IETF Logo Mail Archive

Re: [OAUTH-WG] So back to use cases? (was RE: Call for Consensus on Document Split)

William Mills <wmills@yahoo-inc.com> Wed, 27 October 2010 18:39 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EFF223A6876 for <oauth@core3.amsl.com>; Wed, 27 Oct 2010 11:39:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.502
X-Spam-Level:
X-Spam-Status: No, score=-17.502 tagged_above=-999 required=5 tests=[AWL=0.096, BAYES_00=-2.599, NO_RDNS_DOTCOM_HELO=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DuP6zKN5nY96 for <oauth@core3.amsl.com>; Wed, 27 Oct 2010 11:39:16 -0700 (PDT)
Received: from mrout2.yahoo.com (mrout2.yahoo.com [216.145.54.172]) by core3.amsl.com (Postfix) with ESMTP id D45EA3A6844 for <oauth@ietf.org>; Wed, 27 Oct 2010 11:39:16 -0700 (PDT)
Received: from SP2-EX07CAS03.ds.corp.yahoo.com (sp2-ex07cas03.corp.sp2.yahoo.com [98.137.59.35]) by mrout2.yahoo.com (8.14.4/8.14.4/y.out) with ESMTP id o9RIejW3093420; Wed, 27 Oct 2010 11:40:45 -0700 (PDT)
Received: from SP2-EX07VS06.ds.corp.yahoo.com ([98.137.59.24]) by SP2-EX07CAS03.ds.corp.yahoo.com ([98.137.59.35]) with mapi; Wed, 27 Oct 2010 11:40:44 -0700
From: William Mills <wmills@yahoo-inc.com>
To: "Freeman, Tim" <tim.freeman@hp.com>, "oauth@ietf.org" <oauth@ietf.org>
Date: Wed, 27 Oct 2010 11:40:42 -0700
Thread-Topic: [OAUTH-WG] So back to use cases? (was RE: Call for Consensus on Document Split)
Thread-Index: AQHLazd3pTJ/WW6MjUa2saVGmJKCG5NVNKoA///jsGCAAAIRoIAAG3AQ
Message-ID: <FFDFD7371D517847AD71FBB08F9A3156254CAA9267@SP2-EX07VS06.ds.corp.yahoo.com>
References: <AANLkTik30oVX+AevGCZDHajjyrDnEVB=fp6rAdihkPFz@mail.gmail.com> <C8EDE8E4.2517%hannes.tschofenig@nsn.com> <4E1F6AAD24975D4BA5B1680429673943245A1D1F@TK5EX14MBXC207.redmond.corp.microsoft.com> <59DD1BA8FD3C0F4C90771C18F2B5B53A653ACE4C0B@GVW0432EXB.americas.hpqcorp.net>
In-Reply-To: <59DD1BA8FD3C0F4C90771C18F2B5B53A653ACE4C0B@GVW0432EXB.americas.hpqcorp.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] So back to use cases? (was RE: Call for Consensus on Document Split)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Oct 2010 18:39:18 -0000

Another use case for signatures is gross management of relationships, controlling the secrets in use for (I'll misuse the term) peers allows a single point of control for that relationship.

