Re: [OAUTH-WG] OAuth Recharting

William Denniss <wdenniss@google.com> Thu, 17 December 2015 23:07 UTC

Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E9071B310D for <oauth@ietfa.amsl.com>; Thu, 17 Dec 2015 15:07:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ZovlS8MuL7x for <oauth@ietfa.amsl.com>; Thu, 17 Dec 2015 15:07:10 -0800 (PST)
Received: from mail-qg0-x22a.google.com (mail-qg0-x22a.google.com [IPv6:2607:f8b0:400d:c04::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 967C21B310C for <oauth@ietf.org>; Thu, 17 Dec 2015 15:07:10 -0800 (PST)
Received: by mail-qg0-x22a.google.com with SMTP id p88so5084811qge.1 for <oauth@ietf.org>; Thu, 17 Dec 2015 15:07:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=ddjenMi4vHbpW7b9zvDH/A1IlyaaBhhZhHpTLXTGxYw=; b=SHkCnyF7j56R85LzTOIDNnh0gSUV6bpAXoMg6kPQiVb4uXLyya1ltjURHJ3Nt/iVBf 6Mfaj/2Uh2cGgb3kzCCgPFF6gXA3o+ya+XjImQ7ZasefAVmvV0hBlVuZHrijzn3NZfQK RARKcsZi/dffX2O1YKcEICsCzHkU0DV2snMP2Xg+DwA+9YiKhEpB5iDIlEwtvrugU0Ax m/JOarWfJ5DB/ZFyFKugbpX8APbvVXepsaxA0owq0H9FtbzwIg0iqOL6Sgckc9Xdv5hW AC4cAYZAnoU+zHImUQsOBnPplf9oabudiH6HOTRetXw4FFjAIJ3e3a3e1yZrHAu54Dl7 AtsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ddjenMi4vHbpW7b9zvDH/A1IlyaaBhhZhHpTLXTGxYw=; b=ZlBvt4QI902K5AcjDZCvjUpOBbLmZ02xPeTqZYc9hI19T4pQV0Vf528vGk6p4rFzCj JGpfxGg2Kdbg2CDCOdNdk+iEXTXmQU8DO5DozWSw4wr81dXa5DKfF0rua3XGBWIiiahM cLRIYTSWVRizdSMdAe7CTZE1EYMoIIc3gqe5lyRmRB3sHBY3azBj9gz5x34WIxXn0cVG rtMWco+fVmhNlBetfvJlWs8yo1CHRDFN5djT2DHOwn2cLKbz7RnZfk3R9APCTr4lLKO7 bb5bYgXOiWu1shHS0a+WyGuKOe1dSTY2NAtDizZJguMNAROrBUM+UbHZ3gGJrJSmWl+3 eJyg==
X-Gm-Message-State: ALoCoQmGZC0WtRiEhz6OMmjqYqqYuFDNSYHJPYbSEj3msRCQoTLuoUjbnnKKZkslpCmOyy1Z4Z34prNoEag8p2ehrukLIBLeSsHUsvn2w9FnlYX/K+VTSLg=
X-Received: by 10.140.85.102 with SMTP id m93mr515393qgd.83.1450393629706; Thu, 17 Dec 2015 15:07:09 -0800 (PST)
MIME-Version: 1.0
Received: by 10.140.82.231 with HTTP; Thu, 17 Dec 2015 15:06:50 -0800 (PST)
In-Reply-To: <5672DBE7.30101@gmx.net>
References: <5672DBE7.30101@gmx.net>
From: William Denniss <wdenniss@google.com>
Date: Thu, 17 Dec 2015 15:06:50 -0800
Message-ID: <CAAP42hAyzOgTgMHTB2KbrZ4rqR++uOVwAQGFq9AqA99cDYD6kA@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary=001a11c128161598b805272015b0
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/3gLUA0rrLRnG9abB7PhRHFijnwA>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth Recharting
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2015 23:07:12 -0000

Looks good to me Hannes, thanks for putting it together!

On Thu, Dec 17, 2015 at 7:59 AM, Hannes Tschofenig <
hannes.tschofenig@gmx.net> wrote:

> Hi all,
>
> at the last IETF meeting in Yokohama we had a rechartering discussion
> and below is proposed text for the new charter. Please take a look at it
> and tell me whether it appropriately covers the discussions from our
> last meeting.
>
> ---------------
>
> Charter Text
>
> The Web Authorization (OAuth) protocol allows a user to grant a
> third-party Web site or application access to the user's protected
> resources, without necessarily revealing their long-term credentials,
> or even their identity. For example, a photo-sharing site that
> supports OAuth could allow its users to use a third-party printing Web
> site to print their private pictures, without allowing the printing
> site to gain full control of the user's account and without having the
> user share his or her photo-sharing sites' long-term credential with
> the printing site.
>
> The OAuth 2.0 protocol suite already includes
>
> * a procedure for enabling a client to register with an authorization
> server,
> * a protocol for obtaining authorization tokens from an authorization
> server with the resource owner's consent, and
> * protocols for presenting these authorization tokens to protected
> resources for access to a resource.
>
> This protocol suite has been enhanced with functionality for
> interworking with legacy identity infrastructure (e.g., SAML), token
> revocation, token exchange, dynamic client registration, token
> introspection, a standardized token format with the JSON Web Token, and
> specifications that mitigate security attacks, such as Proof Key for
> Code Exchange.
>
> The ongoing standardization efforts within the OAuth working group
> focus on increasing interoperability of OAuth deployments and to
> improve security. More specifically, the working group is defining proof
> of possession tokens, developing a discovery mechanism,
> providing guidance for the use of OAuth with native apps, re-introducing
> the device flow used by devices with limited user interfaces, additional
> security enhancements for clients communicating with multiple service
> providers, definition of claims used with JSON Web Tokens, techniques to
> mitigate open redirector attacks, as well as guidance on encoding state
> information.
>
> For feedback and discussion about our specifications please
> subscribe to our public mailing list.
>
> For security related bug reports that relate to our specifications
> please contact <<TBD>>. If the reported bug
> report turns out to be implementation-specific we will
> attempt to forward it to the appropriate developers.
>
> ---------------
>
>
> Ciao
> Hannes
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>