Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
Bill Mills <wmills_92105@yahoo.com> Tue, 01 September 2015 16:37 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 345A11B523B for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 09:37:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.209
X-Spam-Level:
X-Spam-Status: No, score=-2.209 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gysdfdl7ZWFp for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 09:37:12 -0700 (PDT)
Received: from nm27-vm1.bullet.mail.bf1.yahoo.com (nm27-vm1.bullet.mail.bf1.yahoo.com [98.139.213.148]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A65B1B5366 for <oauth@ietf.org>; Tue, 1 Sep 2015 09:37:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1441125431; bh=obDAR2T9HAGaZXDB4+QTYDBlTHuRs1IEGCKBDzLQNPg=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=CI6pAV7z7mnJYlket+gwNq0bFj47gmv9EGwYtIkoilUeJ6/bTQ6vfyv912rg2iw91HTj0Zfoz6Y/LNXdKlM89GbARidmy6hsuq4c/uwC4YCL7R1hobcr+RyvjD7JGdr9lMChR5/YQdfwEqZtHCuZ2QtdBkWRAwAV2VWEqvZiwXic6qoS/enqSGv81GS7d9j2aHCuOMHA85MxHi/W0QM8fkEmTWeamhWe2Oj+Liw0odTK045FvNHn7zaR11dEodsxjNNz5vgFujy6VZUogY/Nr7lJUrCEVrIttgurzwDZG0Y0RbxLokmmbMYzuNi9FVhcajmQCK0HEsWm+7aPRt+ZhA==
Received: from [98.139.170.182] by nm27.bullet.mail.bf1.yahoo.com with NNFMP; 01 Sep 2015 16:37:11 -0000
Received: from [98.139.212.205] by tm25.bullet.mail.bf1.yahoo.com with NNFMP; 01 Sep 2015 16:37:11 -0000
Received: from [127.0.0.1] by omp1014.mail.bf1.yahoo.com with NNFMP; 01 Sep 2015 16:37:11 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 299857.69342.bm@omp1014.mail.bf1.yahoo.com
X-YMail-OSG: yBhoZUAVM1kU4ji9iBNts0E.wnyxnctnW1EBfqiIJ5L3dqIWU06FG6JcDxJ6dDz irRrz3HxEFKPG90hFxdPUWG1aIefXhQDr7H_xpMqoKAHIRy7xwQXiS.qSR0FZn.ScEWnN13uozCa tuv79kJm5TCvytQw8ygW17_WAHnZ5CrENgEvEfSrGVo9F0P4a5e_AT40kImLZSvk3btyjzceXWJF 9JDIW5VfBW8UaG7LaKPWQK_rUAK4NLV98W9Ag5fBg0vX3SwkJJgfZOGoAjcpGTtOFXPcudiyxgaU hgLT24Vj2dJWkZZsAUtFNMioLJyfDw3iux9adrW2brE2YhRdzukL7d7MBf.hWWFj3Aaqc8XXft6T C_8JjneD.XbAVfCYATqshAOXxweSnLR.8sclxo6Au3CA_47Ryzl3sAkSMt38HxGmR7udMEvnOIV. bUYIu072H3K8loCJdr8KM8kvGSdrqK3DsiV1xANOGu33bH1to03_w9VAwhi_JM06Fo6JM_IPsZtD NDkBKvTUl.MpPKmMvRpLgSpmvshpHugujoc8cDWndLHJgRg--
Received: by 66.196.81.119; Tue, 01 Sep 2015 16:37:10 +0000
Date: Tue, 01 Sep 2015 16:37:10 +0000
From: Bill Mills <wmills_92105@yahoo.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>, Mike Jones <Michael.Jones@microsoft.com>, Bill Mills <wimills@microsoft.com>, Phil Hunt <phil.hunt@oracle.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Message-ID: <553525297.4176073.1441125430398.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <4FCA2B2B-8AF8-464D-91ED-793D295C8DCB@lodderstedt.net>
References: <4FCA2B2B-8AF8-464D-91ED-793D295C8DCB@lodderstedt.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_4176072_1886219246.1441125430390"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/0TqK3fYsmLUhwtW0RsFWaerDtdA>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 16:37:16 -0000
And thank you Hannes for all the guidance and being agreat collaborator on this!
And to the WG, chairs, and shepherds, we did somethinggood here. Thank you all for the review,attention, time, and your help as well.
-bill
On Tuesday, September 1, 2015 9:04 AM, Torsten Lodderstedt <torsten@lodderstedt.net> wrote:
+1
Am 1. September 2015 17:44:12 MESZ, schrieb Mike Jones <Michael.Jones@microsoft.com>:
Congratulations, Bill!
