Re: [OAUTH-WG] So back to use cases? (was RE: Call for Consensus on Document Split)
William Mills <wmills@yahoo-inc.com> Wed, 27 October 2010 18:39 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id EFF223A6876 for <oauth@core3.amsl.com>; Wed, 27 Oct 2010 11:39:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.502
X-Spam-Level:
X-Spam-Status: No, score=-17.502 tagged_above=-999 required=5 tests=[AWL=0.096, BAYES_00=-2.599, NO_RDNS_DOTCOM_HELO=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DuP6zKN5nY96 for <oauth@core3.amsl.com>; Wed, 27 Oct 2010 11:39:16 -0700 (PDT)
Received: from mrout2.yahoo.com (mrout2.yahoo.com [216.145.54.172]) by core3.amsl.com (Postfix) with ESMTP id D45EA3A6844 for <oauth@ietf.org>; Wed, 27 Oct 2010 11:39:16 -0700 (PDT)
Received: from SP2-EX07CAS03.ds.corp.yahoo.com (sp2-ex07cas03.corp.sp2.yahoo.com [98.137.59.35]) by mrout2.yahoo.com (8.14.4/8.14.4/y.out) with ESMTP id o9RIejW3093420; Wed, 27 Oct 2010 11:40:45 -0700 (PDT)
Received: from SP2-EX07VS06.ds.corp.yahoo.com ([98.137.59.24]) by SP2-EX07CAS03.ds.corp.yahoo.com ([98.137.59.35]) with mapi; Wed, 27 Oct 2010 11:40:44 -0700
From: William Mills <wmills@yahoo-inc.com>
To: "Freeman, Tim" <tim.freeman@hp.com>, "oauth@ietf.org" <oauth@ietf.org>
Date: Wed, 27 Oct 2010 11:40:42 -0700
Thread-Topic: [OAUTH-WG] So back to use cases? (was RE: Call for Consensus on Document Split)
Thread-Index: AQHLazd3pTJ/WW6MjUa2saVGmJKCG5NVNKoA///jsGCAAAIRoIAAG3AQ
Message-ID: <FFDFD7371D517847AD71FBB08F9A3156254CAA9267@SP2-EX07VS06.ds.corp.yahoo.com>
References: <AANLkTik30oVX+AevGCZDHajjyrDnEVB=fp6rAdihkPFz@mail.gmail.com> <C8EDE8E4.2517%hannes.tschofenig@nsn.com> <4E1F6AAD24975D4BA5B1680429673943245A1D1F@TK5EX14MBXC207.redmond.corp.microsoft.com> <59DD1BA8FD3C0F4C90771C18F2B5B53A653ACE4C0B@GVW0432EXB.americas.hpqcorp.net>
In-Reply-To: <59DD1BA8FD3C0F4C90771C18F2B5B53A653ACE4C0B@GVW0432EXB.americas.hpqcorp.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] So back to use cases? (was RE: Call for Consensus on Document Split)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Oct 2010 18:39:18 -0000
Another use case for signatures is gross management of relationships, controlling the secrets in use for (I'll misuse the term) peers allows a single point of control for that relationship. > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Freeman, Tim > Sent: Wednesday, October 27, 2010 11:09 AM > To: oauth@ietf.org > Subject: [OAUTH-WG] So back to use cases? (was RE: Call for Consensus > on Document Split) > > On the face of it, it seems that discussion of whether and how to split > the document has derailed collection of use cases. If we had consensus > on a list of use cases, that would mean we have identified the problems > we're trying to solve. This would still allow slimy political > manipulation of the process by manipulating the use case list, but that > would be progress. It's better to have a protocol that solves a > politically-defined set of problems than to have a politically-defined > protocol that solves no identified problem. > > It's also possible that such collection is going on via private email > and I am not aware of it. > > The questions currently interesting to me about use cases are: > > * The only use cases that made sense to me about signatures used them > for auditability, where they enabled blame to be properly placed after > information leaked to the wrong people. People were proposing use > cases that claimed that signatures improved privacy, that is, the > ability to keep the information out of the hands of the wrong people. > So far as I know all use cases where signatures improved privacy seemed > to fall apart after a few minutes inspection. Do we agree that > signatures improve auditability but not privacy, or does someone still > believe in a use case where signatures improve privacy? > > * Use cases that justify a feature seem to require two parts -- an > example where the feature is absent and therefore a particular problem > cannot be solved, and an example where the feature is present and the > same problem can then be solved. Last I checked the existing use case > list seemed to only have the second type where problems were > successfully solved and it was unclear to me that the proposed features > were really required in order to do that. Do we agree that justifying > a feature requires both a use case where absence of the feature makes a > problem unsolvable and presence of the feature makes the same problem > solvable? (Alternatives are to believe that there is some other way to > justify having a feature, or to believe we should have features that do > not have a