Re: [OAUTH-WG] OAUTH Report for IETF-83

William Mills <wmills@yahoo-inc.com> Thu, 29 March 2012 23:26 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E58C021F861F for <oauth@ietfa.amsl.com>; Thu, 29 Mar 2012 16:26:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.259
X-Spam-Level:
X-Spam-Status: No, score=-17.259 tagged_above=-999 required=5 tests=[AWL=0.339, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id not6efP27vcZ for <oauth@ietfa.amsl.com>; Thu, 29 Mar 2012 16:26:33 -0700 (PDT)
Received: from nm8-vm2.bullet.mail.ne1.yahoo.com (nm8-vm2.bullet.mail.ne1.yahoo.com [98.138.90.156]) by ietfa.amsl.com (Postfix) with SMTP id 715C121F8687 for <oauth@ietf.org>; Thu, 29 Mar 2012 16:26:33 -0700 (PDT)
Received: from [98.138.90.54] by nm8.bullet.mail.ne1.yahoo.com with NNFMP; 29 Mar 2012 23:26:28 -0000
Received: from [98.138.89.161] by tm7.bullet.mail.ne1.yahoo.com with NNFMP; 29 Mar 2012 23:26:28 -0000
Received: from [127.0.0.1] by omp1017.mail.ne1.yahoo.com with NNFMP; 29 Mar 2012 23:26:28 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 725114.77312.bm@omp1017.mail.ne1.yahoo.com
Received: (qmail 52424 invoked by uid 60001); 29 Mar 2012 23:26:28 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1333063588; bh=1sQp9B1S0sOZQS7jTkyUTw3PaXV1FLmaELJ3mLjdjf8=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=g55yCFk/uQUZIud12jmd9wJbti+PDLHyRfS6sq5mTvangvbazbwYxcY9LIhGftoqsfdvepgUoI6SRZGJT6b+X2fIgX7t0FiLY9pr3hanADqDdgTL05dt0Aw+rUc++QC+itPJHqlynFmTV6FMcZA/5Re1Md51zpuvvcwGAK/FLs4=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=OmheZNuaHFIvRZbUaYQQbA9JlogIiQCaqJ1WnO/xc6zSDHi8LMy3ax17ZtgyP58EWJbnjAvM6tm5XR2oPrHqxQqIddCNfAkDXKekM9c6XwZWY1KMTohebuM6ab6KgESo73spZtzA7oMULBGW9kUGQzbv3D8mN4WIt1Nfod/kqBw=;
X-YMail-OSG: wVjB2DEVM1m0t.EYyIautkR9Q3DhzhZUJp5xngZh5lKkSDR KpJFv9zxprlri48XOFac2KY8fSCgSX0InQA3zRDnTt1_WWPX3o5u9E6pyMuM ULbNE1I0ZPf4tdEvJ871j9Wb0L9AewuHGNisxxpg1ZWsMDeVLV0rtLWXd4Yb Aq.2.eNzkF.07rrLmus8mNI4EfdpS_Zd4C3ZEqMCngHJDMolcHfx1C8r9psA k1WdzUQg0D2rG_y4tuGsQTpH8q6PR7FeCRYTLnTebPLC16ivj1zdiQ5.gVqi uXULb3RtKV6bgqv6evSUPno1EHkB7_MMIt3ThKGuOof7WMsLuCGfnkKgYydF la.XCXZptUjzpI4LhP_i.LNQJcW5chwuU_uZTJFodmFGJWnuMIpfjHW2.fbb vCInHM8jnSfx02WwCQXOkhl8fNI0uNqv8t_hYwo.sKPa5cOSK2Zo-
Received: from [209.131.62.115] by web31816.mail.mud.yahoo.com via HTTP; Thu, 29 Mar 2012 16:26:28 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.117.340979
References: <sjmk423bf7c.fsf@mocana.ihtfp.org> <90C41DD21FB7C64BB94121FBBC2E723453B42BB4E5@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Message-ID: <1333063588.49896.YahooMailNeo@web31816.mail.mud.yahoo.com>
Date: Thu, 29 Mar 2012 16:26:28 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Eran Hammer <eran@hueniverse.com>, Derek Atkins <derek@ihtfp.com>, "saag@ietf.org" <saag@ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723453B42BB4E5@P3PW5EX1MB01.EX1.SECURESERVER.NET>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1238014912-2004229102-1333063588=:49896"
Subject: Re: [OAUTH-WG] OAUTH Report for IETF-83
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 23:26:34 -0000

On the SWD stuff there was general discussion about "is this the right place?", and there "were issues raised".  The question was also asked "well, where is the right place?" which got crickets.  It is exactly coming back to the list for discussion to sort out the right place.




