Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
William Mills <wmills@yahoo-inc.com> Thu, 27 January 2011 06:37 UTC
Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9DD443A6AF3 for <oauth@core3.amsl.com>; Wed, 26 Jan 2011 22:37:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.369
X-Spam-Level:
X-Spam-Status: No, score=-17.369 tagged_above=-999 required=5 tests=[AWL=-0.105, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, NO_RDNS_DOTCOM_HELO=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K2ARmVvaRJ3E for <oauth@core3.amsl.com>; Wed, 26 Jan 2011 22:37:12 -0800 (PST)
Received: from mrout2-b.corp.re1.yahoo.com (mrout2-b.corp.re1.yahoo.com [69.147.107.21]) by core3.amsl.com (Postfix) with ESMTP id 853C93A6AED for <oauth@ietf.org>; Wed, 26 Jan 2011 22:37:12 -0800 (PST)
Received: from SP2-EX07CAS04.ds.corp.yahoo.com (sp2-ex07cas04.corp.sp2.yahoo.com [98.137.59.5]) by mrout2-b.corp.re1.yahoo.com (8.14.4/8.14.4/y.out) with ESMTP id p0R6dnIu028315; Wed, 26 Jan 2011 22:39:50 -0800 (PST)
Received: from SP2-EX07VS06.ds.corp.yahoo.com ([98.137.59.24]) by SP2-EX07CAS04.ds.corp.yahoo.com ([98.137.59.5]) with mapi; Wed, 26 Jan 2011 22:39:49 -0800
From: William Mills <wmills@yahoo-inc.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>, Marius Scurtescu <mscurtescu@google.com>
Date: Wed, 26 Jan 2011 22:39:55 -0800
Thread-Topic: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
Thread-Index: Acu9ogeRAwlXT0bpQq61uKkqcPiAygACe9PAAACUY8AACOWwUAAGwYCg
Message-ID: <FFDFD7371D517847AD71FBB08F9A31563848E7CFA4@SP2-EX07VS06.ds.corp.yahoo.com>
References: <20110121004501.28103.96097.idtracker@localhost> <90C41DD21FB7C64BB94121FBBC2E723445A8D61C8E@P3PW5EX1MB01.EX1.SECURESERVER.NET> <90C41DD21FB7C64BB94121FBBC2E723445A8D61CBA@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTimzOErQhT_gjdQrcawVgfsnr_2RVtTOYRoP-fcR@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723445A8D62545@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTi=doUBwOyvZx+GyJSB7N19hpQEE-UqAfQ1F-xSv@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723445A8D6275A@P3PW5EX1MB01.EX1.SECURESERVER.NET> <FFDFD7371D517847AD71FBB08F9A31563848E7CF15@SP2-EX07VS06.ds.corp.yahoo.com> <90C41DD21FB7C64BB94121FBBC2E723445A8D627C5@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723445A8D627C5@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Jan 2011 06:37:15 -0000
Well, I guess I better get going with the SASL thing and get a working implementation done based on -12 and the bearer token spec. > -----Original Message----- > From: Eran Hammer-Lahav [mailto:eran@hueniverse.com] > Sent: Wednesday, January 26, 2011 7:27 PM > To: William Mills; Marius Scurtescu > Cc: oauth@ietf.org > Subject: RE: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt > > This is a good example of why this is currently out of scope. We have > little to no implementation experience with such a setup. > > EHL > > > -----Original Message----- > > From: William Mills [mailto:wmills@yahoo-inc.com] > > Sent: Wednesday, January 26, 2011 3:17 PM > > To: Eran Hammer-Lahav; Marius Scurtescu > > Cc: oauth@ietf.org > > Subject: RE: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt > > > > Actually I was envisioning a situation where you have multiple > possibly > > disparate endpoints that rely on authenticator like Google or Yahoo. > One > > company decides they want to allow federated login and accept SAML > > assertions, another accepts bearer, yet a 3rd IMAP server accepts > both some > > form of signed auth and bearer. I think discovery for a service > should allow > > the service to specify the type(s) of auth accepted and the client > can choose > > one that it supports and pass that on to the token server. The > resource > > server has to know what auth types are supported by the token server. > I > > would rather have this explicit in the discovery information and > support > > multiple types in the same SASL mechanism than have to offer N > > mechanisms (or 2N if channel binding is in play). > > > > > -----Original Message----- > > > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On > Behalf > > > Of Eran Hammer-Lahav > > > Sent: Wednesday, January 26, 2011 2:58 PM > > > To: Marius Scurtescu > > > Cc: oauth@ietf.org > > > Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt > > > > > > > > > > > > > -----Original Message----- > > > > From: Marius Scurtescu [mailto:mscurtescu@google.com] > > > > Sent: Wednesday, January 26, 2011 1:43 PM > > > > To: Eran Hammer-Lahav > > > > Cc: oauth@ietf.org > > > > Subject: Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt > > > > > > > >> 1. The token_type parameter is required in responses from the > > > server. > > > > >> If the server supports multiple formats, which one will be > used? > > > In > > > > >> this case, would it make sense to allow the client to request > a > > > specific > > > > format? > > > > >> > > > > >> For example, if the authorization server supports both MAC and > > > > >> BEARER, which one will the server issue? > > > > > > > > > > It might in some cases, but I suspect most providers are going > to > > > decide > > > > which scheme provides the right level of security for them and > just > > > use that. > > > > If you are going to allow both MAC and BEARER, you are basically > > > letting > > > > clients decide which level to operate at. Do you have a need or > plan > > > to > > > > support multiple token types? > > > > > > > > For now we are planning to support only bearer, but I am sure > some > > > form of > > > > signed tokens will follow sooner than later. At which point we > would > > > have to > > > > support both. > > > > > > > > In most cases I think it is up to the client to decide. > > > > > > Interesting. Given that you are not planning on supporting this in > the > > > near future, I think we should wait until there is more deployment > > > experience in allowing the client to negotiate the token type. But > of > > > course, you are welcome to submit a proposal for inclusion on the > WG > > > new charter. > > > > > > EHL > > > _______________________________________________ > > > OAuth mailing list > > > OAuth@ietf.org > > > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.txt Internet-Drafts
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Mike Jones
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Mike Jones
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Anthony Nadalin
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Marius Scurtescu
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Justin Richer
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Justin Richer
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… William Mills
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Skylar Woodward
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Marius Scurtescu
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Marius Scurtescu
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Marius Scurtescu
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… William Mills
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Eran Hammer-Lahav
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… William Mills
- Re: [OAUTH-WG] I-D Action:draft-ietf-oauth-v2-12.… Richer, Justin P.