Re: [OAUTH-WG] Paper for the W3C Identity in the Browser Workshop about OAuth
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 27 April 2011 16:30 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 687DAE076D for <oauth@ietfa.amsl.com>; Wed, 27 Apr 2011 09:30:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bkb3a4F7gSBV for <oauth@ietfa.amsl.com>; Wed, 27 Apr 2011 09:30:38 -0700 (PDT)
Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.23]) by ietfa.amsl.com (Postfix) with SMTP id 238E4E06C9 for <oauth@ietf.org>; Wed, 27 Apr 2011 09:30:37 -0700 (PDT)
Received: (qmail invoked by alias); 27 Apr 2011 16:30:36 -0000
Received: from 173-15-128-153-BusName-Philadelphia.hfc.comcastbusiness.net (EHLO [10.77.87.102]) [173.15.128.153] by mail.gmx.net (mp003) with SMTP; 27 Apr 2011 18:30:36 +0200
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+3XJpWewW3dMBKO7oYyFcJAGTadQ/ACEYMEmaQQP InPZpT0ZTubSBO
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723447537EA4B8@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Wed, 27 Apr 2011 19:30:28 +0300
Content-Transfer-Encoding: quoted-printable
Message-Id: <3931AD9E-5E3C-4B9F-82B6-9492339EFA2F@gmx.net>
References: <3D5EC4EE-74DB-47DC-8154-5B5ECA089E5C@gmx.net> <4DB83397.4080800@gmail.com> <90C41DD21FB7C64BB94121FBBC2E723447537EA4B8@P3PW5EX1MB01.EX1.SECURESERVER.NET>
To: Eran Hammer-Lahav <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1084)
X-Y-GMX-Trusted: 0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Paper for the W3C Identity in the Browser Workshop about OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2011 16:30:39 -0000
> I did find it amusing that the paper defines bearer token as a 'cryptographic approach'. I guess no crypto is in its way an approach :-). Well. It uses TLS as the underlying primitive. As such, it is a cryptographic mechanism. I know that we have different views about the pros & cons of the different approaches. Hence the past writeup about this aspect: http://tools.ietf.org/html/draft-tschofenig-oauth-signature-thoughts-00
- [OAUTH-WG] Paper for the W3C Identity in the Brow… Hannes Tschofenig
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Paul Madsen
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Dave Nelson
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Eran Hammer-Lahav
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Hannes Tschofenig
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Torsten Lodderstedt
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Paul Madsen
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Eran Hammer-Lahav
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Igor Faynberg
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Hannes Tschofenig
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Axel.Nennker
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Hannes Tschofenig
- Re: [OAUTH-WG] Paper for the W3C Identity in the … Anders Rundgren