>________________________________
> From: Eran Hammer <eran@hueniverse.com>
>To: Derek Atkins <derek@ihtfp.com>; "saag@ietf.org" <saag@ietf.org>; "oauth@ietf.org" <oauth@ietf.org> 
>Sent: Thursday, March 29, 2012 8:44 AM
>Subject: Re: [OAUTH-WG] OAUTH Report for IETF-83
> 
>Hi Derek,
>
>Thanks for the notes. Is an audio recording available?
>
>> -----Original Message-----
>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf
>> Of Derek Atkins
>> Sent: Thursday, March 29, 2012 8:27 AM
>> To: saag@ietf.org; oauth@ietf.org
>> Subject: [OAUTH-WG] OAUTH Report for IETF-83
>> 
>> Hi,
>> 
>> OAUTH met earlier this afternoon in Afternoon Session I at 13h00 for a two
>> hour session.  After introducing ourselves and welcoming me to the working
>> group we thanked Barry and Blaine for their service.
>> 
>> Torsten spoke about draft-ietf-oauth-v2-threatmodel.  This document has
>> completed WG Last Call.  Torsten has applied changes based on the Last Call
>> Comments and has published a new revision.  Barry promised to finish his
>> PROTO Shepard review next week so we can send this document to the
>> IESG.  He promises to take Mike Thomas' issues from the list into account and
>> make sure that everyone is happy.
>> 
>> [ I'd like to extend a personal thank you to Barry for continuing his role
>>   as document shephard for this draft.  -- derek ]
>> 
>> Next, Mike Jones spoke about the Assertions, SAML2 Bearer, and URN-Sub-
>> NS drafts.  Except for one outstanding issue Mike believes these documents
>> are ready for WGLC.  Consensus in the room was to take these three docs to
>> WGLC, which the chairs will do by the end of next week.
>> 
>> The MAC Token draft has languished while time was spent working on the
>> core document.  Eran was not here, nor was he online, to talk about the
>> status of the MAC Token draft.  There were only a few people in the room
>> interested in reviewing the draft, which was not a clear consensus of
>> interest, even though this document does solve a problem that the bearer
>> tokens cannot.  The chairs will take it to the list to evaluate if there is enough
>> interest to continue with this document.
>
>As I've updated the list and chairs on multiple occasions, the draft is practically ready. There was some late arriving feedback which I did not get around to process. However, the main issue is lack of WG interest in this work. I am still planning to finish it by making very minor tweaks to the current draft, but would be very happy to make it an individual submission.
>
>The MAC draft has largely been my personal project to date.
>
>> In a related note, this document (as well as the v2-bearer document) is not
>> available off the tools page even though it has not expired.  I have taken the
>> action item to get that sorted out.
>> 
>> Finally, we spent the majority of our time talking about rechartering based on
>> the proposed charter sent to the list by Hannes a week or two ago.
>> Consensus of the room was that there was enough interest to recharter
>> based roughly on the proposed charter.  There was also consensus to include
>> Simple Web Discovery (in addition to, and separate from, Dynamic Client
>> Registration), although we will need to work with the ADs to make sure it
>> gets handled in the appropriate WG and Area.
>> Moreover, it's important to make sure the appropriate applications area
>> participants get involved in the SWD work.
>
>There is something very awkward about discussing SWD both in the context of this working group, and in the context of future OAuth discovery work. The idea of picking a discovery mechanism before the WG had a single discussion about what is included in discovery and what are the use cases and requirement is absurd.
>
>There has not been consensus on the list for including SWD in the WG charter.
>
>The only justification I have heard so far for this WG to be the SWD venue is that it's easy because the author and a few other people interested are already here. That's not a valid reason.
>
>Any further work on SWD also requires the IETF to view it in light of RFC 6415 (host-meta) which is a proposed standard approved in October 2011. The IETF is not in the 'flavor of the month' business. Proper process requires discussion about the merits of redoing the host-meta work from scratch in a non-compatible way just because a handful of people 'like it better' with little technical justification.
>
>Either way, this discussion does not belong here.
>
>EH
>
>_______________________________________________
>OAuth mailing list
>OAuth@ietf.org
>https://www.ietf.org/mailman/listinfo/oauth
>
>
>