Re: [OAUTH-WG] Rechartering OAuth: New Charter Text

"Phil Hunt (IDM)" <phil.hunt@oracle.com> Fri, 15 January 2016 20:37 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D5451B3258 for <oauth@ietfa.amsl.com>; Fri, 15 Jan 2016 12:37:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1P9j-XKILQ6Z for <oauth@ietfa.amsl.com>; Fri, 15 Jan 2016 12:37:52 -0800 (PST)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3E241B3257 for <oauth@ietf.org>; Fri, 15 Jan 2016 12:37:52 -0800 (PST)
Received: from userv0021.oracle.com (userv0021.oracle.com [156.151.31.71]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id u0FKbn4h024942 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 15 Jan 2016 20:37:50 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userv0021.oracle.com (8.13.8/8.13.8) with ESMTP id u0FKbnBI001790 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Fri, 15 Jan 2016 20:37:49 GMT
Received: from abhmp0012.oracle.com (abhmp0012.oracle.com [141.146.116.18]) by aserv0122.oracle.com (8.13.8/8.13.8) with ESMTP id u0FKbnvd002956; Fri, 15 Jan 2016 20:37:49 GMT
Received: from [192.168.1.23] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 15 Jan 2016 12:37:49 -0800
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: "Phil Hunt (IDM)" <phil.hunt@oracle.com>
X-Mailer: iPhone Mail (13C75)
In-Reply-To: <56995365.6030401@gmx.net>
Date: Fri, 15 Jan 2016 12:37:47 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <14B41AE0-E8B6-4710-86D2-651E781B96F5@oracle.com>
References: <56995365.6030401@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Source-IP: userv0021.oracle.com [156.151.31.71]
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/6HqLfH8mnDumv6-QcArYkgWwICA>
Cc: Barry Leiba <barryleiba@computer.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Rechartering OAuth: New Charter Text
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Jan 2016 20:37:54 -0000

Hannes

I would like to propose a brief presentation on "events". While this might not end up being oauth wg activity, I think a lot of attendees may be interested. 

We might make this one of those if we have time topics. 

Phil

> On Jan 15, 2016, at 12:15, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> 
> Hi Barry,
> 
> as discussed today I am forwarding you the new charter text for the
> OAuth working group.
> 
> In parallel to the IESG processing this re-chartering request we will
> run a call for adoption to also update the milestone list at the same time.
> 
> Ciao
> Hannes & Derek
> 
> --------------------------
> 
> Charter Text
> 
> The Web Authorization (OAuth) protocol allows a user to grant a
> third-party Web site or application access to the user's protected
> resources, without necessarily revealing their long-term credentials,
> or even their identity. For example, a photo-sharing site that
> supports OAuth could allow its users to use a third-party printing Web
> site to print their private pictures, without allowing the printing
> site to gain full control of the user's account and without having the
> user share his or her photo-sharing sites' long-term credential with
> the printing site.
> 
> The OAuth 2.0 protocol suite already includes
> 
> * a procedure for enabling a client to register with an authorization
> server,
> * a protocol for obtaining authorization tokens from an authorization
> server with the resource owner's consent, and
> * protocols for presenting these authorization tokens to protected
> resources for access to a resource.
> 
> This protocol suite has been enhanced with functionality for
> interworking with legacy identity infrastructure (e.g., SAML), token
> revocation, token exchange, dynamic client registration, token
> introspection, a standardized token format with the JSON Web Token, and
> specifications that mitigate security attacks, such as Proof Key for
> Code Exchange.
> 
> The ongoing standardization efforts within the OAuth working group
> focus on increasing interoperability of OAuth deployments and to
> improve security. More specifically, the working group is defining proof
> of possession tokens, developing a discovery mechanism, providing
> guidance for the use of OAuth with native apps, re-introducing
> the device flow used by devices with limited user interfaces, additional
> security enhancements for clients communicating with multiple service
> providers, definition of claims used with JSON Web Tokens, techniques to
> mitigate open redirector attacks, as well as guidance on encoding state
> information.
> 
> For feedback and discussion about our specifications please
> subscribe to our public mailing list at <oauth AT ietf.org>.
> 
> For security related bug reports that relate to our specifications
> please contact <oauth-security-reports AT ietf.org>. If the reported
> bug report turns out to be implementation-specific we will attempt
> to forward it to the appropriate developers.
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth