRke6xsekmmfBAZHo44IpjNgh8tYJ9pavKH _rCalx1QTAHtC_cRD8KFaOcECbnBAso5yb1A0BG3aDCcxB6HyYMQAzCktowx JVyzEZTwmynDz_oNutBdVQDiK94zSpUPsIj7pI7HKD.MqdQAwcNBaFsokSzo ank4ua2Zste4k4NqfvS3OYsmdklmd.GIBJdY4gySumZkn82MZKut666fhmXw 9G0wnjt2TKvqSKS0w.pc-
Received: from [66.228.162.52] by web142806.mail.bf1.yahoo.com via HTTP; Mon, 17 Mar 2014 14:15:19 PDT
X-Rocket-MIMEInfo: 002.001, T0ssIHNvIGdpdmVuIEdvb2dsZSdzIGV4dGFudCBpbXBsZW1lbnRhdGlvbiwgaWYgd2UgY2hhbmdlIGl0IHRvIFNIT1VMRCAKdGhlIE1VU1QgaXMgaW1wbGljaXQgYW5kIHRoZSBkZSBmYWN0byBzdGFuZGFyZCBhbnl3YXkgaWYgeW91IHdhbnQgaXQgdG8gCndvcmsgd2l0aCBHb29nbGUuCgoKSSdkIHJhdGhlciBoYXZlIHRoZSBzdGFuZGFyZCBleHBsaWNpdGx5IGRvY3VtZW50IHdoYXQgaXMgd29ya2luZyBub3csIGJ1dCBJIGNhbiBtYWtlIHRoZSBjaGFuZ2UgZWFzaWx5LgoKwqAKLWJpbGwKCgoKCk9uIE1vbmQBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.178.641
References: <1393869321.174.YahooMailNeo@web125602.mail.ne1.yahoo.com> <tslr46j2kbm.fsf@mit.edu> <1393875779.29082.YahooMailNeo@web125604.mail.ne1.yahoo.com> <tsld2i21j7u.fsf@mit.edu> <1393926562.54403.YahooMailNeo@web125603.mail.ne1.yahoo.com> <1393948558.69282.YahooMailNeo@web125602.mail.ne1.yahoo.com> <CAPe4Cjoh7n-cQAuy17MWs66wigqTQvGBVVtEJ0_3zjaSg-5JmQ@mail.gmail.com> <1394650561.77489.YahooMailNeo@web142801.mail.bf1.yahoo.com> <1394833947.5753.YahooMailNeo@web142802.mail.bf1.yahoo.com> <CAK3OfOhr0ksktckcBK5UG7OYb4-Z=QP6DXCcyArk6A3qVWK3gA@mail.gmail.com> <53275BC1.50808@cisco.com>
Message-ID: <1395090919.78935.YahooMailNeo@web142806.mail.bf1.yahoo.com>
Date: Mon, 17 Mar 2014 14:15:19 -0700
From: Bill Mills <wmills_92105@yahoo.com>
To: Matt Miller <mamille2@cisco.com>, Nico Williams <nico@cryptonector.com>
In-Reply-To: <53275BC1.50808@cisco.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="515012262-1298679956-1395090919=:78935"
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/kY8oNteumU1SLhMQ0Yr429QZ3BI
Cc: "kitten@ietf.org" <kitten@ietf.org>, Bill Mills <wmills@yahoo-inc.com>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [kitten] Pending draft 15 Re: sasl-oauth "user" as a kvpair or in the gs2 header?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 21:15:30 -0000
OK, so given Google's extant implementation, if we change it to SHOULD the MUST is implicit and the de facto standard anyway if you want it to work with Google. I'd rather have the standard explicitly document what is working now, but I can make the change easily. -bill On Monday, March 17, 2014 1:32 PM, Matt Miller <mamille2@cisco.com> wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 3/17/14, 2:13 PM, Nico Williams wrote: > On Fri, Mar 14, 2014 at 4:52 PM, Bill Mills > <wmills_92105@yahoo.com> wrote: >> Quoting here, in the hope that it piques someone's interest. New >> proposed language is: >> >> " Client responses are a GS2 [RFC5801] header followed by a >> key/value pair sequence, or may be empty. The gs2-header is >> defined here for compatibility with GS2 if a GS2 mechanism is >> formally defined, but this document does not > > s/formally/eventually/ ? > >> define one. These key/value pairs carry the equivalent values >> from an HTTP context in order to be able to complete an OAuth >> style HTTP authorization. Unknown key/value pairs MUST be ignored >> by the server. The ABNF [RFC5234] syntax is: >> >> >> kvsep = %x01 key = 1*(ALPHA / ",") value >> = *(VCHAR / SP / HTAB / CR / LF ) kvpair = key "=" value >> kvsep ;;gs2-header = See RFC 5801 client_resp = >> (gs2-header kvsep 0*kvpair kvsep) / kvsep >> >> The GS2 header MUST inclde the user name asociated with the >> resource being accessed, the "authzid"." > > Hmm, MUST? SASL allows the app to not use an authzid if it > doesn't want to. I understand that Google's OAuth use case > requires an authzid, but it's not obvious to me that all OAuth use > cases will. > > + the two typos Ryan noticed. > I had the same pause as Nico. The implementation I was looking into did not require such information. - -- - - m&m Matt Miller < mamille2@cisco.com > Cisco Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJTJ1vBAAoJEDWi+S0W7cO1GbIH/jB145C0XvBjgngGNcVKs/Be 15zEdvojCNdDY0wHdjUXbwIbWs7LHA5ltO8NJhUVLU8E+Rmjl6ow+GvtlwqxCEFm IogrbU3uLEtB2liMGXBxLk2u4SbMV92e8g0WNQ7Qmo5Yws8urzkBFrcIG/Yu2gbe yUjvp8ai1E7o3y6xBZtzgZqIebF063mVMRGXJvIR5Z5DcgjQ0UMW0GLhGslYX6yB +pQ+faA2IsTDIVVBuOu9weP8mwgxU2tqtMcxe7ffWy1iPZrxk21pLvVmHL4sLHXO 4znnhsGApj+OzDojLPXh2jEdGOiO2goz2DWcV04rqpMSeMjLYK7jLw3N0YqMMZw= =W7/c -----END PGP SIGNATURE-----
- [kitten] sasl-oauth "user" as a kvpair or in the … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Sam Hartman
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Sam Hartman
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Ryan Troll
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- [kitten] Pending draft 15 Re: sasl-oauth "user" a… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Ryan Troll
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Matt Miller
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Sam Hartman
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Matt Miller