Re: [OAUTH-WG] IPR on OAuth bearer
William Mills <wmills@yahoo-inc.com> Wed, 09 May 2012 22:04 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CA7C011E80E0 for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 15:04:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.741
X-Spam-Level:
X-Spam-Status: No, score=-15.741 tagged_above=-999 required=5 tests=[AWL=-1.157, BAYES_40=-0.185, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pJ+Js+g9LrZz for <oauth@ietfa.amsl.com>; Wed, 9 May 2012 15:04:46 -0700 (PDT)
Received: from nm5-vm0.bullet.mail.sp2.yahoo.com (nm5-vm0.bullet.mail.sp2.yahoo.com [98.139.91.204]) by ietfa.amsl.com (Postfix) with SMTP id 18CD811E80D7 for <oauth@ietf.org>; Wed, 9 May 2012 15:04:46 -0700 (PDT)
Received: from [72.30.22.79] by nm5.bullet.mail.sp2.yahoo.com with NNFMP; 09 May 2012 22:04:46 -0000
Received: from [98.139.91.51] by tm13.bullet.mail.sp2.yahoo.com with NNFMP; 09 May 2012 22:04:46 -0000
Received: from [127.0.0.1] by omp1051.mail.sp2.yahoo.com with NNFMP; 09 May 2012 22:04:45 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 992388.87587.bm@omp1051.mail.sp2.yahoo.com
Received: (qmail 21821 invoked by uid 60001); 9 May 2012 22:04:45 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1336601085; bh=qxwBoMmeVRTG3UitAL9FvSN5vEzx/uw51sRas3x8OAc=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=YQgzsMB56Z57qgzN/9XmLfuWmQUqokAGWjGJQzploLTypIQAYzRdT0Vbd5BYt6qa351xxSEHdQpzX/faoHRPFnUzzQAaJxfbtDuvv360TuNVVtIW/Uel9BoJRGdEH1PMCMACsnh52exbNyFMKyTbC+2HAYvdlbqKsLfAQU0CTIU=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=Zrg0qmDmmGt9EKc0gRA6wcS9KNLek5tsu783qk2MMs8yfWNU1GT7CKM+0gEYZp62yaY69zUAr7YYup1gm3OvXv0uAmi281QZ+Gq9+0+92fi0EMVnFai45hJzFNP9O+TeknkTURSBebG8dHeuBXdlRfMRce38jz/Yd1mH5+OU8LI=;
X-YMail-OSG: qVOPYO0VM1mq8AmqMGyFMmm5S8qHc5kQl58g_HgS.geXpzA .Ug0y0A76c_7RMrbqcS4_ApgXLT.1DFaLDBfQ.Jt6ETkBnvIadpoVljJIhHA 1CEKkQKaYlhLkgaPLeSJpN643h8kVC0IBocmZr7lK1OdwnBm9em1XjTvxUqE Bj1pT1M2O8OBIexzhReld9SWco0cmTb7EB7Uj091HWFs.MtMughEnLqWgfFb PjintMkcXhXYdPS2YOXenWsVubQtkNerpA16WzwnJIuyVa8x3XvaJD1o4Vv5 g3HQC.bAJM.HAc2AlSTTPeksGvzoVV5KcBNiXWmc7Azt_gn6DQD4cPrdwfHq .F211bDtmWlx32nPXjQY_VbXzSGf1Pq_Y5DtYgn0kvoLv8JetQEQsYRN0ksB 8N3jx1IryRO78Anh_uUZX5GsGspeIE_1_6QncPgiV0meHm1U2sA--
Received: from [209.131.62.120] by web31803.mail.mud.yahoo.com via HTTP; Wed, 09 May 2012 15:04:45 PDT
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.118.349524
References: <0E17EDDE-567A-40BF-9CB9-0D6B757FF0A5@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA2010259C4@P3PWEX2MB008.ex2.secureserver.net> <6CE569CC-091C-456D-8426-FB3200ED4667@gmx.net> <0CBAEB56DDB3A140BA8E8C124C04ECA201025F4F@P3PWEX2MB008.ex2.secureserver.net> <4FAAC251.3010903@mtcc.com> <0CBAEB56DDB3A140BA8E8C124C04ECA201026058@P3PWEX2MB008.ex2.secureserver.net> <4FAAC6C4.7080502@mtcc.com> <4FAAD2DF.4080500@cs.tcd.ie> <4FAAD43C.501@mtcc.com> <tslbolxgha4.fsf@mit.edu>
Message-ID: <1336601085.34230.YahooMailNeo@web31803.mail.mud.yahoo.com>
Date: Wed, 09 May 2012 15:04:45 -0700
From: William Mills <wmills@yahoo-inc.com>
To: Sam Hartman <hartmans-ietf@mit.edu>, Michael Thomas <mike@mtcc.com>
In-Reply-To: <tslbolxgha4.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="1502656925-82259641-1336601085=:34230"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] IPR on OAuth bearer
