Re: [OAUTH-WG] Decentralized OAuth2.0 -- FW: New Version Notification for draft-hardjono-oauth-decentralized-00.txt

Thomas Hardjono <> Thu, 02 February 2017 13:32 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 276CE129449; Thu, 2 Feb 2017 05:32:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7.4
X-Spam-Status: No, score=-7.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id hdMHVVaKGowe; Thu, 2 Feb 2017 05:32:14 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 7B81C129442; Thu, 2 Feb 2017 05:32:14 -0800 (PST)
X-AuditID: 1209190f-3a3ff700000038d4-e9-589334dcc122
Received: from ( []) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id B6.32.14548.CD433985; Thu, 2 Feb 2017 08:32:13 -0500 (EST)
Received: from ( []) by (8.13.8/8.9.2) with ESMTP id v12DWCtN015875; Thu, 2 Feb 2017 08:32:12 -0500
Received: from W92EXEDGE5.EXCHANGE.MIT.EDU ( []) by (8.13.8/8.12.4) with ESMTP id v12DWBec013409; Thu, 2 Feb 2017 08:32:11 -0500
Received: from ( by W92EXEDGE5.EXCHANGE.MIT.EDU ( with Microsoft SMTP Server (TLS) id 14.3.339.0; Thu, 2 Feb 2017 08:31:26 -0500
Received: from ([]) by ([]) with mapi id 14.03.0339.000; Thu, 2 Feb 2017 08:32:10 -0500
From: Thomas Hardjono <>
To: Aaron Parecki <>
Thread-Topic: [OAUTH-WG] Decentralized OAuth2.0 -- FW: New Version Notification for draft-hardjono-oauth-decentralized-00.txt
Thread-Index: AQHSfOVlyUPOs0QsG0eqL+eCJmsJw6FVMCIAgACGjGQ=
Date: Thu, 2 Feb 2017 13:32:10 +0000
Message-ID: <>
References: <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrPKsWRmVeSWpSXmKPExsUixCmqrHvXZHKEwf9DAhbnVrlZ3J67ks3i 5NtXbA7MHkuW/GTyaJiZFsAUxWWTkpqTWZZapG+XwJXR1vCHueC9dMWkmyvZGxjfinUxcnJI CJhILG/Zx9zFyMUhJNDGJPG44xwbhLOfUaJn1g5GCOcoo8Tl5ZNYIZxtjBKPfs9nh3BWMkpM ndDKBDKMTUBDou1HLzuILSKgKnGtsY0RxGYWSJSY9HsaWFxYoE7i6KRXzBA19RJTu/+yQdhW Er3/rrCA2CwCKhJrJt0Fq+EVCJJov3wbatl0Ronrm3eCFXEKBEp0bDgOtoBRQEzi+6k1TBDL xCVuPZnPBPGdoMSi2XuYIWwxiX+7HrJB2IoSDX83sELU60gs2P2JDcLWlli28DXUYkGJkzOf sExglJiFZOwsJC2zkLTMQtKygJFlFaNsSm6Vbm5iZk5xarJucXJiXl5qka6JXm5miV5qSukm RnA8SvLvYJzT4H2IUYCDUYmHN0NsUoQQa2JZcWXuIUZJDiYlUd4pWpMjhPiS8lMqMxKLM+KL SnNSiw8xSnAwK4nw3tEDyvGmJFZWpRblw6SkOViUxHnFNRojhATSE0tSs1NTC1KLYLIyHBxK ErzbjYEaBYtS01Mr0jJzShDSTBycIMN5gIZngdTwFhck5hZnpkPkTzEqSonzWoIkBEASGaV5 cL3gdMnuKfaKURzoFWHeGyBVPMBUC9f9CmgwE9Dgn48ngQwuSURISTUwrvILmblv20Y5udi5 N/Rd7c+4z790+K7pcXup6qapFw5GJU/gO6a+eXfKszzBFap1cw6auUnuc8kv2bsym3e1LFOm n0lMabj49ItWDTen7Un62HfkbNsqHb7GlyfM17ww+ZBqb1f1bdJ0W853gk9++Un/rdjkeVrs 4O1L9WX93OsXWPp3Mp6+rsRSnJFoqMVcVJwIAHGi/P5yAwAA
Archived-At: <>
Cc: "" <>, "" <>
Subject: Re: [OAUTH-WG] Decentralized OAuth2.0 -- FW: New Version Notification for draft-hardjono-oauth-decentralized-00.txt
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 Feb 2017 13:32:16 -0000

What's needed would be (a) contracts servers that can talk to one another, (b) addition of pub-keys to some well known endpoints, and (c) some actual contracts with actual legal prose :-)

The contract server could be treated as a protected endpoint (e.g. at the AS), but since contract agreement is a 2-way handshake we may need to add some new message flows.


From: Aaron Parecki []
Sent: Wednesday, February 01, 2017 7:26 PM
To: Thomas Hardjono
Subject: Re: [OAUTH-WG] Decentralized OAuth2.0 -- FW: New Version Notification for draft-hardjono-oauth-decentralized-00.txt

The introduction sounds great, especially acknowledging the problems due to "the predominance of the web single sign-on model as the basis for the user interaction"... but is there a summary of what this actually describes? I see a lot of boilerplate text, and defining some new terms, but I don't actually know what I would implement after reading this.

Aaron Parecki<>

On Wed, Feb 1, 2017 at 3:48 PM, Thomas Hardjono <<>> wrote:


This may be of interest. Its forward-looking, I know. Appreciate any comments on the draft.



From:<> [<>]
Sent: Wednesday, February 01, 2017 6:39 PM
To: Thomas Hardjono
Subject: New Version Notification for draft-hardjono-oauth-decentralized-00.txt

A new version of I-D, draft-hardjono-oauth-decentralized-00.txt
has been successfully submitted by Thomas Hardjono and posted to the
IETF repository.

Name:           draft-hardjono-oauth-decentralized
Revision:       00
Title:          Decentralized Service Architecture for OAuth2.0
Document date:  2017-02-01
Group:          Individual Submission
Pages:          21

   This document proposes an alternative service architecture for user-
   centric control of the sharing of resources, such as personal data,
   using the decentralized peer-to-peer computing paradigm.  The term
   'control' is used here to denote the full capacity of the user to
   freely select (i) the entities with whom to share resources (e.g.
   data), and (ii) the entities which provide services implementing
   user-controlled resource sharing.  The peer-to-peer service
   architecture uses a set of computing nodes called OAuth2.0 Nodes (ON)
   that are part of a peer-to-peer network as the basis for the
   decentralized service architecture.  Each OAuth2.0 Nodes is assumed
   to have the capability to provide AS-services, RS-services and

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at<>.

The IETF Secretariat

OAuth mailing list<>