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Freeman, Tim
> Sent: Wednesday, October 27, 2010 11:09 AM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] So back to use cases? (was RE: Call for Consensus
> on Document Split)
> 
> On the face of it, it seems that discussion of whether and how to split
> the document has derailed collection of use cases.  If we had consensus
> on a list of use cases, that would mean we have identified the problems
> we're trying to solve.  This would still allow slimy political
> manipulation of the process by manipulating the use case list, but that
> would be progress.  It's better to have a protocol that solves a
> politically-defined set of problems than to have a politically-defined
> protocol that solves no identified problem.
> 
> It's also possible that such collection is going on via private email
> and I am not aware of it.
> 
> The questions currently interesting to me about use cases are:
> 
> * The only use cases that made sense to me about signatures used them
> for auditability, where they enabled blame to be properly placed after
> information leaked to the wrong people.  People were proposing use
> cases that claimed that signatures improved privacy, that is, the
> ability to keep the information out of the hands of the wrong people.
> So far as I know all use cases where signatures improved privacy seemed
> to fall apart after a few minutes inspection.  Do we agree that
> signatures improve auditability but not privacy, or does someone still
> believe in a use case where signatures improve privacy?
> 
> * Use cases that justify a feature seem to require two parts -- an
> example where the feature is absent and therefore a particular problem
> cannot be solved, and an example where the feature is present and the
> same problem can then be solved.  Last I checked the existing use case
> list seemed to only have the second type where problems were
> successfully solved and it was unclear to me that the proposed features
> were really required in order to do that.  Do we agree that justifying
> a feature requires both a use case where absence of the feature makes a
> problem unsolvable and presence of the feature makes the same problem
> solvable?  (Alternatives are to believe that there is some other way to
> justify having a feature, or to believe we should have features that do
> not have a clearly described technical justification.  Maybe the
> features are required by law, are esthetically pleasing, make use of
> the right patents and not the wrong ones, look impressive on one's
> resume, etc.)
> 
> * The simplest signature schemes seem have the consequence of
> preventing server A from delegating work to server B, since the work
> must be done by making requests signed by server A.  Do we want to
> support use cases where one server delegates work to another server?
> Do we want to do by allowing A's right to do certain things to be
> traded in for something that gives B the right to do some of those
> things, by bearer tokens, by some other means, or not at all?
> 
> Tim Freeman
> Email: tim.freeman@hp.com
> Desk in Palo Alto: (650) 857-2581
> Home: (408) 774-1298
> Cell: (408) 348-7536
> 
> 
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Mike Jones
> Sent: Wednesday, October 27, 2010 9:57 AM
> To: Hannes Tschofenig; Blaine Cook; oauth@ietf.org
> Subject: Re: [OAUTH-WG] Call for Consensus on Document Split
> 
> Thanks for your confidence in me.  I look forward to completing a
> specification that meets the industry needs.
> 
> I plan to sync with Eran this week.  I also plan to hold a "listening
> tour" at IIW to understand stakeholders' perspectives on where we stand
> with OAuth 2.0 today and what remains to do finish it.  Please come
> talk to me at IIW if you're there and you're building or deploying
> OAuth 2.0 and want me to understand your views.  E-mail and phone calls
> are also welcome.
> 
> Once I've synced with Eran and gathered input from stakeholders, I'll
> plan on announcing target dates for drafts.
> 
> 				-- Mike
> 
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
> Of Hannes Tschofenig
> Sent: Wednesday, October 27, 2010 4:34 AM
> To: Blaine Cook; oauth@ietf.org
> Subject: Re: [OAUTH-WG] Call for Consensus on Document Split
> 
> Hi all,
> 
> based on the feedback from the group on the list we go forward with the
> document split.
> 
> Mike had kindly offered to edit the bearer specification and we are
> happy to hear that. Thank you Mike. I am looking forward to see the
> first document.
> 
> Ciao
> Hannes
> 
> On 10/14/10 3:32 AM, "Blaine Cook" <romeda@gmail.com> wrote:
> 
> > Over the past few weeks, the working group debated the issues around
> > the introduction of signatures and the structure of the
> specification.
> > The working group seems to endorse the proposal to split the current
> > specification into two parts: one including section 5 (bearer token)
> > and the other including the rest (how to obtain a token), with an
> > additional specification covering signature use cases.
> >
> > This serves as a call for consensus on the proposed editorial work.
> > Before we proceed with the changes, the chairs would like to ask if
> > anyone has any concerns or objections against this proposal.
> >
> > In addition, the chairs are seeking a volunteer to take over the
> > bearer token specification (section 5) as editor.
> >
> > Please submit your comments by Wednesday, October 20th.
> >
> > - The OAuth Working Group Chairs
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email