Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-12

Bill Mills <wmills@yahoo-inc.com> Tue, 07 January 2014 00:24 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 19BF91AE281 for <kitten@ietfa.amsl.com>; Mon, 6 Jan 2014 16:24:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.22
X-Spam-Level:
X-Spam-Status: No, score=-14.22 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779, USER_IN_DEF_WHITELIST=-15] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 89OWakNeoi0e for <kitten@ietfa.amsl.com>; Mon, 6 Jan 2014 16:24:13 -0800 (PST)
Received: from mrout1.yahoo.com (mrout1.yahoo.com [216.145.54.171]) by ietfa.amsl.com (Postfix) with ESMTP id 3665F1ADAEA for <kitten@ietf.org>; Mon, 6 Jan 2014 16:24:13 -0800 (PST)
Received: from GQ1-EX10-CAHT11.y.corp.yahoo.com (gq1-ex10-caht11.corp.gq1.yahoo.com [10.87.93.110]) by mrout1.yahoo.com (8.14.4/8.14.4/y.out) with ESMTP id s070NpRQ059127 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <kitten@ietf.org>; Mon, 6 Jan 2014 16:23:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=yahoo-inc.com; s=cobra; t=1389054232; bh=zFi5vWrJjlMtevbqhb0gHKyIyRO93uCsDy30U9nXHUU=; h=References:Message-ID:Date:From:Reply-To:Subject:To:CC: In-Reply-To:MIME-Version:Content-Type; b=F3r/XDOlTZ81UoWdhXP/YfMgJg1tRjz2g+DXt25WN5wroJ1/SjhPNTEcDnzOBU28w I6orRivfiL2G876FUR9jzvLALG3+G8P8EESfe6ehxKMlcuR+JtvSEfB3VV9G7cXH57 waVPPaL0NWFJbbaCNw/inQnJngXYFjY5sjYwGSHA=
Received: from omp1020.mail.ne1.yahoo.com (98.138.89.164) by GQ1-EX10-CAHT11.y.corp.yahoo.com (10.72.228.24) with Microsoft SMTP Server (TLS) id 14.3.174.1; Mon, 6 Jan 2014 16:23:50 -0800
Received: (qmail 65687 invoked by uid 1000); 7 Jan 2014 00:23:49 -0000
Received: (qmail 69942 invoked by uid 60001); 7 Jan 2014 00:23:49 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1389054229; bh=2Uc/VUjK4lfAxDduL37PvrPzWEK5NcVXNdhZYhmY84k=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=D5sRvxNVIpkerNpvpNMYHJxHSjrUK15PAqaUDr/aGd3vEHlSMTzGvE75RgKXadxQjDnNc/mo/mvSar1VAq8a34yiGBORq7DI9eKNS0Kuyc+ZAGqgoIFYRYulmyFSp8x9b60e2/iUhVjwDquRYwDPdVuSFOilGzVaxdGOU6wKUUw=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=MgoDO4s9hO9Oi0vjbnYEmzn7L+rXMGlAK/qz4/eoCszHee+C/kxqzAMv7cEEgmQKsBR5T8VSFCOTnWflGUblApWNps2vqMRJIFIDk/l3/DfU1MJaESQisW7tbi8ugY4sV58e+aKdFAfH+aR+90ovRkyF1/xP78w2Y6g0t+2W9sE=;
X-YMail-OSG: VeTbLYEVM1nMToP3L4k712yxPS3AP9kn.r6DthIorScT2lD Zb6nLl7neYek9c9RTYTWa2Yaup60iedTAwf8uhxHjP8QxMVT1jkVi3dnfF6i WgUunPD3syPLblBlF7ygoQwuVbrkmIQbfsVT1VxLZU62tDIrhsHxEnbTDon9 YTaEcP8nues1K4bImZwsEkE8MwO5twYiAMKj6BxD4QQmXCC1n4mNRTF.xIqN nvbBsGBrY0Pi05yOq.32FTl5pnJOSvBUB7YwSvGxlARU9JQKuX4tYuQytb5j eAqt7N7gQ2kVAVCghCWvTmAt1
Received: from [209.131.62.115] by web125601.mail.ne1.yahoo.com via HTTP; Mon, 06 Jan 2014 16:23:49 PST
X-Rocket-MIMEInfo: 002.001, Tm93IHRoYXQgaXQncyBub3QgZHVwbGljYXRpbmcgdGhlIGdzMiBzdHVmZiBpdCBtYWtlcyBzb21lIHNlbnNlLsKgIEl0IGNhbiBiZSBlYXNpbHkgYWRkZWQgYmFjay4KCgpBbnkgb2JqZWN0aW9uIHRvIGFkZGluZyB0aGUgInVzZXIiIGZpZWxkIGJhY2sgaW4_CgrCoAotYmlsbAoKCgotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQpXaWxsaWFtIEouIE1pbGxzCiJQYXJhbm9pZCIgWWFob28hCgoKCgoKT24gTW9uZGF5LCBKYW51YXJ5IDYsIDIwMTQgNDoxMCBQTSwgUnlhbiBUcm9sbCA8cnRyb2xsQGcBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.172.614
References: <52AE9A65.1010700@oracle.com> <C2752600-AC7C-4839-8BD0-3D850ECB19EB@cisco.com> <CAPe4CjpsuGrb+8_bwWa1raFbhgUBVyZBN7bO-JWOSRs5Ambygg@mail.gmail.com>
Message-ID: <1389054229.19390.YahooMailNeo@web125601.mail.ne1.yahoo.com>
Date: Mon, 06 Jan 2014 16:23:49 -0800
From: Bill Mills <wmills@yahoo-inc.com>
To: Ryan Troll <rtroll@googlers.com>, "Matt Miller (mamille2)" <mamille2@cisco.com>
In-Reply-To: <CAPe4CjpsuGrb+8_bwWa1raFbhgUBVyZBN7bO-JWOSRs5Ambygg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1981468715-174937204-1389054229=:19390"
X-Milter-Version: master.31+4-gbc07cd5+
X-CLX-ID: 054231002
Cc: "kitten@ietf.org" <kitten@ietf.org>
Subject: Re: [kitten] WGLC on draft-ietf-kitten-sasl-oauth-12
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills@yahoo-inc.com>
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jan 2014 00:24:15 -0000

Now that it's not duplicating the gs2 stuff it makes some sense.  It can be easily added back.


Any objection to adding the "user" field back in?

 
-bill



--------------------------------
William J. Mills
"Paranoid" Yahoo!





On Monday, January 6, 2014 4:10 PM, Ryan Troll <rtroll@googlers.com> wrote:
 

>MAJOR:
>
>* Removing the GS2-header (which was done in revision -11) also removed the ability for the client to specify an authorization identity.  If the lack of an authorization identity is acceptable (and I suspect it is not for some), then the document needs to state these mechanisms do not support authz-id.


The loss of the authz-id is a problem for us.  Last year we discussed the use case with the list, came to the conclusion that what our use case needed was access to the authz-id; and agreed that we'd pull it from the GS2-header.

Now that the GS2-header is gone, it would be beneficial to provide a standard, but optional, way for clients to provide the authz-id to the service.  This would ensure compatibility across services which require the authz-id; while not requiring it for *all* SASL-OAuth clients.

The original proposal had been to define a reserved keyword ("user") which could be part of the initial client response.  Should this be re-added?


-R
 

_______________________________________________
Kitten mailing list
Kitten@ietf.org
https://www.ietf.org/mailman/listinfo/kitten