IETF Logo Mail Archive

Re: [OAUTH-WG] RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth

Justin Richer <jricher@mit.edu> Tue, 01 September 2015 17:59 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D3501B66AD for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 10:59:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QuEm1JTqzV3o for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 10:59:53 -0700 (PDT)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 577021B4F54 for <oauth@ietf.org>; Tue, 1 Sep 2015 10:59:53 -0700 (PDT)
X-AuditID: 1209190d-f796f6d000005314-fc-55e5e797b70c
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 26.23.21268.797E5E55; Tue, 1 Sep 2015 13:59:51 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id t81HxogA028744; Tue, 1 Sep 2015 13:59:50 -0400
Received: from artemisia.richer.local (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id t81HxixU000787 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 1 Sep 2015 13:59:48 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail=_F0265934-B26B-4E2F-99D8-CD94E5422395"
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Justin Richer <jricher@mit.edu>
In-Reply-To: <553525297.4176073.1441125430398.JavaMail.yahoo@mail.yahoo.com>
Date: Tue, 01 Sep 2015 13:59:44 -0400
Message-Id: <AC67A23A-C398-43D9-B7FF-DA9037B1B7F8@mit.edu>
References: <4FCA2B2B-8AF8-464D-91ED-793D295C8DCB@lodderstedt.net> <553525297.4176073.1441125430398.JavaMail.yahoo@mail.yahoo.com>
To: Bill Mills <wmills_92105@yahoo.com>
X-Mailer: Apple Mail (2.2104)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrIKsWRmVeSWpSXmKPExsUixCmqrDv9+dNQg9cndC2W7rzHarF32icW i5NvX7FZLJjfyG7x6thTFot7bycyWXzrus7swO6xeNN+No8lS34yeRzr6Wf1aN3xl93j49Nb LB6zZh1mCmCL4rJJSc3JLEst0rdL4Mp4t3EpY0HnU8aK/1PPsTYwrjnD2MXIySEhYCLR3rcQ yhaTuHBvPVsXIxeHkMBiJonnfycwQTgbGCWWf17FDuE8YJKYs+YmE0gLs0CCxJMLrewgNq+A nsSrW5dZQWxhgUKJr6tWsIHYbAKqEtPXtIDVcwr4SNxfcIQZxGYRUJHoPruIGWQos8BMJolF 2xpYIAZZSazd+IYZYlsTo0TH6m9AB3JwiAioSzR/94a4VVZi9+9HTBMYBWYhuWMWkjsg4toS yxa+ZoawNSX2dy9nwRTXkOj8NpF1ASPbKkbZlNwq3dzEzJzi1GTd4uTEvLzUIl0jvdzMEr3U lNJNjOCYkuTdwfjuoNIhRgEORiUe3o6PT0KFWBPLiitzDzFKcjApifL+f/g0VIgvKT+lMiOx OCO+qDQntfgQowQHs5IIb8RhoBxvSmJlVWpRPkxKmoNFSZx30w++ECGB9MSS1OzU1ILUIpis DAeHkgTvhGdAjYJFqempFWmZOSUIaSYOTpDhPEDDj4HU8BYXJOYWZ6ZD5E8xKkqJ8557CpQQ AElklObB9cJS3itGcaBXhHk1QNp5gOkSrvsV0GAmoMHTXcEGlyQipKQaGJVySzvKbm56Z7Yz ym3j9D09JwI+PrpYsYNZtJclROrcz6OGTQ1XStwXibgd61vto3HFcnXGggaXxwXpBdHX7SZs NlltstkgPzLPR79QKnCbxpTeJ13PbURUzv6QXR/zvjznQHb9obp5L9m3RD9eZPj7jUjAhvbK Y6nzV+mIvzxkX/xeeta030osxRmJhlrMRcWJAD4zevZUAwAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/3LnnHe9KQkDNZYUDSzh_JKA2e20>
Cc: Bill Mills <wimills@microsoft.com>, "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 17:59:58 -0000

Hooray, congratulations!

