Re: [OAUTH-WG] Rechartering

Mike Jones <Michael.Jones@microsoft.com> Thu, 20 October 2011 19:45 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CFBB21F84DF for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 12:45:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.148
X-Spam-Level:
X-Spam-Status: No, score=-10.148 tagged_above=-999 required=5 tests=[AWL=0.451, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onEqxqhetUG5 for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 12:45:42 -0700 (PDT)
Received: from smtp.microsoft.com (mailb.microsoft.com [131.107.115.215]) by ietfa.amsl.com (Postfix) with ESMTP id D4A6C21F84C2 for <oauth@ietf.org>; Thu, 20 Oct 2011 12:45:42 -0700 (PDT)
Received: from TK5EX14HUBC104.redmond.corp.microsoft.com (157.54.80.25) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 20 Oct 2011 12:45:42 -0700
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.243]) by TK5EX14HUBC104.redmond.corp.microsoft.com ([157.54.80.25]) with mapi id 14.01.0339.002; Thu, 20 Oct 2011 12:45:42 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, OAuth WG <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Rechartering
Thread-Index: AQHMjuZXC/llWGbx10K50cRi4wxHDZWFlltggAAMDYCAAAEiUA==
Date: Thu, 20 Oct 2011 19:45:42 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739435C24DBA0@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <725EAF50-3A82-4AAE-8C60-6D4C4AE52A79@gmx.net> <4E1F6AAD24975D4BA5B16804296739435C24DA48@TK5EX14MBXC283.redmond.corp.microsoft.com> <90C41DD21FB7C64BB94121FBBC2E723452631E9186@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723452631E9186@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Rechartering
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 19:45:43 -0000

Because it's intended for (and used for) discovery of OAuth endpoints...

-----Original Message-----
From: Eran Hammer-Lahav [mailto:eran@hueniverse.com] 
Sent: Thursday, October 20, 2011 12:42 PM
To: Mike Jones; Hannes Tschofenig; OAuth WG
Subject: RE: [OAUTH-WG] Rechartering

What possible rational is there for SWD to belong in the OAuth working group and in the security area?

EHL

> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf 
> Of Mike Jones
> Sent: Thursday, October 20, 2011 12:12 PM
> To: Hannes Tschofenig; OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering
> 
> Thanks, Hannes.  Here's my prioritized list of new work:
> 
> 1.  JSON Web Token (JWT)
> 2.  Simple Web Discovery (SWD)
> 3.  JSON Web Token (JWT) Bearer Token Profile 4.  Token Revocation
> 
> My prioritized list of existing work items to complete after the core 
> and bearer specs are:
> 
> A.  Assertions Specification
> B.  SAML Bearer Token Profile
> 
> I am ambivalent about whether the working group takes on most of the 
> other work items.
> 
> Responding to Eran's comments on SWD versus host-meta, these specs 
> have significantly different goals and use substantially different 
> mechanisms with different privacy characteristics.  Also, if you 
> compare the relative complexity of the example at 
> http://tools.ietf.org/html/draft-hammer-hostmeta-
> 17#appendix-A versus the example at 
> http://tools.ietf.org/html/draft-jones-
> simple-web-discovery-01#section-1, you can see why SWD was chosen for 
> use in OpenID Connect to discover OAuth authorization and resource 
> server endpoints.
> 
> 				-- Mike
> 
> -----Original Message-----
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf 
> Of Hannes Tschofenig
> Sent: Wednesday, October 19, 2011 10:09 PM
> To: OAuth WG
> Subject: [OAUTH-WG] Rechartering
> 
> Hi all,
> 
> in preparation of the upcoming IETF meeting Barry and I would like to 
> start a re-chartering discussion.  We both are currently attending the 
> Internet Identity Workshop and so we had the chance to solicit input 
> from the participants. This should serve as a discussion starter.
> 
> Potential future OAuth charter items (in random order):
> 
> ----------------
> 
> 1) Dynamic Client Registration Protocol
> 
> Available document:
> http://datatracker.ietf.org/doc/draft-hardjono-oauth-dynreg/
> 
> 2) Token Revocation
> 
> Available document:
> http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/
> 
> 3) UMA
> 
> Available document:
> http://datatracker.ietf.org/doc/draft-hardjono-oauth-umacore/
> 
> 4) Client Instance Extension
> 
> Available document:
> http://tools.ietf.org/id/draft-richer-oauth-instance-00.txt
> 
> 5) XML Encoding
> 
> Available document:
> http://tools.ietf.org/id/draft-richer-oauth-xml-00.txt
> 
> 6) JSON Web Token
> 
> Available document:
> http://tools.ietf.org/html/draft-jones-json-web-token-05
> 
> 7) JSON Web Token (JWT) Bearer Profile
> 
> Available document:
> http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-00
> 
> 8) User Experience Extension
> 
> Available document:
> http://tools.ietf.org/html/draft-recordon-oauth-v2-ux-00
> 
> 9) Request by Reference
> 
> Available document:
> http://tools.ietf.org/html/draft-sakimura-oauth-requrl-00
> 
> 10) Simple Web Discovery
> 
> Available document:
> http://tools.ietf.org/html/draft-jones-simple-web-discovery-00
> 
> ----------------
> 
> We have the following questions:
> 
> a) Are you interested in any of the above-listed items? (as a 
> reviewer, co- author, implementer, or someone who would like to 
> deploy). It is also useful to know if you think that we shouldn't work on a specific item.
> 
> b) Are there other items you would like to see the group working on?
> 
> Note: In case your document is expired please re-submit it.
> 
> Ciao
> Hannes & Barry
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth