Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth Token Introspection" as an OAuth Working Group Item
George Fletcher <gffletch@aol.com> Wed, 30 July 2014 13:37 UTC
Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FE6B1A0058 for <oauth@ietfa.amsl.com>; Wed, 30 Jul 2014 06:37:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.9
X-Spam-Level:
X-Spam-Status: No, score=-0.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DuV-mWPqIW0t for <oauth@ietfa.amsl.com>; Wed, 30 Jul 2014 06:37:46 -0700 (PDT)
Received: from omr-m09.mx.aol.com (omr-m09.mx.aol.com [64.12.143.82]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C2AE1A004E for <oauth@ietf.org>; Wed, 30 Jul 2014 06:37:45 -0700 (PDT)
Received: from mtaout-aan02.mx.aol.com (mtaout-aan02.mx.aol.com [172.27.19.78]) by omr-m09.mx.aol.com (Outbound Mail Relay) with ESMTP id 85981702ACBC9; Wed, 30 Jul 2014 09:37:44 -0400 (EDT)
Received: from [10.181.176.18] (unknown [10.181.176.18]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mtaout-aan02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 1FF69380000A4; Wed, 30 Jul 2014 09:37:44 -0400 (EDT)
Message-ID: <53D8F528.5030307@aol.com>
Date: Wed, 30 Jul 2014 09:37:44 -0400
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Justin Richer <jricher@MIT.EDU>, Mike Jones <Michael.Jones@microsoft.com>, Phil Hunt <phil.hunt@oracle.com>, Thomas Broyer <t.broyer@gmail.com>
References: <53D6895F.4050104@gmx.net> <CAEayHEM+pqDqv1qx=Z-qhNuYM-s2cV0z=sQb_FAJaGwcLpq_rQ@mail.gmail.com> <20A36D56-D581-4EDE-9DEA-D3F9C48AD20B@oracle.com> <53D81F2C.2060700@aol.com> <4E1F6AAD24975D4BA5B16804296739439ADF77B2@TK5EX14MBXC293.redmond.corp.microsoft.com> <53D841D3.6020505@mit.edu>
In-Reply-To: <53D841D3.6020505@mit.edu>
Content-Type: multipart/alternative; boundary="------------080904020403090301000708"
x-aol-global-disposition: G
X-AOL-VSS-INFO: 5600.1067/98281
X-AOL-VSS-CODE: clean
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20140625; t=1406727464; bh=y2FwMyIDjleO/i2TumGF6JaQ7qjMl0aXW/IH6fPP4pA=; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; b=RztpARSzvjXwvIn6c4VSyVeDY29Fj8iRz9C11iyIytxKWHhEGly3zqauQRIwnEoKY junUK9fEBylm/B6FEPsyL0EkWk4yJ9k2fmMen3F3ZdVlq32+CYXTWdTXTDI72iK7ny MlZtgz350+rFfKQjvRq7DbUzM7Gk43FiHEqb06Jk=
x-aol-sid: 3039ac1b134e53d8f5284173
X-AOL-IP: 10.181.176.18
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/6ygghts7SCQWChO2pPyRZg_jH4g
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth Token Introspection" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 13:37:48 -0000
+100 :) On 7/29/14, 8:52 PM, Justin Richer wrote: > Reading through this thread, it appears very clear to me that the use > cases are very well established by a number of existing implementers > who want to work together to build a common standard. I see no reason > to delay the work artificially by creating a use case document when > such a vast array of understanding and interest already exists. Any > use cases and explanations of applications are welcome to be added to > the working group draft as it progresses. > > -- Justin > > > On 7/29/2014 8:16 PM, Mike Jones wrote: >> >> Did you consider standardizing the access token format within that >> deployment so all the parties that needed to could understand it, >> rather requiring an extra round trip to an introspection endpoint so >> as to be able to understand things about it? >> >> I realize that might or might not be practical in some cases, but I >> haven’t heard that alternative discussed, so I thought I’d bring it up. >> >> I also second Phil’s comment that it would be good to understand the >> use cases that this is intended to solve before embarking on a >> particular solution path. >> >> -- Mike >> >> *From:*OAuth [mailto:oauth-bounces@ietf.org] *On Behalf Of *George >> Fletcher >> *Sent:* Tuesday, July 29, 2014 3:25 PM >> *To:* Phil Hunt; Thomas Broyer >> *Cc:* oauth@ietf.org >> *Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth >> Token Introspection" as an OAuth Working Group Item >> >> We also have a use case where the AS is provided by a partner and the >> RS is provided by AOL. Being able to have a standardized way of >> validating and getting data about the token from the AS would make >> our implementation much simpler as we can use the same mechanism for >> all Authorization Servers and not have to implement one off solutions >> for each AS. >> >> Thanks, >> George >> >> On 7/28/14, 8:11 PM, Phil Hunt wrote: >> >> Could we have some discussion on the interop cases? >> >> Is it driven by scenarios where AS and resource are separate >> domains? Or may this be only of interest to specific protocols >> like UMA? >> >> From a technique principle, the draft is important and sound. I >> am just not there yet on the reasons for an interoperable standard. >> >> Phil >> >> >> On Jul 28, 2014, at 17:00, Thomas