Re: [OAUTH-WG] OAuth & Authentication: What can go wrong?
Antonio Sanso <asanso@adobe.com> Fri, 12 September 2014 06:50 UTC
Return-Path: <asanso@adobe.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98EEA1A065E for <oauth@ietfa.amsl.com>; Thu, 11 Sep 2014 23:50:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PVe-ARLzftHb for <oauth@ietfa.amsl.com>; Thu, 11 Sep 2014 23:49:59 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0067.outbound.protection.outlook.com [207.46.100.67]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2ED611A0481 for <oauth@ietf.org>; Thu, 11 Sep 2014 23:49:59 -0700 (PDT)
Received: from CO1PR02MB206.namprd02.prod.outlook.com (10.242.165.144) by CO1PR02MB207.namprd02.prod.outlook.com (10.242.165.145) with Microsoft SMTP Server (TLS) id 15.0.1024.12; Fri, 12 Sep 2014 06:49:57 +0000
Received: from CO1PR02MB206.namprd02.prod.outlook.com ([169.254.8.15]) by CO1PR02MB206.namprd02.prod.outlook.com ([169.254.8.227]) with mapi id 15.00.1024.012; Fri, 12 Sep 2014 06:49:56 +0000
From: Antonio Sanso <asanso@adobe.com>
To: Gil Kirkpatrick <gil.kirkpatrick@viewds.com>
Thread-Topic: [OAUTH-WG] OAuth & Authentication: What can go wrong?
Thread-Index: AQHPzhAmMHQIk99MzUygvz3fbiy7mZv8hE2AgAAE/ACAAAtuAIAAGS8AgABhmAA=
Date: Fri, 12 Sep 2014 06:49:56 +0000
Message-ID: <CCB56177-EA8F-41D4-A21E-9A10EF27E977@adobe.com>
References: <em7d1c74fc-9e92-4fdc-b198-c7f011f62f76@gilsdesktop>
In-Reply-To: <em7d1c74fc-9e92-4fdc-b198-c7f011f62f76@gilsdesktop>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.147.117.11]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;UriScan:;
x-forefront-prvs: 0332AACBC3
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(377424004)(189002)(53754006)(13464003)(479174003)(24454002)(199003)(377454003)(15202345003)(106116001)(16236675004)(106356001)(19617315012)(77096002)(105586002)(90102001)(50986999)(76176999)(54356999)(87936001)(36756003)(85306004)(101416001)(99396002)(95666004)(99286002)(77982001)(15975445006)(79102001)(82746002)(76482001)(33656002)(4396001)(110136001)(19580395003)(83322001)(19580405001)(80022001)(66066001)(20776003)(21056001)(86362001)(64706001)(46102001)(81342001)(92566001)(81542001)(92726001)(97736003)(2656002)(85852003)(83072002)(74662001)(74502001)(107046002)(31966008)(83716003)(104396001); DIR:OUT; SFP:1101; SCL:1; SRVR:CO1PR02MB207; H:CO1PR02MB206.namprd02.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: multipart/alternative; boundary="_000_CCB56177EA8F41D4A21E9A10EF27E977adobecom_"
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/282s7ujBS2MNyb9WVcGGpo7L33c
Cc: Derek Atkins <derek@ihtfp.com>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth & Authentication: What can go wrong?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Sep 2014 06:50:02 -0000
I would like to attend as well … regards antonio On Sep 12, 2014, at 3:00 AM, Gil Kirkpatrick <gil.kirkpatrick@viewds.com<mailto:gil.kirkpatrick@viewds.com>> wrote: +1 for me. ------ Original Message ------ From: "John Bradley" <ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>> To: "Nat Sakimura" <sakimura@gmail.com<mailto:sakimura@gmail.com>> Cc: "Derek Atkins" <derek@ihtfp.com<mailto:derek@ihtfp.com>>; "oauth@ietf.org<mailto:oauth@ietf.org>" <oauth@ietf.org<mailto:oauth@ietf.org>> Sent: 12/09/2014 9:30:50 AM Subject: Re: [OAUTH-WG] OAuth & Authentication: What can go wrong? And me Sent from my iPhone On Sep 11, 2014, at 7:49 PM, Nat Sakimura <sakimura@gmail.com<mailto:sakimura@gmail.com>> wrote: Add me, too. 2014-09-12 7:32 GMT+09:00 Anthony Nadalin <tonynad@microsoft.com<mailto:tonynad@microsoft.com>>: Add me -----Original Message----- From: OAuth [mailto:oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org>] On Behalf Of Hannes Tschofenig Sent: Thursday, September 11, 2014 3:30 PM To: oauth@ietf.org<mailto:oauth@ietf.org> Cc: Derek Atkins Subject: [OAUTH-WG] OAuth & Authentication: What can go wrong? Hi all, at the last IETF meeting Mike gave a presentation about the draft-hunt-oauth-v2-user-a4c and the conclusion following the discussion was to discuss the problems that happen when OAuth gets used for authentication. The goal of this effort is to document the problems in an informational document. Conference calls could start in about 2 weeks and we would like to know who would be interested to participate in such a discussion. Please drop us a private mail so that we can find suitable dates/times. Ciao Hannes & Derek _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] OAuth & Authentication: What can go wr… Hannes Tschofenig
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Anthony Nadalin
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Nat Sakimura
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Phil Hunt
- Re: [OAUTH-WG] OAuth & Authentication: What can g… John Bradley
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Gil Kirkpatrick
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Antonio Sanso
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Tirumaleswar Reddy (tireddy)
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Torsten Lodderstedt