IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth 1.0a

Dick Hardt <dick.hardt@gmail.com> Tue, 14 August 2012 21:11 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ECFE821F8630 for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 14:11:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.273
X-Spam-Level:
X-Spam-Status: No, score=-3.273 tagged_above=-999 required=5 tests=[AWL=-0.275, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02wjDqggjLk2 for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 14:11:46 -0700 (PDT)
Received: from mail-qa0-f44.google.com (mail-qa0-f44.google.com [209.85.216.44]) by ietfa.amsl.com (Postfix) with ESMTP id 019CF21F861E for <oauth@ietf.org>; Tue, 14 Aug 2012 14:11:45 -0700 (PDT)
Received: by qadb17 with SMTP id b17so2709169qad.10 for <oauth@ietf.org>; Tue, 14 Aug 2012 14:11:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer; bh=Rsl+hpJm3fQVIMVSoiJg9Yfud4x731utYygAax2s4fg=; b=VdlBZKSD/JcCvHXTwM2GfNyl2Ca44TTifGTD3WOpW7fke0980ly5B47BaShWd/z92H hXFLO+cXsSu5TjbLVv63Px27BT12InwF3EYK6rp0iUQ8V5nNVkT4l7qrJiPrT7UhHdEc QaVngAP38LFpOlfXC9FtY1W98XMmc1V4GXcbJPQR+XNOOcdhMjXn/JbOx7Uchs266YI3 J6YuuRd4N73Wcd3IXLrROhSvedm2vNLC3WBuarzzsGuX89Ke9cVSxsJn43rBIHhPjJB0 292QtRf7UkIEbvJfXXvlX4DM39DzuudRtBCKVtoY0uiznNjRNzMzT9WqOnyK85A+RVZ4 bsTQ==
Received: by 10.50.188.130 with SMTP id ga2mr14220694igc.32.1344978704272; Tue, 14 Aug 2012 14:11:44 -0700 (PDT)
Received: from [10.0.0.4] (c-24-5-69-173.hsd1.ca.comcast.net. [24.5.69.173]) by mx.google.com with ESMTPS id ut5sm411325igc.13.2012.08.14.14.11.39 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 14 Aug 2012 14:11:43 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: multipart/alternative; boundary="Apple-Mail=_027B7564-2706-423B-9DAE-E166345116C4"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <1344974023.98979.YahooMailNeo@web31804.mail.mud.yahoo.com>
Date: Tue, 14 Aug 2012 14:11:38 -0700
Message-Id: <CA388970-E08B-4C5E-A5BA-A8DC2CA9C4D5@gmail.com>
References: <1344972117.60342.YahooMailNeo@web31802.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B168042967394366777A7F@TK5EX14MBXC283.redmond.corp.microsoft.com> <1344973056.51964.YahooMailNeo@web31812.mail.mud.yahoo.com> <502AAA2D.1050404@lodderstedt.net> <1344974023.98979.YahooMailNeo@web31804.mail.mud.yahoo.com>
To: William Mills <wmills_92105@yahoo.com>
X-Mailer: Apple Mail (2.1278)
Cc: O Auth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 1.0a
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2012 21:11:47 -0000

FYI: Google's SASL for IMAP is with OAuth 1.0A -- took me a while to get it working.

On Aug 14, 2012, at 12:53 PM, William Mills wrote:

> I want to get the SASL work done.   HoK is interesting, but I've become convinced that it's not actually anything that needs it's own spec, you can do HoK with MAC or any other signed scheme by including the needed proof of ownership in the token.   HoK, however it works out, is unlikely to vary a lot from the elements that would currently be needed to support MAC or 1.0a and if needed can just extend the SASL mechanism.
> 
> -bill
> 
> From: Torsten Lodderstedt <torsten@lodderstedt.net>
> To: William Mills <wmills_92105@yahoo.com> 
> Cc: Mike Jones <Michael.Jones@microsoft.com>; O Auth WG <oauth@ietf.org> 
> Sent: Tuesday, August 14, 2012 12:42 PM
> Subject: Re: [OAUTH-WG] OAuth 1.0a
> 
> Hi Bill,
> 
> do you need to specify this aspect of your SASL profile now? Why don't you wait for the group to complete the work on signing/HoK? 
> 
> You could also contribute your use cases to drive the discussion.
> 
> best regards,
> Torsten.
> 
> Am 14.08.2012 21:37, schrieb William Mills:
>> It's for the OAUTH SASL spec.  I've been writing it with the idea that OAuth 1.0a would work (since I think we'll have extant 1.0a typ[e tokens we want to allow for IMAP), but several folks were saying when this all started that 1.0a was dead and I should not refer to it.
>> 
>> I want to make sure the SASL mechanism is build to properly handle signed auth schemes and not just bearer (cookie) type.  
>> 
>> -bill
>> 
>> From: Mike Jones <Michael.Jones@microsoft.com>
>> To: William Mills <wmills_92105@yahoo.com>; O Auth WG <oauth@ietf.org> 
>> Sent: Tuesday, August 14, 2012 12:28 PM
>> Subject: RE: [OAUTH-WG] OAuth 1.0a
>> 
>> What problem are you trying to solve?
>>  
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of William Mills
>> Sent: Tuesday, August 14, 2012 12:22 PM
>> To: O Auth WG
>> Subject: [OAUTH-WG] OAuth 1.0a
>>  
>> What's the general opinion on 1.0a?  Am I stepping in something if I refer to it in another draft?  I want to reference an auth scheme that uses signing and now MAC is apparently going back to the drawing board, so I'm thinking about using                           1.0a.
>>  
>> Thanks,
>>  
>> -bill
>> 
>> 
>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email