Re: [kitten] sasl-oauth "user" as a kvpair or in the gs2 header?
Ryan Troll <rtroll@googlers.com> Thu, 06 March 2014 23:38 UTC
Return-Path: <rtroll@google.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F18A1A0160 for <kitten@ietfa.amsl.com>; Thu, 6 Mar 2014 15:38:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.325
X-Spam-Level:
X-Spam-Status: No, score=-1.325 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_45=0.6, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MKRTPoEvlHZW for <kitten@ietfa.amsl.com>; Thu, 6 Mar 2014 15:38:18 -0800 (PST)
Received: from mail-qa0-x230.google.com (mail-qa0-x230.google.com [IPv6:2607:f8b0:400d:c00::230]) by ietfa.amsl.com (Postfix) with ESMTP id 8EFD11A0043 for <kitten@ietf.org>; Thu, 6 Mar 2014 15:38:18 -0800 (PST)
Received: by mail-qa0-f48.google.com with SMTP id m5so3285989qaj.7 for <kitten@ietf.org>; Thu, 06 Mar 2014 15:38:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlers.com; s=googlers; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=WxreFVWtNID/gDFTJ6OpNBdJh2aqd6fKQBmO1oduKl4=; b=XdCadf7Hv1aEWphbQvms8TAsF9E7d72oXWv3mHvXWY18gDp5nl0Gqsb5YwkX96Zqip EQrvQGYVq0D1KLD6Cv+CnBVFpgXxjF3FQxGs0/FND9Hau+h4BhsftZ56GdFYQt4gOEUi F+pi50M5+oGMwrHA6OXv33OR2qJ7ivxGtLFcE=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=WxreFVWtNID/gDFTJ6OpNBdJh2aqd6fKQBmO1oduKl4=; b=bZOzOMVmUdmC3rvV6FLwvpS0WJx7Bzgmmp9BM6CPDarL4k68bmk0sfX4tPcp2kYaWa YW5Hqv2nlG+6F1u7JBE4JlVkJk6XsRiqEz4pLk89MzVmz3HmHKwQ8r3hNkNWUUpfrsT5 DTxaRG2DH2KkOtvlCuAy//YwKIsVWBDrVwJ0dW4c0D2yqszbg3acA0YPijtEUGZrxKbx XcSLbU4ziH8NJaJuLMpKjmhaZGbKx2jfA7YAJ1cS8yveE7ovVJR293vvpHI2lgYZfdt9 AQuM8meftt2LXBCJ0CUIAE2JDalP2jSsPbDBYOmluG0MYn5U0pxnhW7Qh3QSGpbVrFXh xTsQ==
X-Gm-Message-State: ALoCoQnI+7AseHNbQwpbqu3ezilTUTbp3JTaoBQ7jJzbcocl02LDkyTiUO+CnDEYcXa+J9PE7L5lo9BORUZmuZ466bnil7U1lceiBq+10WadS8b2hC17v/2oAHk4hUAaKNxJhlTeS6xhv24miqDw97PVFDy71QSFWLFPkpCjRUoil3trj625xsnapKFoekvdTBl8XN1EqfXM
MIME-Version: 1.0
X-Received: by 10.140.100.237 with SMTP id s100mr4408878qge.114.1394149094276; Thu, 06 Mar 2014 15:38:14 -0800 (PST)
Received: by 10.229.205.197 with HTTP; Thu, 6 Mar 2014 15:38:14 -0800 (PST)
In-Reply-To: <1393948558.69282.YahooMailNeo@web125602.mail.ne1.yahoo.com>
References: <1393869321.174.YahooMailNeo@web125602.mail.ne1.yahoo.com> <tslr46j2kbm.fsf@mit.edu> <1393875779.29082.YahooMailNeo@web125604.mail.ne1.yahoo.com> <tsld2i21j7u.fsf@mit.edu> <1393926562.54403.YahooMailNeo@web125603.mail.ne1.yahoo.com> <1393948558.69282.YahooMailNeo@web125602.mail.ne1.yahoo.com>
Date: Thu, 06 Mar 2014 15:38:14 -0800
Message-ID: <CAPe4Cjoh7n-cQAuy17MWs66wigqTQvGBVVtEJ0_3zjaSg-5JmQ@mail.gmail.com>
From: Ryan Troll <rtroll@googlers.com>
To: Bill Mills <wmills@yahoo-inc.com>
Content-Type: multipart/alternative; boundary="001a1134eeb887f33204f3f8a134"
Archived-At: http://mailarchive.ietf.org/arch/msg/kitten/zGltPqbkl85i8mfzvtZo8ztqRDM
Cc: "kitten@ietf.org" <kitten@ietf.org>, Sam Hartman <hartmans-ietf@mit.edu>
Subject: Re: [kitten] sasl-oauth "user" as a kvpair or in the gs2 header?
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Mar 2014 23:38:20 -0000
Apologies for the delay in responding. I understand this was discussed in today's meeting; and we're going to have a follow-up to discuss further - very reasonable. To answer Bill's original question: user= or a= --> Either works for us. If one has better implications than the other, we'll use it. -R On Tue, Mar 4, 2014 at 7:55 AM, Bill Mills <wmills@yahoo-inc.com> wrote: > > It is not used as a SASL identity. Quoting from -03 and -14 in progress: > "user (REQUIRED): > Contains the user name being authenticated. The server MAY use this as a > routing or database lookup hint. The server MUST NOT use this as > authoritative, the user name MUST be asserted by the OAuth credential." > > Also, looking at the Google API docs for XOAUTH2, they implemented based > on the -03 spec and have the "user=$username" syntax. See > https://developers.google.com/gmail/xoauth2_protocol > > Based on Google's server API and the extant clients they have I'd like to > ask for a consensus call on the following: > > 1) Add the -03 "user" kvpair back into the spec. > > a) YES or b) NO. > > 2) Should we include a GS2 header" > > a) No, let's wait for the GS2 update that deals with things that lack > mutual auth and then write a spec that defines a GS2 header for SASL+OAUTH. > > b) Change the definition of "key" in kvpair to 1*(ALPHA / ","). This > makes a GS2 header followed by a ^A (i.e. "n,a=user@example.com^A") a > valid kvpair which would be ignored by servers that don't understand it. > > c) Define a stub OPTIONAL GS2 header explicitly. > > d) Include a fully defined GS2 header (language from draft -10). > > > My own feedback is 1: YES, 2: a or b. > > -bill > > > -------------------------------- > William J. Mills > "Paranoid" MUX Yahoo! > > > > On Tuesday, March 4, 2014 12:06 AM, Sam Hartman <hartmans-ietf@mit.edu> > wrote: > t's discuss Thursday. > I'd like to understand what the user= value signifies and whether it's > actually a SASL authorization identifier. > > I'd like to understand whether there's value in an unprotected SASL > authorization identifier. > > > > > > > _______________________________________________ > Kitten mailing list > Kitten@ietf.org > https://www.ietf.org/mailman/listinfo/kitten > >
- [kitten] sasl-oauth "user" as a kvpair or in the … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Sam Hartman
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Sam Hartman
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Bill Mills
- Re: [kitten] sasl-oauth "user" as a kvpair or in … Ryan Troll
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- [kitten] Pending draft 15 Re: sasl-oauth "user" a… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Ryan Troll
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Matt Miller
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Sam Hartman
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Nico Williams
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Bill Mills
- Re: [kitten] Pending draft 15 Re: sasl-oauth "use… Matt Miller