Re: [kitten] Feedback from IETF #83 on the OAUTH/SASL-KRB draft
William Mills <wmills@yahoo-inc.com> Wed, 04 April 2012 14:29 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8416721F871C for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 07:29:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level:
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E4XHjdCiXHqF for <kitten@ietfa.amsl.com>; Wed, 4 Apr 2012 07:29:28 -0700 (PDT)
Received: from nm8.bullet.mail.bf1.yahoo.com (nm8.bullet.mail.bf1.yahoo.com [98.139.212.167]) by ietfa.amsl.com (Postfix) with SMTP id 8753B21F8711 for <kitten@ietf.org>; Wed, 4 Apr 2012 07:29:28 -0700 (PDT)
Received: from [98.139.215.141] by nm8.bullet.mail.bf1.yahoo.com with NNFMP; 04 Apr 2012 14:29:27 -0000
Received: from [98.139.212.208] by tm12.bullet.mail.bf1.yahoo.com with NNFMP; 04 Apr 2012 14:29:27 -0000
Received: from [127.0.0.1] by omp1017.mail.bf1.yahoo.com with NNFMP; 04 Apr 2012 14:29:27 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 827047.21806.bm@omp1017.mail.bf1.yahoo.com
Received: (qmail 24028 invoked by uid 60001); 4 Apr 2012 14:29:27 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1333549767; bh=v3rn+Jc50mf/JvlO2juv8vnYcuZO3t2lz7ZwoxDVwDs=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=QLaTvUu9eKwMVl/uBwL6l5MS/le1BdKTfHNHwhmQbCLDcy1Xb1MhYSqP1l+cKlTIAthrwlK2v23VjdTtNSWOoIGoraOVW79PK954XdyLxOQtnmCMcerDwQGgf6dGLu1pKAlpwLPH2avlePgwibhmQsaGhxbKU4a8XQGDE5XSjME=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=OAqUWftT3n0eHL9JymcTOcEnBHOK9B/6VFEP5P72NLezkPdtvPUMaONFqDlvsEQInreceOcfgNgu3UZxsxYllRmm4GPFiWru2PNuKmTSOWCToiut84gscbAGbUMJf2CtjtTEwstD7HHagSZ/7tTOFzz2AzNaX31FqGBHRHxS7IA=;
X-YMail-OSG: LJh2OIUVM1knIkZY6vqz3ITgiYlXWHp.EbeMfo9dNpiOhHV CwBkq5gY7JizCW3.Sym4lbvI3G_qtrgixx.ZOxOmZtn9cjFTXy3ozLHOvHdg .BUtl7CI2FCFGdIQm9GcffiV9JwLejFFWmR6xTiMXYDazolk3C68UWEPklEt 2YaZ2Ey8Qb4VErzt8TTcLn1wG.EZoeATSg4SH.y.WTR_0S3gG7g_GEMtaEnN eRckBDM4517dmbnKMkKRJ8Z0H.7uCBcLLVmJYLAHlfzNdlTYhUJv9JXS37Bk 4VuZswsHHOiGMj8JXE1ZrACpNlMKoNd6iSqwuBxWbbC6hk1JFOSU7cfmTjeY AwdwLX9hGF8YYVUvvUJ4eILS0rbtRA6bz5sukKeS7vlnkH8lgiog4QHWGzW. JbxMm6OF9A6.o43XS6A6Ed.A_KmC68PA-
Received: from [99.31.212.42] by web31803.mail.mud.yahoo.com via HTTP; Wed, 04 Apr 2012 07:29:27 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.117.340979
References: <1333498239.81695.YahooMailNeo__7415.59771490774$1333498249$gmane$org@web31804.mail.mud.yahoo.com> <87sjgkq6ez.fsf@latte.josefsson.org>
Message-ID: <1333549767.22665.YahooMailNeo@web31803.mail.mud.yahoo.com>
Date: Wed, 04 Apr 2012 07:29:27 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Simon Josefsson <simon@josefsson.org>
In-Reply-To: <87sjgkq6ez.fsf@latte.josefsson.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1502656925-1803440991-1333549767=:22665"
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] Feedback from IETF #83 on the OAUTH/SASL-KRB draft
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Apr 2012 14:29:29 -0000
Simon, Easy extensibility for new auth profiles is the major/only reason for this. We can achieve this another way as well, we'd have to define an extensible name/value pair mapping from HTTP data elements. Somewhat simpler parsing, but adds a different layer of complexity. -bill >________________________________ > From: Simon Josefsson <simon@josefsson.org> >To: William Mills <wmills@yahoo-inc.com> >Cc: "kitten@ietf.org" <kitten@ietf.org> >Sent: Wednesday, April 4, 2012 12:53 AM >Subject: Re: Feedback from IETF #83 on the OAUTH/SASL-KRB draft > >William Mills <wmills@yahoo-inc.com> writes: > >> For the OAUTH mechanism a similar style signed request example is: >> GET / HTTP/1.1 >> Host: server.example.com >> User: user@example.com >> Authorization: MAC token="h480djs93hd8",timestamp="137131200", >> nonce="dj83hs9s",signature="YTVjyNSujYs1WsDurFnvFi4JK6o=" >> >> >> The OAUTH mechanism will require (as currently specified) parsing of a >> Host, User, and Authorization header. > >Why can't this be parsed before it is sent it over the SASL wire, and >the necessary HTTP headers reconstructed on the other side? > >Is it because you want to offer compatibility with future OAuth >extensions that would send additional HTTP headers? So by sending HTTP >headers over SASL, you will automatically support those future >extensions as well? > >I can understand that reason. Are there other reasons? > >/Simon > > >
- [kitten] Feedback from IETF #83 on the OAUTH/SASL… William Mills
- [kitten] OAUTH/SASL... to HTTP or not to HTTP, th… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Nico Williams
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Simon Josefsson
- Re: [kitten] Feedback from IETF #83 on the OAUTH/… Simon Josefsson
- Re: [kitten] Feedback from IETF #83 on the OAUTH/… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… William Mills
- Re: [kitten] OAUTH/SASL... to HTTP or not to HTTP… Matt Peterson