Re: [OAUTH-WG] OAuth 1.0a
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 15 August 2012 05:48 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D49F821F8652 for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 22:48:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.314
X-Spam-Level:
X-Spam-Status: No, score=-102.314 tagged_above=-999 required=5 tests=[AWL=-0.315, BAYES_00=-2.599, J_CHICKENPOX_31=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wAqVzTd2eFEh for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 22:48:42 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by ietfa.amsl.com (Postfix) with SMTP id EEF8421F8650 for <oauth@ietf.org>; Tue, 14 Aug 2012 22:48:41 -0700 (PDT)
Received: (qmail invoked by alias); 15 Aug 2012 05:48:40 -0000
Received: from a88-115-216-191.elisa-laajakaista.fi (EHLO [192.168.100.105]) [88.115.216.191] by mail.gmx.net (mp016) with SMTP; 15 Aug 2012 07:48:40 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX180XoMNdwc0huLpSsgWgZ7q4HHFjembWPvE6g31ZQ tK7iwvEH+FDgeS
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="windows-1252"
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <1344973056.51964.YahooMailNeo@web31812.mail.mud.yahoo.com>
Date: Wed, 15 Aug 2012 08:48:39 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <EB112C68-DFC5-422B-B491-D67CE456ABB7@gmx.net>
References: <1344972117.60342.YahooMailNeo@web31802.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B168042967394366777A7F@TK5EX14MBXC283.redmond.corp.microsoft.com> <1344973056.51964.YahooMailNeo@web31812.mail.mud.yahoo.com>
To: William Mills <wmills_92105@yahoo.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: O Auth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 1.0a
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2012 05:48:42 -0000
FYI: just to repeat my note here as well that I sent to Bill on the KITTEN list: I see three possible ways forward for the OAuth SASL work, namely: > • Focus on Oauth 1.0 only (since it has a MAC specification in there). Then, you ignore all the Oauth 2.0 deployment that is out there, of which there is a lot. That would be pretty bad IMHO. > • Copy relevant parts from http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 (of which there is almost no deployment). > • Wait for the Oauth group to settle on a mechanism. May take time. I doubt that the question about the views of the WG about OAuth 1.0a can answer any of the above questions. Bill does not want to wait. He also does not want to copy parts from draft-ietf-oauth-v2-http-mac-01 into the SASL OAuth spec. Focusing on OAuth 1.0 for now would require the specification to be extended later on to fit to OAuth 2.0 deployments (and whatever new security mechanism we will come up with). As a consequence, the specification will then suffer from additional complexity. Ciao Hannes On Aug 14, 2012, at 10:37 PM, William Mills wrote: > It's for the OAUTH SASL spec. I've been writing it with the idea that OAuth 1.0a would work (since I think we'll have extant 1.0a typ[e tokens we want to allow for IMAP), but several folks were saying when this all started that 1.0a was dead and I should not refer to it. > > I want to make sure the SASL mechanism is build to properly handle signed auth schemes and not just bearer (cookie) type. > > -bill > > From: Mike Jones <Michael.Jones@microsoft.com> > To: William Mills <wmills_92105@yahoo.com>; O Auth WG <oauth@ietf.org> > Sent: Tuesday, August 14, 2012 12:28 PM > Subject: RE: [OAUTH-WG] OAuth 1.0a > > What problem are you trying to solve? > > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of William Mills > Sent: Tuesday, August 14, 2012 12:22 PM > To: O Auth WG > Subject: [OAUTH-WG] OAuth 1.0a > > What's the general opinion on 1.0a? Am I stepping in something if I refer to it in another draft? I want to reference an auth scheme that uses signing and now MAC is apparently going back to the drawing board, so I'm thinking about using 1.0a. > > Thanks, > > -bill > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig
- [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Mike Jones
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth 1.0a Mike Jones
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Mike Jones
- Re: [OAUTH-WG] OAuth 1.0a Justin Richer
- Re: [OAUTH-WG] OAuth 1.0a Dick Hardt
- Re: [OAUTH-WG] OAuth 1.0a Ryan Troll
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig