IETF Logo Mail Archive

Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth

Bill Mills <wimills@microsoft.com> Tue, 01 September 2015 15:50 UTC

Return-Path: <wimills@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86E5D1B5EC7 for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 08:50:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14hReRNZXqkm for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 08:50:09 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0771.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::771]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C64601B4EB5 for <oauth@ietf.org>; Tue, 1 Sep 2015 08:50:08 -0700 (PDT)
Received: from BLUPR03MB407.namprd03.prod.outlook.com (10.141.78.24) by BLUPR03MB439.namprd03.prod.outlook.com (10.141.78.151) with Microsoft SMTP Server (TLS) id 15.1.262.15; Tue, 1 Sep 2015 15:50:05 +0000
Received: from BLUPR03MB407.namprd03.prod.outlook.com ([10.141.78.24]) by BLUPR03MB407.namprd03.prod.outlook.com ([10.141.78.24]) with mapi id 15.01.0256.013; Tue, 1 Sep 2015 15:50:05 +0000
From: Bill Mills <wimills@microsoft.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Phil Hunt <phil.hunt@oracle.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
Thread-Index: AQHQ5Ir75W0PLpZNOkaEhwVtHuhg4J4nyH8AgAAH7bCAAAF5cA==
Date: Tue, 01 Sep 2015 15:50:05 +0000
Message-ID: <BLUPR03MB407A68F3473239EAC23FDF7A86A0@BLUPR03MB407.namprd03.prod.outlook.com>
References: <20150901045617.CB44D187A98@rfc-editor.org> <55E544A6.3050203@gmx.net> <514ABD00-586C-4ABC-A867-698CBC50DA79@oracle.com> <BY2PR03MB442A1C544C1DE1B7608E971F56A0@BY2PR03MB442.namprd03.prod.outlook.com>
In-Reply-To: <BY2PR03MB442A1C544C1DE1B7608E971F56A0@BY2PR03MB442.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=wimills@microsoft.com;
x-originating-ip: [2602:306:31fd:42a0:cdcd:5e19:7cdb:9355]
x-microsoft-exchange-diagnostics: 1; BLUPR03MB439; 5:p/hCras9xR9Hg4u+nrqhfNWFVI1qOaRMFm/UvPQtjTs4c6RsFix3JZiocRu3MBee2hxxLaKApxnoGgoAobLOXMI7BkEhnT+ZCaoWy4G4UOPnj5CWslXUlBIjUKwPqOmRz0sBFZCU7xkC7R/6qSiCtQ==; 24:IS1FWJB2Dr/Ib3gKGE72lRVD5M6UMGyTKeVIxJuxfzieZhXJPk++/vn92eIZiTveHNOdz5UauvpeXSI5vKGbBwkCq6qBV4/Xc1LCJ6BHgxc=; 20:8CEnG1bhPl0USV1t6Lh29B6i5Q5IsUBs6nbeOFDMwm0RYLf/vLRC7LUUUaGY/F3ut5cyQyNfv8WDfee6bIdVhg==
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(42134001)(42139001); SRVR:BLUPR03MB439;
x-microsoft-antispam-prvs: <BLUPR03MB4399CB9129AD057D26C0D78A86A0@BLUPR03MB439.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(108003899814671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(5005006)(8121501046)(3002001); SRVR:BLUPR03MB439; BCL:0; PCL:0; RULEID:; SRVR:BLUPR03MB439;
x-forefront-prvs: 06860EDC7B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(15594002)(377454003)(13464003)(69234005)(199003)(24454002)(2473001)(4001540100001)(64706001)(81156007)(97736004)(2900100001)(5004730100002)(2950100001)(5007970100001)(5880100001)(5001860100001)(77156002)(62966003)(5001830100001)(2421001)(68736005)(92566002)(5003600100002)(46102003)(1511001)(5001770100001)(77096005)(102836002)(15975445007)(5005710100001)(10400500002)(10290500002)(76576001)(8990500004)(10090500001)(106116001)(106356001)(105586002)(99286002)(86362001)(575784001)(87936001)(86612001)(76176999)(50986999)(54356999)(19580395003)(74316001)(19580405001)(33656002)(101416001)(40100003)(5001960100002)(2561002)(551544002)(5002640100001)(122556002)(93886004)(2656002)(189998001)(24704002)(3826002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB439; H:BLUPR03MB407.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Sep 2015 15:50:05.4097 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLUPR03MB439
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/3pXwwBpecG2JNLpBZme0KKIjKiw>
X-Mailman-Approved-At: Wed, 02 Sep 2015 07:30:14 -0700
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 15:50:11 -0000

And thank you Hannes for all the guidance and being a great collaborator on this!

And to the WG, chairs, and shepherds, we did something good here.  Thank you all for the review, attention, time, and your help as well.

-bill

-----Original Message-----
From: Mike Jones 
Sent: Tuesday, September 1, 2015 8:44 AM
To: Bill Mills <wimills@microsoft.com>; Phil Hunt <phil.hunt@oracle.com>; Hannes Tschofenig <hannes.tschofenig@gmx.net>
Cc: oauth@ietf.org
Subject: RE: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth

Congratulations, Bill!

