Re: [kitten] I-D Action: draft-ietf-kitten-sasl-openid-07.txt
William Mills <wmills@yahoo-inc.com> Tue, 29 November 2011 01:49 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DACB921F853E for <kitten@ietfa.amsl.com>; Mon, 28 Nov 2011 17:49:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.184
X-Spam-Level:
X-Spam-Status: No, score=-15.184 tagged_above=-999 required=5 tests=[BAYES_40=-0.185, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82tPVK4RpsUQ for <kitten@ietfa.amsl.com>; Mon, 28 Nov 2011 17:49:47 -0800 (PST)
Received: from nm23.bullet.mail.ac4.yahoo.com (nm23.bullet.mail.ac4.yahoo.com [98.139.52.220]) by ietfa.amsl.com (Postfix) with SMTP id 9CE9021F84BB for <kitten@ietf.org>; Mon, 28 Nov 2011 17:49:44 -0800 (PST)
Received: from [98.139.52.195] by nm23.bullet.mail.ac4.yahoo.com with NNFMP; 29 Nov 2011 01:49:41 -0000
Received: from [98.139.52.169] by tm8.bullet.mail.ac4.yahoo.com with NNFMP; 29 Nov 2011 01:49:41 -0000
Received: from [127.0.0.1] by omp1052.mail.ac4.yahoo.com with NNFMP; 29 Nov 2011 01:49:41 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 330796.80351.bm@omp1052.mail.ac4.yahoo.com
Received: (qmail 73320 invoked by uid 60001); 29 Nov 2011 01:49:40 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1322531380; bh=wuBVAD/H7mo8rUdt/ejzffe40f0CFHvI5XU05Rw2P8A=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=Z7ABFJFOr0TDNQiRbOXs1HFaeDlg245GHTQbl8F7LS9Z9OGStBk2PFIlzuYV7JClykxjleP/4oS6FRw8o7pJR9j7uHzxsHJlcArZrppSUJy9ASWr2NpS2gu0wWXpcZjRZc3N1IP1rcNXeawnbt0/6njsLhqZ56iVawSVXTzWNoQ=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=XjHywPglEY4BAM5DLqQ50E3NFGbjy6CXX0neRSnzgg05eu3CdxOq37rJLqg0C9B79CsBrCQUZ9q9Bgy4aDCUEtzKJ5sHu6vFIzdqB1CLeLGrbnzPBOp/f0L9CFtYpWPqDluO57Kp8DhA1CblwU91V9wZredhSRXxc1ZKyymlWZ4=;
X-YMail-OSG: xNIQ_mgVM1msakpKxXxFAmE5HpEKmD1qT9uTbkdZ7ago0pX kzi2vbuLeLlsA0WE46w4iqyNZqvQlnRbLHkR8.3L_C8bByPxfgzne4t_iD7h zvR5V5u2lznDLh.Av5qdBDYoyMzvlWI4DqRn9BJ_exz_Sxj2wS8kHnrDk4ql qOaMjo1cuSkVajNTCn3HDmQhohq193Au4KzaCT7DamrOj3W1AcrnV_TG1xll .8crcC4z4ozV40KMKufC.faJqvzaQEtC3OFUpPq7l4iFbsbPks4buTjO2zSa if.KFpnfPTR3awy7f_VKNmh0yEx.kXGhrki6JfY7FLAHopXjhTfp8.qGfU2b aS4GP7ZnkN9ttPEIDAOqq914WZ6TtzL8jk4ckFus6QFM5grXhIGrYUiob16U MwH3Vwx2qbM4JcPd_XW.fsK2usJQrNxxygKGcMGC2MdY-
Received: from [209.131.62.115] by web31813.mail.mud.yahoo.com via HTTP; Mon, 28 Nov 2011 17:49:40 PST
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.116.331537
References: <20111123141250.14132.8999.idtracker@ietfa.amsl.com> <4ECD00AF.80409@cisco.com>
Message-ID: <1322531380.67305.YahooMailNeo@web31813.mail.mud.yahoo.com>
Date: Mon, 28 Nov 2011 17:49:40 -0800
From: William Mills <wmills@yahoo-inc.com>
To: Eliot Lear <lear@cisco.com>, "kitten@ietf.org" <kitten@ietf.org>
In-Reply-To: <4ECD00AF.80409@cisco.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="767760015-1124355805-1322531380=:67305"
Subject: Re: [kitten] I-D Action: draft-ietf-kitten-sasl-openid-07.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2011 01:49:48 -0000
I've been asked to be a reviewer for this. My most profound question here is around the choice to make the identity assertion by the OP to the RP out of band. This is a really significant choice as it puts a huge design issue in the hands of the implementer, that the RP has to provide an HTTP entrypoint which implicitly has some form of RPC with the SASL enabled server to communicate the identity authenticated for a session. Why was this choice made in favor of having the return form the OP presented in-band as a SASL client message? It seems like the choice is to minimize the impact on the client so that a browser user agent can be used for the client interaction with the OP. Thanks, -bill
- [kitten] I-D Action: draft-ietf-kitten-sasl-openi… internet-drafts
- Re: [kitten] I-D Action: draft-ietf-kitten-sasl-o… Eliot Lear
- Re: [kitten] I-D Action: draft-ietf-kitten-sasl-o… William Mills