Re: [OAUTH-WG] OAuth Recharting
William Denniss <wdenniss@google.com> Thu, 17 December 2015 23:07 UTC
Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E9071B310D for <oauth@ietfa.amsl.com>; Thu, 17 Dec 2015 15:07:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZovlS8MuL7x for <oauth@ietfa.amsl.com>; Thu, 17 Dec 2015 15:07:10 -0800 (PST)
Received: from mail-qg0-x22a.google.com (mail-qg0-x22a.google.com [IPv6:2607:f8b0:400d:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 967C21B310C for <oauth@ietf.org>; Thu, 17 Dec 2015 15:07:10 -0800 (PST)
Received: by mail-qg0-x22a.google.com with SMTP id p88so5084811qge.1 for <oauth@ietf.org>; Thu, 17 Dec 2015 15:07:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=ddjenMi4vHbpW7b9zvDH/A1IlyaaBhhZhHpTLXTGxYw=; b=SHkCnyF7j56R85LzTOIDNnh0gSUV6bpAXoMg6kPQiVb4uXLyya1ltjURHJ3Nt/iVBf 6Mfaj/2Uh2cGgb3kzCCgPFF6gXA3o+ya+XjImQ7ZasefAVmvV0hBlVuZHrijzn3NZfQK RARKcsZi/dffX2O1YKcEICsCzHkU0DV2snMP2Xg+DwA+9YiKhEpB5iDIlEwtvrugU0Ax m/JOarWfJ5DB/ZFyFKugbpX8APbvVXepsaxA0owq0H9FtbzwIg0iqOL6Sgckc9Xdv5hW AC4cAYZAnoU+zHImUQsOBnPplf9oabudiH6HOTRetXw4FFjAIJ3e3a3e1yZrHAu54Dl7 AtsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ddjenMi4vHbpW7b9zvDH/A1IlyaaBhhZhHpTLXTGxYw=; b=ZlBvt4QI902K5AcjDZCvjUpOBbLmZ02xPeTqZYc9hI19T4pQV0Vf528vGk6p4rFzCj JGpfxGg2Kdbg2CDCOdNdk+iEXTXmQU8DO5DozWSw4wr81dXa5DKfF0rua3XGBWIiiahM cLRIYTSWVRizdSMdAe7CTZE1EYMoIIc3gqe5lyRmRB3sHBY3azBj9gz5x34WIxXn0cVG rtMWco+fVmhNlBetfvJlWs8yo1CHRDFN5djT2DHOwn2cLKbz7RnZfk3R9APCTr4lLKO7 bb5bYgXOiWu1shHS0a+WyGuKOe1dSTY2NAtDizZJguMNAROrBUM+UbHZ3gGJrJSmWl+3 eJyg==
X-Gm-Message-State: ALoCoQmGZC0WtRiEhz6OMmjqYqqYuFDNSYHJPYbSEj3msRCQoTLuoUjbnnKKZkslpCmOyy1Z4Z34prNoEag8p2ehrukLIBLeSsHUsvn2w9FnlYX/K+VTSLg=
X-Received: by 10.140.85.102 with SMTP id m93mr515393qgd.83.1450393629706; Thu, 17 Dec 2015 15:07:09 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.82.231 with HTTP; Thu, 17 Dec 2015 15:06:50 -0800 (PST)
In-Reply-To: <5672DBE7.30101@gmx.net>
References: <5672DBE7.30101@gmx.net>
From: William Denniss <wdenniss@google.com>
Date: Thu, 17 Dec 2015 15:06:50 -0800
Message-ID: <CAAP42hAyzOgTgMHTB2KbrZ4rqR++uOVwAQGFq9AqA99cDYD6kA@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary="001a11c128161598b805272015b0"
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/3gLUA0rrLRnG9abB7PhRHFijnwA>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Recharting
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2015 23:07:12 -0000
Looks good to me Hannes, thanks for putting it together! On Thu, Dec 17, 2015 at 7:59 AM, Hannes Tschofenig < hannes.tschofenig@gmx.net> wrote: > Hi all, > > at the last IETF meeting in Yokohama we had a rechartering discussion > and below is proposed text for the new charter. Please take a look at it > and tell me whether it appropriately covers the discussions from our > last meeting. > > --------------- > > Charter Text > > The Web Authorization (OAuth) protocol allows a user to grant a > third-party Web site or application access to the user's protected > resources, without necessarily revealing their long-term credentials, > or even their identity. For example, a photo-sharing site that > supports OAuth could allow its users to use a third-party printing Web > site to print their private pictures, without allowing the printing > site to gain full control of the user's account and without having the > user share his or her photo-sharing sites' long-term credential with > the printing site. > > The OAuth 2.0 protocol suite already includes > > * a procedure for enabling a client to register with an authorization > server, > * a protocol for obtaining authorization tokens from an authorization > server with the resource owner's consent, and > * protocols for presenting these authorization tokens to protected > resources for access to a resource. > > This protocol suite has been enhanced with functionality for > interworking with legacy identity infrastructure (e.g., SAML), token > revocation, token exchange, dynamic client registration, token > introspection, a standardized token format with the JSON Web Token, and > specifications that mitigate security attacks, such as Proof Key for > Code Exchange. > > The ongoing standardization efforts within the OAuth working group > focus on increasing interoperability of OAuth deployments and to > improve security. More specifically, the working group is defining proof > of possession tokens, developing a discovery mechanism, > providing guidance for the use of OAuth with native apps, re-introducing > the device flow used by devices with limited user interfaces, additional > security enhancements for clients communicating with multiple service > providers, definition of claims used with JSON Web Tokens, techniques to > mitigate open redirector attacks, as well as guidance on encoding state > information. > > For feedback and discussion about our specifications please > subscribe to our public mailing list. > > For security related bug reports that relate to our specifications > please contact <<TBD>>. If the reported bug > report turns out to be implementation-specific we will > attempt to forward it to the appropriate developers. > > --------------- > > > Ciao > Hannes > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
- [OAUTH-WG] OAuth Recharting Hannes Tschofenig
- Re: [OAUTH-WG] OAuth Recharting William Denniss
- Re: [OAUTH-WG] OAuth Recharting Kepeng Li
- Re: [OAUTH-WG] OAuth Recharting Hannes Tschofenig
- Re: [OAUTH-WG] OAuth Recharting Hannes Tschofenig