IETF Logo Mail Archive

Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth Token Introspection" as an OAuth Working Group Item

George Fletcher <gffletch@aol.com> Wed, 30 July 2014 13:37 UTC

Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FE6B1A0058 for <oauth@ietfa.amsl.com>; Wed, 30 Jul 2014 06:37:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.9
X-Spam-Level:
X-Spam-Status: No, score=-0.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DuV-mWPqIW0t for <oauth@ietfa.amsl.com>; Wed, 30 Jul 2014 06:37:46 -0700 (PDT)
Received: from omr-m09.mx.aol.com (omr-m09.mx.aol.com [64.12.143.82]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C2AE1A004E for <oauth@ietf.org>; Wed, 30 Jul 2014 06:37:45 -0700 (PDT)
Received: from mtaout-aan02.mx.aol.com (mtaout-aan02.mx.aol.com [172.27.19.78]) by omr-m09.mx.aol.com (Outbound Mail Relay) with ESMTP id 85981702ACBC9; Wed, 30 Jul 2014 09:37:44 -0400 (EDT)
Received: from [10.181.176.18] (unknown [10.181.176.18]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mtaout-aan02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 1FF69380000A4; Wed, 30 Jul 2014 09:37:44 -0400 (EDT)
Message-ID: <53D8F528.5030307@aol.com>
Date: Wed, 30 Jul 2014 09:37:44 -0400
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Justin Richer <jricher@MIT.EDU>, Mike Jones <Michael.Jones@microsoft.com>, Phil Hunt <phil.hunt@oracle.com>, Thomas Broyer <t.broyer@gmail.com>
References: <53D6895F.4050104@gmx.net> <CAEayHEM+pqDqv1qx=Z-qhNuYM-s2cV0z=sQb_FAJaGwcLpq_rQ@mail.gmail.com> <20A36D56-D581-4EDE-9DEA-D3F9C48AD20B@oracle.com> <53D81F2C.2060700@aol.com> <4E1F6AAD24975D4BA5B16804296739439ADF77B2@TK5EX14MBXC293.redmond.corp.microsoft.com> <53D841D3.6020505@mit.edu>
In-Reply-To: <53D841D3.6020505@mit.edu>
Content-Type: multipart/alternative; boundary="------------080904020403090301000708"
x-aol-global-disposition: G
X-AOL-VSS-INFO: 5600.1067/98281
X-AOL-VSS-CODE: clean
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20140625; t=1406727464; bh=y2FwMyIDjleO/i2TumGF6JaQ7qjMl0aXW/IH6fPP4pA=; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; b=RztpARSzvjXwvIn6c4VSyVeDY29Fj8iRz9C11iyIytxKWHhEGly3zqauQRIwnEoKY junUK9fEBylm/B6FEPsyL0EkWk4yJ9k2fmMen3F3ZdVlq32+CYXTWdTXTDI72iK7ny MlZtgz350+rFfKQjvRq7DbUzM7Gk43FiHEqb06Jk=
x-aol-sid: 3039ac1b134e53d8f5284173
X-AOL-IP: 10.181.176.18
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/6ygghts7SCQWChO2pPyRZg_jH4g
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth Token Introspection" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 13:37:48 -0000

+100 :)

On 7/29/14, 8:52 PM, Justin Richer wrote:
> Reading through this thread, it appears very clear to me that the use 
> cases are very well established by a number of existing implementers 
> who want to work together to build a common standard. I see no reason 
> to delay the work artificially by creating a use case document when 
> such a vast array of understanding and interest already exists. Any 
> use cases and explanations of applications are welcome to be added to 
> the working group draft as it progresses.
>
>  -- Justin
>
>
> On 7/29/2014 8:16 PM, Mike Jones wrote:
>>
>> Did you consider standardizing the access token format within that 
>> deployment so all the parties that needed to could understand it, 
>> rather requiring an extra round trip to an introspection endpoint so 
>> as to be able to understand things about it?
>>
>> I realize that might or might not be practical in some cases, but I 
>> haven’t heard that alternative discussed, so I thought I’d bring it up.
>>
>> I also second Phil’s comment that it would be good to understand the 
>> use cases that this is intended to solve before embarking on a 
>> particular solution path.
>>
>> -- Mike
>>
>> *From:*OAuth [mailto:oauth-bounces@ietf.org] *On Behalf Of *George 
>> Fletcher
>> *Sent:* Tuesday, July 29, 2014 3:25 PM
>> *To:* Phil Hunt; Thomas Broyer
>> *Cc:* oauth@ietf.org
>> *Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 
>> Token Introspection" as an OAuth Working Group Item
>>
>> We also have a use case where the AS is provided by a partner and the 
>> RS is provided by AOL. Being able to have a standardized way of 
>> validating and getting data about the token from the AS would make 
>> our implementation much simpler as we can use the same mechanism for 
>> all Authorization Servers and not have to implement one off solutions 
>> for each AS.
>>
>> Thanks,
>> George
>>
>> On 7/28/14, 8:11 PM, Phil Hunt wrote:
>>
>>     Could we have some discussion on the interop cases?
>>
>>     Is it driven by scenarios where AS and resource are separate
>>     domains? Or may this be only of interest to specific protocols
>>     like UMA?
>>
>>     From a technique principle, the draft is important and sound. I
>>     am just not there yet on the reasons for an interoperable standard.
>>
>>     Phil
>>
>>
>>     On Jul 28, 2014, at 17:00, Thomas Broyer <t.broyer@gmail.com
>>     <mailto:t.broyer@gmail.com>> wrote:
>>
>>         Yes. This spec is of special interest to the platform we're
>>         building for http://www.oasis-eu.org/
>>
>>         On Mon, Jul 28, 2014 at 7:33 PM, Hannes Tschofenig
>>         <hannes.tschofenig@gmx.net
>>         <mailto:hannes.tschofenig@gmx.net>> wrote:
>>
>>         Hi all,
>>
>>         during the IETF #90 OAuth WG meeting, there was strong
>>         consensus in
>>         adopting the "OAuth Token Introspection"
>>         (draft-richer-oauth-introspection-06.txt) specification as an
>>         OAuth WG
>>         work item.
>>
>>         We would now like to verify the outcome of this call for
>>         adoption on the
>>         OAuth WG mailing list. Here is the link to the document:
>>         http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/
>>
>>         If you did not hum at the IETF 90 OAuth WG meeting, and have
>>         an opinion
>>         as to the suitability of adopting this document as a WG work
>>         item,
>>         please send mail to the OAuth WG list indicating your opinion
>>         (Yes/No).
>>
>>         The confirmation call for adoption will last until August 10,
>>         2014.  If
>>         you have issues/edits/comments on the document, please send these
>>         comments along to the list in your response to this Call for
>>         Adoption.
>>
>>         Ciao
>>         Hannes & Derek
>>
>>
>>         _______________________________________________
>>         OAuth mailing list
>>         OAuth@ietf.org <mailto:OAuth@ietf.org>
>>         https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>>         -- 
>>         Thomas Broyer
>>         /tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/>
>>
>>         _______________________________________________
>>         OAuth mailing list
>>         OAuth@ietf.org <mailto:OAuth@ietf.org>
>>         https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>>
>>     _______________________________________________
>>
>>     OAuth mailing list
>>
>>     OAuth@ietf.org  <mailto:OAuth@ietf.org>
>>
>>     https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>

-- 
George Fletcher <http://connect.me/gffletch>

v2.23.0 | Report a Bug | By Email