-----Original Message-----
From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Phil Hunt
Sent: Tuesday, September 01, 2015 8:14 AM
To: Hannes Tschofenig
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth

+1 !

Phil

> On Aug 31, 2015, at 23:24, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> 
> FYI: Thanks to Bill for the hard work!
> 
> -------- Forwarded Message --------
> Subject: RFC 7628 on A Set of Simple Authentication and Security Layer
> (SASL) Mechanisms for OAuth
> Date: Mon, 31 Aug 2015 21:56:17 -0700 (PDT)
> From: rfc-editor@rfc-editor.org
> Reply-To: ietf@ietf.org
> To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
> CC: kitten@ietf.org, drafts-update-ref@iana.org, 
> rfc-editor@rfc-editor.org
> 
> A new Request for Comments is now available in online RFC libraries.
> 
> 
>        RFC 7628
> 
>        Title:      A Set of Simple Authentication
>                    and Security Layer (SASL) Mechanisms
>                    for OAuth
>        Author:     W. Mills, T. Showalter, H. Tschofenig
>        Status:     Standards Track
>        Stream:     IETF
>        Date:       August 2015
>        Mailbox:    wmills_92105@yahoo.com,
>                    tjs@psaux.com,
>                    Hannes.Tschofenig@gmx.net
>        Pages:      21
>        Characters: 46408
>        Updates/Obsoletes/SeeAlso:   None
> 
>        I-D Tag:    draft-ietf-kitten-sasl-oauth-23.txt
> 
>        URL:        https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.rfc-editor.org%2finfo%2frfc7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=J1hIDrCTw8Xi1hMvg3ZaZ1xvdEFhol3BqHt2q6u6VWg%3d
> 
>        DOI:        https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdx.doi.org%2f10.17487%2fRFC7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fQVXZSXwbGDS7YVQ446RDFuPUxHNoLLwedzfrx0xKUE%3d
> 
> OAuth enables a third-party application to obtain limited access to a 
> protected resource, either on behalf of a resource owner by 
> orchestrating an approval interaction or by allowing the third-party 
> application to obtain access on its own behalf.
> 
> This document defines how an application client uses credentials 
> obtained via OAuth over the Simple Authentication and Security Layer
> (SASL) to access a protected resource at a resource server.  Thereby, 
> it enables schemes defined within the OAuth framework for 
> non-HTTP-based application protocols.
> 
> Clients typically store the user's long-term credential.  This does, 
> however, lead to significant security vulnerabilities, for example, 
> when such a credential leaks.  A significant benefit of OAuth for 
> usage in those clients is that the password is replaced by a shared 
> secret with higher entropy, i.e., the token.  Tokens typically provide 
> limited access rights and can be managed and revoked separately from 
> the user's long-term password.
> 
> This document is a product of the Common Authentication Technology 
> Next Generation Working Group of the IETF.
> 
> This is now a Proposed Standard.
> 
> STANDARDS TRACK: This document specifies an Internet Standards Track 
> protocol for the Internet community, and requests discussion and 
> suggestions for improvements.  Please refer to the current edition of 
> the Official Internet Protocol Standards 
> (https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.
> rfc-editor.org%2fstandards&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=7JPZiamj4nhqHgthEPDIzgpqkvR%2fAA6bj4Ck5vijFPU%3d) for the standardization state and status of this protocol.  Distribution of this memo is unlimited.
> 
> This announcement is sent to the IETF-Announce and rfc-dist lists.
> To subscribe or unsubscribe, see
>  
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i
> etf.org%2fmailman%2flistinfo%2fietf-announce&data=01%7c01%7cMichael.Jo
> nes%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f14
> 1af91ab2d7cd011db47%7c1&sdata=aGciLH4fsxKJ6MUO%2fPp6BMj3JFJ37oTjdaSJ5t
> WbEkg%3d
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmailm
> an.rfc-editor.org%2fmailman%2flistinfo%2frfc-dist&data=01%7c01%7cMicha
> el.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf
> 86f141af91ab2d7cd011db47%7c1&sdata=agec9juMh0Zzn1mrY6avpBrLPlFfCs8zsyx
> 8bSLgDdc%3d
> 
> For searching the RFC series, see
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r
> fc-editor.org%2fsearch&data=01%7c01%7cMichael.Jones%40microsoft.com%7c
> 9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c
> 1&sdata=veVw3wrA9Wz6CWTUfVTLCKAdduFgUDkiaabcuqFyRxc%3d
> For downloading RFCs, see
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r
> fc-editor.org%2frfc.html&data=01%7c01%7cMichael.Jones%40microsoft.com%
> 7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%
> 7c1&sdata=93atgoSh8enZBPOxNfMophuutPvidnrfoMxOc0XmjS8%3d
> 
> Requests for special distribution should be addressed to either the 
> author of the RFC in question, or to rfc-editor@rfc-editor.org.
> Unless specifically noted otherwise on the RFC itself, all RFCs are 
> for unlimited distribution.
> 
> 
> The RFC Editor Team
> Association Management Solutions, LLC
> 
> 
> 
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i
> etf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40mi
> crosoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2
> d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%
> 3d

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%3d

v2.23.0 | Report a Bug | By Email