Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
Mike Jones <Michael.Jones@microsoft.com> Tue, 01 September 2015 15:44 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60B811B4D02 for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 08:44:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o0TMOijNeR3H for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 08:44:14 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0146.outbound.protection.outlook.com [207.46.100.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C9601B3DA6 for <oauth@ietf.org>; Tue, 1 Sep 2015 08:44:14 -0700 (PDT)
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB411.namprd03.prod.outlook.com (10.141.141.22) with Microsoft SMTP Server (TLS) id 15.1.243.23; Tue, 1 Sep 2015 15:44:13 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0243.024; Tue, 1 Sep 2015 15:44:12 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Bill Mills <wimills@microsoft.com>, Phil Hunt <phil.hunt@oracle.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Thread-Topic: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
Thread-Index: AQHQ5Ir75W0PLpZNOkaEhwVtHuhg4J4nyH8AgAAH7bA=
Date: Tue, 01 Sep 2015 15:44:12 +0000
Message-ID: <BY2PR03MB442A1C544C1DE1B7608E971F56A0@BY2PR03MB442.namprd03.prod.outlook.com>
References: <20150901045617.CB44D187A98@rfc-editor.org> <55E544A6.3050203@gmx.net> <514ABD00-586C-4ABC-A867-698CBC50DA79@oracle.com>
In-Reply-To: <514ABD00-586C-4ABC-A867-698CBC50DA79@oracle.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [50.47.89.201]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB411; 5:Bgxe/s1Bg1hD9n3cMHHtWdudCBNPrADo86iI4vtBS32MNeBQ5sbZqeRQ7cAZU9vI/0DoEXrX42rLg9gBhD56p4fjrfpQfZvU5bBmjWfxNSSc1Q+/L5OdDWRwdsj3WQwkwcE7wxGz6SJourLbEUwz3Q==; 24:nc17m5D9dqN/cWZ2wZomOTj+got/Lu02MwUARipN6j91UiOuee+wgLIMnlrJQvFagc993ceczMatQcLL15B5dZxooUVFhTU6DCK1ovwLhGg=; 20:bzK/2dgjkIYyeymXWZ7eusuWeBocn9yGB93DeBb+VwoMBmk9jpLfZhp60AFT8xaxAFPqM9sE+OP3JtYx1iiGnQ==
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(42134001)(42139001); SRVR:BY2PR03MB411;
x-microsoft-antispam-prvs: <BY2PR03MB41120CDC0C92F584E16B347F56A0@BY2PR03MB411.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401001)(8121501046)(5005006)(3002001); SRVR:BY2PR03MB411; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB411;
x-forefront-prvs: 06860EDC7B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(2473001)(15594002)(189002)(69234005)(377454003)(13464003)(24454002)(199003)(86612001)(74316001)(33656002)(19580395003)(19580405001)(5002640100001)(5880100001)(2656002)(5001960100002)(189998001)(5003600100002)(5001830100001)(64706001)(4001540100001)(551544002)(5007970100001)(5004730100002)(81156007)(97736004)(5001860100001)(105586002)(5001770100001)(106116001)(575784001)(99286002)(106356001)(86362001)(15975445007)(2421001)(102836002)(10090500001)(87936001)(77096005)(68736005)(62966003)(46102003)(5005710100001)(10290500002)(10400500002)(8990500004)(101416001)(50986999)(66066001)(54356999)(76176999)(92566002)(2561002)(122556002)(40100003)(2950100001)(76576001)(2900100001)(1511001)(77156002)(24704002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB411; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Sep 2015 15:44:12.3693 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB411
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/8LuK5W9AqxWVSXJU8MFWT7fXhUQ>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 15:44:16 -0000
Congratulations, Bill! -----Original Message----- From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Phil Hunt Sent: Tuesday, September 01, 2015 8:14 AM To: Hannes Tschofenig Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth +1 ! Phil > On Aug 31, 2015, at 23:24, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: > > FYI: Thanks to Bill for the hard work! > > -------- Forwarded Message -------- > Subject: RFC 7628 on A Set of Simple Authentication and Security Layer > (SASL) Mechanisms for OAuth > Date: Mon, 31 Aug 2015 21:56:17 -0700 (PDT) > From: rfc-editor@rfc-editor.org > Reply-To: ietf@ietf.org > To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org > CC: kitten@ietf.org, drafts-update-ref@iana.org, > rfc-editor@rfc-editor.org > > A new Request for Comments is now available in online RFC libraries. > > > RFC 7628 > > Title: A Set of Simple Authentication > and Security Layer (SASL) Mechanisms > for OAuth > Author: W. Mills, T. Showalter, H. Tschofenig > Status: Standards Track > Stream: IETF > Date: August 2015 > Mailbox: wmills_92105@yahoo.com, > tjs@psaux.com, > Hannes.Tschofenig@gmx.net > Pages: 