Broyer <t.broyer@gmail.com >> <mailto:t.broyer@gmail.com>> wrote: >> >> Yes. This spec is of special interest to the platform we're >> building for http://www.oasis-eu.org/ >> >> On Mon, Jul 28, 2014 at 7:33 PM, Hannes Tschofenig >> <hannes.tschofenig@gmx.net >> <mailto:hannes.tschofenig@gmx.net>> wrote: >> >> Hi all, >> >> during the IETF #90 OAuth WG meeting, there was strong >> consensus in >> adopting the "OAuth Token Introspection" >> (draft-richer-oauth-introspection-06.txt) specification as an >> OAuth WG >> work item. >> >> We would now like to verify the outcome of this call for >> adoption on the >> OAuth WG mailing list. Here is the link to the document: >> http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/ >> >> If you did not hum at the IETF 90 OAuth WG meeting, and have >> an opinion >> as to the suitability of adopting this document as a WG work >> item, >> please send mail to the OAuth WG list indicating your opinion >> (Yes/No). >> >> The confirmation call for adoption will last until August 10, >> 2014. If >> you have issues/edits/comments on the document, please send these >> comments along to the list in your response to this Call for >> Adoption. >> >> Ciao >> Hannes & Derek >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> -- >> Thomas Broyer >> /tɔ.ma.bʁwa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> >> _______________________________________________ >> >> OAuth mailing list >> >> OAuth@ietf.org <mailto:OAuth@ietf.org> >> >> https://www.ietf.org/mailman/listinfo/oauth >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > -- George Fletcher <http://connect.me/gffletch>
- [OAUTH-WG] Confirmation: Call for Adoption of "OA… Hannes Tschofenig
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Eve Maler
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Bill Mills
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Thomas Broyer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Phil Hunt
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Justin Richer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Phil Hunt
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Thomas Broyer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Justin Richer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Tirumaleswar Reddy (tireddy)
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Mark Dobrinic
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Paul Madsen
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Mike Jones
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Justin Richer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Bill Mills
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Justin Richer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Eve Maler
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Phil Hunt
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Thomas Broyer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… George Fletcher
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Phil Hunt
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Mike Jones
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Thomas Broyer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Mike Jones
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Justin Richer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Justin Richer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Phil Hunt
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Thomas Broyer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Phil Hunt
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Justin Richer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Anthony Nadalin
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Phil Hunt
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Eve Maler
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Tirumaleswar Reddy (tireddy)
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Thomas Broyer
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Sergey Beryozkin
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Sergey Beryozkin
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… John Bradley
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Sergey Beryozkin
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… John Bradley
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Sergey Beryozkin
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… George Fletcher
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… George Fletcher
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… George Fletcher
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… John Bradley
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Anthony Nadalin
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… John Bradley
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Brian Campbell