clearly described technical justification. Maybe the > features are required by law, are esthetically pleasing, make use of > the right patents and not the wrong ones, look impressive on one's > resume, etc.) > > * The simplest signature schemes seem have the consequence of > preventing server A from delegating work to server B, since the work > must be done by making requests signed by server A. Do we want to > support use cases where one server delegates work to another server? > Do we want to do by allowing A's right to do certain things to be > traded in for something that gives B the right to do some of those > things, by bearer tokens, by some other means, or not at all? > > Tim Freeman > Email: tim.freeman@hp.com > Desk in Palo Alto: (650) 857-2581 > Home: (408) 774-1298 > Cell: (408) 348-7536 > > > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Mike Jones > Sent: Wednesday, October 27, 2010 9:57 AM > To: Hannes Tschofenig; Blaine Cook; oauth@ietf.org > Subject: Re: [OAUTH-WG] Call for Consensus on Document Split > > Thanks for your confidence in me. I look forward to completing a > specification that meets the industry needs. > > I plan to sync with Eran this week. I also plan to hold a "listening > tour" at IIW to understand stakeholders' perspectives on where we stand > with OAuth 2.0 today and what remains to do finish it. Please come > talk to me at IIW if you're there and you're building or deploying > OAuth 2.0 and want me to understand your views. E-mail and phone calls > are also welcome. > > Once I've synced with Eran and gathered input from stakeholders, I'll > plan on announcing target dates for drafts. > > -- Mike > > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Hannes Tschofenig > Sent: Wednesday, October 27, 2010 4:34 AM > To: Blaine Cook; oauth@ietf.org > Subject: Re: [OAUTH-WG] Call for Consensus on Document Split > > Hi all, > > based on the feedback from the group on the list we go forward with the > document split. > > Mike had kindly offered to edit the bearer specification and we are > happy to hear that. Thank you Mike. I am looking forward to see the > first document. > > Ciao > Hannes > > On 10/14/10 3:32 AM, "Blaine Cook" <romeda@gmail.com> wrote: > > > Over the past few weeks, the working group debated the issues around > > the introduction of signatures and the structure of the > specification. > > The working group seems to endorse the proposal to split the current > > specification into two parts: one including section 5 (bearer token) > > and the other including the rest (how to obtain a token), with an > > additional specification covering signature use cases. > > > > This serves as a call for consensus on the proposed editorial work. > > Before we proceed with the changes, the chairs would like to ask if > > anyone has any concerns or objections against this proposal. > > > > In addition, the chairs are seeking a volunteer to take over the > > bearer token specification (section 5) as editor. > > > > Please submit your comments by Wednesday, October 20th. > > > > - The OAuth Working Group Chairs > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Hannes Tschofenig
- [OAUTH-WG] Call for Consensus on Document Split Blaine Cook
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Mike Jones
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Manger, James H
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Eran Hammer-Lahav
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Manger, James H
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Eran Hammer-Lahav
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Brian Eaton
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Marius Scurtescu
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Eran Hammer-Lahav
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Blaine Cook
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Mike Jones
- [OAUTH-WG] So back to use cases? (was RE: Call fo… Freeman, Tim
- Re: [OAUTH-WG] So back to use cases? (was RE: Cal… William Mills
- Re: [OAUTH-WG] So back to use cases? (was RE: Cal… Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] So back to use cases? (was RE: Cal… Skylar Woodward
- Re: [OAUTH-WG] So back to use cases? (was RE: Cal… George Fletcher
- Re: [OAUTH-WG] So back to use cases? (was RE: Cal… Hannes Tschofenig
- Re: [OAUTH-WG] So back to use cases? (was RE: Cal… Eve Maler
- Re: [OAUTH-WG] So back to use cases? (was RE: Cal… Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Eran Hammer-Lahav
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Manger, James H
- Re: [OAUTH-WG] Call for Consensus on Document Spl… Eran Hammer-Lahav