Re: [OAUTH-WG] OAuth Signature Draft Pre 00
Yaron Goland <yarong@microsoft.com> Mon, 30 August 2010 18:47 UTC
Return-Path: <yarong@microsoft.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 007343A69D8 for <oauth@core3.amsl.com>; Mon, 30 Aug 2010 11:47:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.058
X-Spam-Level:
X-Spam-Status: No, score=-9.058 tagged_above=-999 required=5 tests=[AWL=-1.428, BAYES_50=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, URI_HEX=0.368]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id suJho3MpQw3C for <oauth@core3.amsl.com>; Mon, 30 Aug 2010 11:47:12 -0700 (PDT)
Received: from smtp.microsoft.com (mail2.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id 4085B3A67E5 for <oauth@ietf.org>; Mon, 30 Aug 2010 11:47:12 -0700 (PDT)
Received: from TK5EX14MLTC101.redmond.corp.microsoft.com (157.54.79.178) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Mon, 30 Aug 2010 11:47:37 -0700
Received: from TK5EX14MBXC111.redmond.corp.microsoft.com ([169.254.2.83]) by TK5EX14MLTC101.redmond.corp.microsoft.com ([157.54.79.178]) with mapi id 14.01.0218.010; Mon, 30 Aug 2010 11:47:37 -0700
From: Yaron Goland <yarong@microsoft.com>
To: Nat Sakimura <sakimura@gmail.com>, oauth <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] OAuth Signature Draft Pre 00
Thread-Index: AQHLQ5NTskJRZ9216Eiyqpsl+JC0y5L6XcEw
Date: Mon, 30 Aug 2010 18:47:36 +0000
Message-ID: <7C01E631FF4B654FA1E783F1C0265F8C62D263BB@TK5EX14MBXC111.redmond.corp.microsoft.com>
References: <AANLkTikSKX8jisucEbZOUnkGYUz0DnBSB_KWXGM3bJcS@mail.gmail.com>
In-Reply-To: <AANLkTikSKX8jisucEbZOUnkGYUz0DnBSB_KWXGM3bJcS@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.71]
Content-Type: multipart/mixed; boundary="_005_7C01E631FF4B654FA1E783F1C0265F8C62D263BBTK5EX14MBXC111r_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] OAuth Signature Draft Pre 00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2010 18:47:46 -0000
BTW, Nat and I, as mentioned below, are talking. Here is my current draft. Please keep in mind that it's really just a set of notes trying to capture all the issues involved in creating a secure token format so it's a bit dense. My hope is that once all the issues are captured it can be completely re-written to be in something that looks more like English and is easier for actual implementers to follow. But for now I think it gives a good sense of the some of the security challenges in creating a secure token format. Yaron From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Nat Sakimura Sent: Tuesday, August 24, 2010 6:50 AM To: oauth Subject: [OAUTH-WG] OAuth Signature Draft Pre 00 Hi. It has been a few weeks since then I volunteered to do this work. I have written up to this pre 00 draft then have been doing some reality checks on some script languages etc. No. This pre-00 draft is far from being feature complete. I still need to copy and paste the Magic Signatures text etc. Also, I should add how this spec is being used in some of the major flows. However, since I will not be able to work on it this week, I thought it would be worthwhile to share this early draft so that you have some clarity into the progress. Apparently, Yaron has been working on it as well. We will compare the notes and try to merge, I hope. So, here it is! #For those of you who have seen the private draft, it has not been changed since July 31. Best, =nat
- [OAUTH-WG] OAuth Signature Draft Pre 00 Nat Sakimura
- Re: [OAUTH-WG] OAuth Signature Draft Pre 00 Yaron Goland
- Re: [OAUTH-WG] OAuth Signature Draft Pre 00 hdknr hidelafoglia
- Re: [OAUTH-WG] OAuth Signature Draft Pre 00 Anthony Nadalin
- Re: [OAUTH-WG] OAuth Signature Draft Pre 00 hdknr hidelafoglia
- Re: [OAUTH-WG] OAuth Signature Draft Pre 00 David Recordon
- Re: [OAUTH-WG] OAuth Signature Draft Pre 00 Yaron Goland
- Re: [OAUTH-WG] OAuth Signature Draft Pre 00 Dirk Balfanz
- Re: [OAUTH-WG] OAuth Signature Draft Pre 00 Anthony Nadalin
- Re: [OAUTH-WG] OAuth Signature Draft Pre 00 David Recordon
- Re: [OAUTH-WG] OAuth Signature Draft Pre 00 Mike Jones