Re: [OAUTH-WG] Info on how to implement a server

Hans Zandbelt <hans.zandbelt@zmartzone.eu> Sat, 17 August 2019 18:34 UTC

Return-Path: <hans.zandbelt@zmartzone.eu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0110A120041 for <oauth@ietfa.amsl.com>; Sat, 17 Aug 2019 11:34:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=zmartzone-eu.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rx6x6fYHdZdh for <oauth@ietfa.amsl.com>; Sat, 17 Aug 2019 11:34:15 -0700 (PDT)
Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E27E120048 for <oauth@ietf.org>; Sat, 17 Aug 2019 11:34:15 -0700 (PDT)
Received: by mail-qk1-x736.google.com with SMTP id m2so7448979qki.12 for <oauth@ietf.org>; Sat, 17 Aug 2019 11:34:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zmartzone-eu.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DfRD5dbWJGSmONY2YMtWRioQgcRIXpAPjmKKAZLMcdc=; b=od+0Zk6yQJlN49VTzmoPmf7aeQgmgmRYlv/6Y0FM3wKyPE8GIAiZZ3iZinDSS1hm21 SlRi93NyeLuJ/lI7/ecRmZ+9yyM69Ek8MMt1XhgcTO6J+VP4qF+zuQejzNyyavEWhg8p RD0BYiDugZMPGg6M+pNsB5K834Tug/YmvmPl/+ShEnXrgmguhjpeAv1kNlcPAdCwpgHo lVgQx29ScmsEurCac3zzTO9Q3qIjrPyJ3r1i8DElWlCHMFbuLhKeaaL2FuDtPY329KMi 5YXoBy+0quzR3e7Uqm/+R3bM7iG57jg3WvRraAsa2aXZkk2zcc8vfOUlgtwSfwR9ft1J 5YUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DfRD5dbWJGSmONY2YMtWRioQgcRIXpAPjmKKAZLMcdc=; b=PtN5NFgfLQBs3VgWNNJ3OMzI73p0bGPSQzcnXpI2UpqhTaWsKdELLCGc8jk3sgT5Jz azCn65VsO/r/darwmvBsYKHviUQGNd9DJo5F5AlfFis0QNqlAKIUaC/XN2PeQJX3XIfa vRKs/iRqpRhoWi0VuEWbpwdP0FbWYOCTSwz4zqo56MZ8pMF4UVJ2tzSRu7lUEyYyGcKb IAcX4Svf1yWh5PBECxeusRgG1uNnXbgscjtVPgBix/kMZe1gHq+btLzLjdn6UpjcEq+x 6ebFQjSXIWyG79IYuJkMcEkm3OX98Bzxi8ULRhr2iQmnVollmPzqNkpfk9HgffDMcx21 ARfA==
X-Gm-Message-State: APjAAAVwWQZvd9kEfe7gP/aHciHNkg0oD4qTEwsI981HhxGw0RhvLfAC 35gNMC90sEI+fuIwMY3UYH/tH21IcqsEM1yyuEUnixQMGms=
X-Google-Smtp-Source: APXvYqyE7xeeC1tE5U6YMRYvch1ievaKfhfVXbRGig9gaBd4uPO7suqXL0UBTgIUIzNvZ3Pdzu/+U0jtXo3oCxrBIUM=
X-Received: by 2002:a37:a2d1:: with SMTP id l200mr14461879qke.63.1566066854637; Sat, 17 Aug 2019 11:34:14 -0700 (PDT)
MIME-Version: 1.0
References: <D3FB5975-2448-445B-8B48-0A46D43E0A99@akamai.com> <bc37895b-b4c9-af54-dbfc-6aa2cd80b75b@ve7jtb.com>
In-Reply-To: <bc37895b-b4c9-af54-dbfc-6aa2cd80b75b@ve7jtb.com>
From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>
Date: Sat, 17 Aug 2019 20:34:03 +0200
Message-ID: <CA+iA6uifvqv=18ZYLf+BmDYhp6ZyEvwv+9mWoL37ALWuqozj4w@mail.gmail.com>
To: John Bradley <ve7jtb@ve7jtb.com>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000090c1ab0590545a93"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/0EcfgwyCHsaBEylyjtDZ3aXYqtg>
Subject: Re: [OAUTH-WG] Info on how to implement a server
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Aug 2019 18:34:18 -0000

indeed OAuth != identity see https://oauth.net/articles/authentication/

Hans.

On Sat, Aug 17, 2019 at 8:31 PM John Bradley <ve7jtb@ve7jtb.com>; wrote:

> The openID Connect kind of OAuth server.
>
> OAuth on its own is not designed to be secure for identity federation.
>
> John B.
> On 8/17/2019 1:23 PM, Salz, Rich wrote:
>
> What’s the WG consensus (heh) on the best guide to adding OAUTH support to
> an existing server so that it can act as an identity provider?  Which
> version of oauth is most widely deployed by relying parties these days?
>
>
>
> I want to add OAUTH support to the IETF datatracker.
>
>
>
> Thanks for any pointers.  Replies to me will be summarized for the list.
>
>
>
>                 /r$
>
>
>
> _______________________________________________
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>


-- 
hans.zandbelt@zmartzone.eu
ZmartZone IAM - www.zmartzone.eu