-----Original Message-----
From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Phil Hunt
Sent: Tuesday, September 01, 2015 8:14 AM
To: Hannes Tschofenig
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
+1 !
Phil
On Aug 31, 2015, at 23:24, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
FYI: Thanks to Bill for the hard work!
-------- Forwarded Message --------
Subject: RFC 7628 on A Set of Simple Authentication and Security Layer
(SASL) Mechanisms for OAuth
Date: Mon, 31 Aug 2015 21:56:17 -0700 (PDT)
From: rfc-editor@rfc-editor.org
Reply-To: ietf@ietf.org
To: ietf-announce@ietf.org,rfc-dist@rfc-editor.org
CC: kitten@ietf.org, drafts-update-ref@iana.org,
rfc-editor@rfc-editor.org
A new Request for Comments is now available in online RFC libraries.
RFC 7628
Title: A Set of Simple Authentication
and Security Layer (SASL) Mechanisms
for OAuth
Author: W. Mills, T. Showalter, H. Tschofenig
Status: Standards Track
Stream: IETF
Date: August 2015
Mailbox: wmills_92105@yahoo.com,
tjs@psaux.com,
Hannes.Tschofenig@gmx.net
Pages: 21
Characters: 46408
Updates/Obsoletes/SeeAlso: None
I-D Tag: draft-ietf-kitten-sasl-oauth-23.txt
URL: https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.rfc-editor.org%2finfo%2frfc7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=J1hIDrCTw8Xi1hMvg3ZaZ1xvdEFhol3BqHt2q6u6VWg%3d
DOI: https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdx.doi.org%2f10.17487%2fRFC7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fQVXZSXwbGDS7YVQ446RDFuPUxHNoLLwedzfrx0xKUE%3d
OAuth enables a third-party application to obtain limited access to a
protected resource, either on behalf of a resource owner by
orchestrating an approval interaction or by allowing the third-party
application to obtain access on its own behalf.
This document defines how an application client uses credentials
obtained via OAuth over the Simple Authentication and SecurityLayer
(SASL) to access a protected resource at a resource server. Thereby,
it enables schemes defined within the OAuth framework for
non-HTTP-based application protocols.
Clients typically store the user's long-term credential. This does,
however, lead to significant security vulnerabilities, for example,
when such a credential leaks. A significant benefit of OAuth for
usage in those clients is that the password is replaced by a shared
secret with higher entropy, i.e., the token. Tokens typically provide
limited access rights and can be managed and revoked separately from
the user's long-term password.
This document is a product of the Common Authentication Technology
Next Generation Working Group of the IETF.
This is now a Proposed Standard.
STANDARDS TRACK: This document specifies an Internet Standards Track
protocol for the Internet community, andrequests discussion and
suggestions for improvements. Please refer to the current edition of
the Official Internet Protocol Standards
(https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.
rfc-editor.org%2fstandards&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=7JPZiamj4nhqHgthEPDIzgpqkvR%2fAA6bj4Ck5vijFPU%3d) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i
etf.org%2fmailman%2flistinfo%2fietf-announce&data=01%7c01%7cMichael.Jo
nes%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f14
1af91ab2d7cd011db47%7c1&sdata=aGciLH4fsxKJ6MUO%2fPp6BMj3JFJ37oTjdaSJ5t
WbEkg%3d
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmailm
an.rfc-editor.org%2fmailman%2flistinfo%2frfc-dist&data=01%7c01%7cMicha
el.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf
86f141af91ab2d7cd011db47%7c1&sdata=agec9juMh0Zzn1mrY6avpBrLPlFfCs8zsyx
8bSLgDdc%3d
For searching the RFC series, see
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r
fc-editor.org%2fsearch&data=01%7c01%7cMichael.Jones%40microsoft.com%7c
9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c
1&sdata=veVw3wrA9Wz6CWTUfVTLCKAdduFgUDkiaabcuqFyRxc%3d
For downloading RFCs, see
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r
fc-editor.org%2frfc.html&data=01%7c01%7cMichael.Jones%40microsoft.com%
7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%
7c1&sdata=93atgoSh8enZBPOxNfMophuutPvidnrfoMxOc0XmjS8%3d
Requests for special distribution should beaddressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.
Unless specifically noted otherwise on the RFC itself, all RFCs are
for unlimited distribution.
The RFC Editor Team
Association Management Solutions, LLC
OAuth mailing list
OAuth@ietf.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i
etf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40mi
crosoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2
d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%
3d
OAuth mailing list
OAuth@ietf.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%3d
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authe… Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Phil Hunt
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Mike Jones
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Torsten Lodderstedt
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Bill Mills
- Re: [OAUTH-WG] RFC 7628 on A Set of Simple Authen… Justin Richer
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Bill Mills