21 > Characters: 46408 > Updates/Obsoletes/SeeAlso: None > > I-D Tag: draft-ietf-kitten-sasl-oauth-23.txt > > URL: https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.rfc-editor.org%2finfo%2frfc7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=J1hIDrCTw8Xi1hMvg3ZaZ1xvdEFhol3BqHt2q6u6VWg%3d > > DOI: https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdx.doi.org%2f10.17487%2fRFC7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fQVXZSXwbGDS7YVQ446RDFuPUxHNoLLwedzfrx0xKUE%3d > > OAuth enables a third-party application to obtain limited access to a > protected resource, either on behalf of a resource owner by > orchestrating an approval interaction or by allowing the third-party > application to obtain access on its own behalf. > > This document defines how an application client uses credentials > obtained via OAuth over the Simple Authentication and Security Layer > (SASL) to access a protected resource at a resource server. Thereby, > it enables schemes defined within the OAuth framework for > non-HTTP-based application protocols. > > Clients typically store the user's long-term credential. This does, > however, lead to significant security vulnerabilities, for example, > when such a credential leaks. A significant benefit of OAuth for > usage in those clients is that the password is replaced by a shared > secret with higher entropy, i.e., the token. Tokens typically provide > limited access rights and can be managed and revoked separately from > the user's long-term password. > > This document is a product of the Common Authentication Technology > Next Generation Working Group of the IETF. > > This is now a Proposed Standard. > > STANDARDS TRACK: This document specifies an Internet Standards Track > protocol for the Internet community, and requests discussion and > suggestions for improvements. Please refer to the current edition of > the Official Internet Protocol Standards > (https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww. > rfc-editor.org%2fstandards&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=7JPZiamj4nhqHgthEPDIzgpqkvR%2fAA6bj4Ck5vijFPU%3d) for the standardization state and status of this protocol. Distribution of this memo is unlimited. > > This announcement is sent to the IETF-Announce and rfc-dist lists. > To subscribe or unsubscribe, see > > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i > etf.org%2fmailman%2flistinfo%2fietf-announce&data=01%7c01%7cMichael.Jo > nes%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f14 > 1af91ab2d7cd011db47%7c1&sdata=aGciLH4fsxKJ6MUO%2fPp6BMj3JFJ37oTjdaSJ5t > WbEkg%3d > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmailm > an.rfc-editor.org%2fmailman%2flistinfo%2frfc-dist&data=01%7c01%7cMicha > el.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf > 86f141af91ab2d7cd011db47%7c1&sdata=agec9juMh0Zzn1mrY6avpBrLPlFfCs8zsyx > 8bSLgDdc%3d > > For searching the RFC series, see > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r > fc-editor.org%2fsearch&data=01%7c01%7cMichael.Jones%40microsoft.com%7c > 9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c > 1&sdata=veVw3wrA9Wz6CWTUfVTLCKAdduFgUDkiaabcuqFyRxc%3d > For downloading RFCs, see > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r > fc-editor.org%2frfc.html&data=01%7c01%7cMichael.Jones%40microsoft.com% > 7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47% > 7c1&sdata=93atgoSh8enZBPOxNfMophuutPvidnrfoMxOc0XmjS8%3d > > Requests for special distribution should be addressed to either the > author of the RFC in question, or to rfc-editor@rfc-editor.org. > Unless specifically noted otherwise on the RFC itself, all RFCs are > for unlimited distribution. > > > The RFC Editor Team > Association Management Solutions, LLC > > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i > etf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40mi > crosoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2 > d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU% > 3d _______________________________________________ OAuth mailing list OAuth@ietf.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%3d
- [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authe… Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Phil Hunt
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Mike Jones
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Torsten Lodderstedt
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Bill Mills
- Re: [OAUTH-WG] RFC 7628 on A Set of Simple Authen… Justin Richer
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Bill Mills