 — Justin

> On Sep 1, 2015, at 12:37 PM, Bill Mills <wmills_92105@yahoo.com> wrote:
> 
> And thank you Hannes for all the guidance and being a great collaborator on this!
>  
> And to the WG, chairs, and shepherds, we did something good here.  Thank you all for the review, attention, time, and your help as well.
>  
> -bill
> 
> 
> 
> On Tuesday, September 1, 2015 9:04 AM, Torsten Lodderstedt <torsten@lodderstedt.net> wrote:
> 
> 
> +1
> 
> Am 1. September 2015 17:44:12 MESZ, schrieb Mike Jones <Michael.Jones@microsoft.com>:
> Congratulations, Bill!
> 
> -----Original Message-----
> From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Phil Hunt
> Sent: Tuesday, September 01, 2015 8:14 AM
> To: Hannes Tschofenig
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
> 
> +1 !
> 
> Phil
> 
> On Aug 31, 2015, at 23:24, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> 
> FYI: Thanks to Bill for the hard work!
> 
> -------- Forwarded Message --------
> Subject: RFC 7628 on A Set of Simple Authentication and Security Layer
> (SASL) Mechanisms for OAuth
> Date: Mon, 31 Aug 2015 21:56:17 -0700 (PDT)
> From: rfc-editor@rfc-editor.org
> Reply-To: ietf@ietf.org
> To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
> CC: kitten@ietf.org, drafts-update-ref@iana.org, 
> rfc-editor@rfc-editor.org
> 
> A new Request for Comments is now available in online RFC libraries.
> 
> 
> RFC 7628
> 
> Title: A Set of Simple Authentication
> and Security Layer (SASL) Mechanisms
> for OAuth
> Author: W. Mills, T. Showalter, H. Tschofenig
> Status: Standards Track
> Stream: IETF
> Date: August 2015
> Mailbox: wmills_92105@yahoo.com,
> tjs@psaux.com,
> Hannes.Tschofenig@gmx.net
> Pages: 21
> Characters: 46408
> Updates/Obsoletes/SeeAlso: None
> 
> I-D Tag: draft-ietf-kitten-sasl-oauth-23.txt
> 
> URL: https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.rfc-editor.org%2finfo%2frfc7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=J1hIDrCTw8Xi1hMvg3ZaZ1xvdEFhol3BqHt2q6u6VWg%3d <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.rfc-editor.org%2finfo%2frfc7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=J1hIDrCTw8Xi1hMvg3ZaZ1xvdEFhol3BqHt2q6u6VWg%3d>
> 
> DOI: https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdx.doi.org%2f10.17487%2fRFC7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fQVXZSXwbGDS7YVQ446RDFuPUxHNoLLwedzfrx0xKUE%3d <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdx.doi.org%2f10.17487%2fRFC7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fQVXZSXwbGDS7YVQ446RDFuPUxHNoLLwedzfrx0xKUE%3d>
> 
> OAuth enables a third-party application to obtain limited access to a 
> protected resource, either on behalf of a resource owner by 
> orchestrating an approval interaction or by allowing the third-party 
> application to obtain access on its own behalf.
> 
> This document defines how an application client uses credentials 
> obtained via OAuth over the Simple Authentication and Security Layer
> (SASL) to access a protected resource at a resource server. Thereby, 
> it enables schemes defined within the OAuth framework for 
> non-HTTP-based application protocols.
> 
> Clients typically store the user's long-term credential. This does, 
> however, lead to significant security vulnerabilities, for example, 
> when such a credential leaks. A significant benefit of OAuth for 
> usage in those clients is that the password is replaced by a shared 
> secret with higher entropy, i.e., the token. Tokens typically provide 
> limited access rights and can be managed and revoked separately from 
> the user's long-term password.
> 
> This document is a product of the Common Authentication Technology 
> Next Generation Working Group of the IETF.
> 
> This is now a Proposed Standard.
> 
> STANDARDS TRACK: This document specifies an Internet Standards Track 
> protocol for the Internet community, and requests discussion and 
> suggestions for improvements. Please refer to the current edition of 
> the Official Internet Protocol Standards 
> (https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww>.
> rfc-editor.org <http://rfc-editor.org/>%2fstandards&data=01%7c01%7cMichael.Jones%40microsoft.com <http://40microsoft.com/>%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=7JPZiamj4nhqHgthEPDIzgpqkvR%2fAA6bj4Ck5vijFPU%3d) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
> 
> This announcement is sent to the IETF-Announce and rfc-dist lists.
> To subscribe or unsubscribe, see
> 
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i>
> etf.org <http://etf.org/>%2fmailman%2flistinfo%2fietf-announce&data=01%7c01%7cMichael.Jo
> nes%40microsoft.com <http://40microsoft.com/>%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f14
> 1af91ab2d7cd011db47%7c1&sdata=aGciLH4fsxKJ6MUO%2fPp6BMj3JFJ37oTjdaSJ5t
> WbEkg%3d 
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmailm <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmailm>
> an.rfc-editor.org <http://an.rfc-editor.org/>%2fmailman%2flistinfo%2frfc-dist&data=01%7c01%7cMicha
> el.Jones%40microsoft.com <http://40microsoft.com/>%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf
> 86f141af91ab2d7cd011db47%7c1&sdata=agec9juMh0Zzn1mrY6avpBrLPlFfCs8zsyx
> 8bSLgDdc%3d
> 
> For searching the RFC series, see 
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r>
> fc-editor.org <http://fc-editor.org/>%2fsearch&data=01%7c01%7cMichael.Jones%40microsoft.com <http://40microsoft.com/>%7c
> 9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c
> 1&sdata=veVw3wrA9Wz6CWTUfVTLCKAdduFgUDkiaabcuqFyRxc%3d
> For downloading RFCs, see 
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r>
> fc-editor.org <http://fc-editor.org/>%2frfc.html&data=01%7c01%7cMichael.Jones%40microsoft.com <http://40microsoft.com/>%
> 7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%
> 7c1&sdata=93atgoSh8enZBPOxNfMophuutPvidnrfoMxOc0XmjS8%3d
> 
> Requests for special distribution should be addressed to either the 
> author of the RFC in question, or to rfc-editor@rfc-editor.org. 
> Unless specifically noted otherwise on the RFC itself, all RFCs are 
> for unlimited distribution.
> 
> 
> The RFC Editor Team
> Association Management Solutions, LLC
> 
> 
> 
> 
> 
> 
> OAuth mailing list
> OAuth@ietf.org
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i>
> etf.org <http://etf.org/>%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40mi
> crosoft.com <http://crosoft.com/>%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2
> d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%
> 3d
> 
> 
> OAuth mailing list
> OAuth@ietf.org
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%3d <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%3d>
> 
> 
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org <mailto:OAuth@ietf.org>
> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email