IETF Logo Mail Archive

Re: [kitten] Feedback from IETF #83 on the OAUTH/SASL-KRB draft

William Mills <wmills@yahoo-inc.com> Wed, 04 April 2012 14:29 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8416721F871C for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 07:29:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level:
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E4XHjdCiXHqF for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 07:29:28 -0700 (PDT)
Received: from nm8.bullet.mail.bf1.yahoo.com (nm8.bullet.mail.bf1.yahoo.com [98.139.212.167]) by ietfa.amsl.com (Postfix) with SMTP id 8753B21F8711 for <kitten@ietf.org>; Wed, 4 Apr 2012 07:29:28 -0700 (PDT)
Received: from [98.139.215.141] by nm8.bullet.mail.bf1.yahoo.com with NNFMP; 04 Apr 2012 14:29:27 -0000
Received: from [98.139.212.208] by tm12.bullet.mail.bf1.yahoo.com with NNFMP; 04 Apr 2012 14:29:27 -0000
Received: from [127.0.0.1] by omp1017.mail.bf1.yahoo.com with NNFMP; 04 Apr 2012 14:29:27 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 827047.21806.bm@omp1017.mail.bf1.yahoo.com
Received: (qmail 24028 invoked by uid 60001); 4 Apr 2012 14:29:27 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1333549767; bh=v3rn+Jc50mf/JvlO2juv8vnYcuZO3t2lz7ZwoxDVwDs=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=QLaTvUu9eKwMVl/uBwL6l5MS/le1BdKTfHNHwhmQbCLDcy1Xb1MhYSqP1l+cKlTIAthrwlK2v23VjdTtNSWOoIGoraOVW79PK954XdyLxOQtnmCMcerDwQGgf6dGLu1pKAlpwLPH2avlePgwibhmQsaGhxbKU4a8XQGDE5XSjME=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=OAqUWftT3n0eHL9JymcTOcEnBHOK9B/6VFEP5P72NLezkPdtvPUMaONFqDlvsEQInreceOcfgNgu3UZxsxYllRmm4GPFiWru2PNuKmTSOWCToiut84gscbAGbUMJf2CtjtTEwstD7HHagSZ/7tTOFzz2AzNaX31FqGBHRHxS7IA=;
X-YMail-OSG: LJh2OIUVM1knIkZY6vqz3ITgiYlXWHp.EbeMfo9dNpiOhHV CwBkq5gY7JizCW3.Sym4lbvI3G_qtrgixx.ZOxOmZtn9cjFTXy3ozLHOvHdg .BUtl7CI2FCFGdIQm9GcffiV9JwLejFFWmR6xTiMXYDazolk3C68UWEPklEt 2YaZ2Ey8Qb4VErzt8TTcLn1wG.EZoeATSg4SH.y.WTR_0S3gG7g_GEMtaEnN eRckBDM4517dmbnKMkKRJ8Z0H.7uCBcLLVmJYLAHlfzNdlTYhUJv9JXS37Bk 4VuZswsHHOiGMj8JXE1ZrACpNlMKoNd6iSqwuBxWbbC6hk1JFOSU7cfmTjeY AwdwLX9hGF8YYVUvvUJ4eILS0rbtRA6bz5sukKeS7vlnkH8lgiog4QHWGzW. JbxMm6OF9A6.o43XS6A6Ed.A_KmC68PA-
Received: from [99.31.212.42] by web31803.mail.mud.yahoo.com via HTTP; Wed, 04 Apr 2012 07:29:27 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.117.340979
References: <1333498239.81695.YahooMailNeo__7415.59771490774$1333498249$gmane$org@web31804.mail.mud.yahoo.com> <87sjgkq6ez.fsf@latte.josefsson.org>
Message-ID: <1333549767.22665.YahooMailNeo@web31803.mail.mud.yahoo.com>
Date: Wed, 04 Apr 2012 07:29:27 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Simon Josefsson <simon@josefsson.org>
In-Reply-To: <87sjgkq6ez.fsf@latte.josefsson.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1502656925-1803440991-1333549767=:22665"
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] Feedback from IETF #83 on the OAUTH/SASL-KRB draft
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 14:29:29 -0000

Simon,

Easy extensibility for new auth profiles is the major/only reason for this.  We can achieve this another way as well, we'd have to define an extensible name/value pair mapping from HTTP data elements.  Somewhat simpler parsing, but adds a different layer of complexity.

-bill




>________________________________
> From: Simon Josefsson <simon@josefsson.org>
>To: William Mills <wmills@yahoo-inc.com> 
>Cc: "kitten@ietf.org" <kitten@ietf.org> 
>Sent: Wednesday, April 4, 2012 12:53 AM
>Subject: Re: Feedback from IETF #83 on the OAUTH/SASL-KRB draft
> 
>William Mills <wmills@yahoo-inc.com> writes:
>
>> For the OAUTH mechanism a similar style signed request example is:
>> GET / HTTP/1.1
>> Host: server.example.com
>> User: user@example.com
>> Authorization: MAC token="h480djs93hd8",timestamp="137131200",
>> nonce="dj83hs9s",signature="YTVjyNSujYs1WsDurFnvFi4JK6o="
>>
>>
>> The OAUTH mechanism will require (as currently specified) parsing of a
>> Host, User, and Authorization header.
>
>Why can't this be parsed before it is sent it over the SASL wire, and
>the necessary HTTP headers reconstructed on the other side?
>
>Is it because you want to offer compatibility with future OAuth
>extensions that would send additional HTTP headers?  So by sending HTTP
>headers over SASL, you will automatically support those future
>extensions as well?
>
>I can understand that reason.  Are there other reasons?
>
>/Simon
>
>
>

v2.23.0 | Report a Bug | By Email