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2012 22:04:46 -0000
Is it correct to say that the IPR in question touched the portion of Bearer that deals with allowing the token in the URL, and that tokens in the Auth header and tokens in POST body? If so, then for me this issue is another reason not to use tokens in the URL, which I would already recommend against for several reasons. We would not use this in our own implementations. -bill >________________________________ > From: Sam Hartman <hartmans-ietf@mit.edu> >To: Michael Thomas <mike@mtcc.com> >Cc: "oauth@ietf.org WG" <oauth@ietf.org> >Sent: Wednesday, May 9, 2012 2:45 PM >Subject: Re: [OAUTH-WG] IPR on OAuth bearer > >So, here are statements that you could make as part of this discussion >that would be entirely in scope: > >1) I've read the IPR. Prior to this disclosure I was interested in >developing|deploying|shipping an implementation of this >specification. Now I am not. > >2) I think you could go so far as to say. Based on this IPR I would no >longer feel comfortable making an open-source implementation of this >spec available. > >3) Or on the other side: I've reviewed this new IPR and I believe I >could implement|ship|deploy|whatever this specification. > >Or if you don't like giving out as much information as 1-3: > >4) I've reviewed the new IPr and I recommend that we not advance this >standard > >5) I've reviewed the IPR and I do recommend we advance. > >Obviously, people may weigh statements of the form 1-3 with more value >than 4-5. However it's really hard to get many organizations to say >something in the 1-3 range. > >Other valid things to say in such a context include: > >6) We've successfully obtained any licenses we believe that we need in >order to implement this specification given the IPR. > >7) We attempted to obtain the licenses we needed in order to implement >given this IPR but were unsuccessful. > >believe all the above statements are acceptable. In particular, none of >them comment on the validity of the IPR nor give legal advice about >stuff. > >I believe you could even go so far as to say something like I believe >that an open-source implementation of this technology is|is not >important to whether we should standardize it. I believe we've come very >close to that in the past. >_______________________________________________ >OAuth mailing list >OAuth@ietf.org >https://www.ietf.org/mailman/listinfo/oauth > > >
- [OAUTH-WG] IPR on OAuth bearer Hannes Tschofenig
- Re: [OAUTH-WG] IPR on OAuth bearer Eran Hammer
- Re: [OAUTH-WG] IPR on OAuth bearer Hannes Tschofenig
- Re: [OAUTH-WG] IPR on OAuth bearer Eran Hammer
- Re: [OAUTH-WG] IPR on OAuth bearer Michael Thomas
- Re: [OAUTH-WG] IPR on OAuth bearer Hannes Tschofenig
- Re: [OAUTH-WG] IPR on OAuth bearer Eran Hammer
- Re: [OAUTH-WG] IPR on OAuth bearer Eran Hammer
- Re: [OAUTH-WG] IPR on OAuth bearer Michael Thomas
- Re: [OAUTH-WG] IPR on OAuth bearer Stephen Farrell
- Re: [OAUTH-WG] IPR on OAuth bearer Eran Hammer
- Re: [OAUTH-WG] IPR on OAuth bearer Hannes Tschofenig
- Re: [OAUTH-WG] IPR on OAuth bearer Michael Thomas
- Re: [OAUTH-WG] IPR on OAuth bearer Stephen Farrell
- Re: [OAUTH-WG] IPR on OAuth bearer Sam Hartman
- Re: [OAUTH-WG] IPR on OAuth bearer William Mills
- Re: [OAUTH-WG] IPR on OAuth bearer Eliot Lear
- Re: [OAUTH-WG] IPR on OAuth bearer Dick Hardt