Re: [kitten] New draft of https://tools.ietf.org/htmdraft-mills-kitten-sasl-oauth
Shawn Emery <shawn.emery@oracle.com> Mon, 11 July 2011 06:46 UTC
Return-Path: <shawn.emery@oracle.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 850CC21F8A66 for <kitten@ietfa.amsl.com>; Sun, 10 Jul 2011 23:46:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.075
X-Spam-Level:
X-Spam-Status: No, score=-3.075 tagged_above=-999 required=5 tests=[AWL=-0.477, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id koAnnCyPAEJw for <kitten@ietfa.amsl.com>; Sun, 10 Jul 2011 23:46:29 -0700 (PDT)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by ietfa.amsl.com (Postfix) with ESMTP id A122A21F853B for <kitten@ietf.org>; Sun, 10 Jul 2011 23:46:29 -0700 (PDT)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by acsinet15.oracle.com (Switch-3.4.4/Switch-3.4.4) with ESMTP id p6B6kRIh012961 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <kitten@ietf.org>; Mon, 11 Jul 2011 06:46:29 GMT
Received: from acsmt356.oracle.com (acsmt356.oracle.com [141.146.40.156]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id p6B6kQFM027221 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <kitten@ietf.org>; Mon, 11 Jul 2011 06:46:27 GMT
Received: from abhmt109.oracle.com (abhmt109.oracle.com [141.146.116.61]) by acsmt356.oracle.com (8.12.11.20060308/8.12.11) with ESMTP id p6B6kLY8028828 for <kitten@ietf.org>; Mon, 11 Jul 2011 01:46:21 -0500
Received: from [10.7.250.160] (/10.7.250.160) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 10 Jul 2011 23:46:21 -0700
Message-ID: <4E1A9C34.3010202@oracle.com>
Date: Mon, 11 Jul 2011 00:46:12 -0600
From: Shawn Emery <shawn.emery@oracle.com>
User-Agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.9.2.17) Gecko/20110609 Lightning/1.0b2 Thunderbird/3.1.10
MIME-Version: 1.0
To: kitten@ietf.org
References: <1310064776.32123.YahooMailNeo@web31801.mail.mud.yahoo.com>
In-Reply-To: <1310064776.32123.YahooMailNeo@web31801.mail.mud.yahoo.com>
Content-Type: multipart/alternative; boundary="------------020606000502060400010608"
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090202.4E1A9C45.0038:SCFMA922111,ss=1,re=-6.300,fgs=0
Subject: Re: [kitten] New draft of https://tools.ietf.org/htmdraft-mills-kitten-sasl-oauth
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jul 2011 06:46:30 -0000
On 07/ 7/11 12:52 PM, William J. Mills wrote: > Hi, > > I've posted a new draft. I believe there is one open issue, and that > is whether we're going to include text defining how Tunneled HTTP > authentication (started as OAuth) works with GSS-API. I am coming more > and more to the opinion that the GSS-API definition is going to be > very auth mechanism specific. This draft only defines what SASL needs > currently, which is user auth. GSS-API has message integrity as well, > and possibly other things that can be mapped into HTTP auth schemes, > and I think it's going to be required that the auth schemes define > their capabilities and GSS_API mappings. > > The draft also fixes the channel binding text, not tls-unique > specific. Also defining how the CB data is properly generated. > > Subject to the open issue above (which could be significant) I think > this is close to a last call. > > Does this draft need some discussion time in Quebec? If so I'll need > to make travel plans. Of course it is always helpful to be there, but is not a requirement. There are a number of ways that we have joined remote participants to the sessions in the past; WebEx, Skype, jabber, chair, co-author, etc. However, is it possible that we can resolve the open issue before the session? Shawn. -- > > > Meta-Data from the Draft > > Document draft-mills-kitten-sasl-oauth > [View first two pages] > <https://datatracker.ietf.org/submit/status/33695/a4fa263fb7371aecddccdc6674d408d9/#> > > > * [Txt version ] > <http://www.ietf.org/staging/draft-mills-kitten-sasl-oauth-03.txt> > * [Pdf version ] > <http://www.ietf.org/staging/draft-mills-kitten-sasl-oauth-03.pdf> > * [Xml version ] > <http://www.ietf.org/staging/draft-mills-kitten-sasl-oauth-03.xml> > > Revision 03 > WG Individual Submission > Document date 2011-07-01 > Submission date 2011-07-02 > Title Tunneled HTTP Authentication For SASL > Author information > Author 1 William Mills <wmills@yahoo-inc.com> > Author 2 Tim Showalter <timshow@yahoo-inc.com> > Author 3 Hannes Tschofenig <hannes.tschofenig@gmx.net> > Abstract Simple Authentication and Security Layer (SASL) is a > framework for > providing authentication and data security services in connection- > oriented protocols via replaceable mechanisms. OAuth is a protocol > framework for delegated HTTP authentication and thereby provides a > method for clients to access a protected resource on behalf of a > resource owner. > > This document defines the use of HTTP authentication over SASL, and > additionally defines authorization and token issuing endpoint > discovery. Thereby, it enables schemes defined within the OAuth > framework for non-HTTP-based application protocols. > > A significant benefit of OAuth for usage in clients that usually > store passwords is storing tokens instead of passwords. This is much > lower risk since tokens can be more limited in scope of access and > can be managed and revoked separately from the user credential > (password). > Pages 24 > > > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten
- [kitten] New draft of https://tools.ietf.org/htmd… William J. Mills
- Re: [kitten] New draft of https://tools.ietf.org/… Shawn Emery
- Re: [kitten] New draft of https://tools.ietf.org/… Nico Williams