Re: [OAUTH-WG] End User Authentication using OAuth 2.0
Antonio Sanso <asanso@adobe.com> Mon, 03 November 2014 19:27 UTC
Return-Path: <asanso@adobe.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A1671A7030 for <oauth@ietfa.amsl.com>; Mon, 3 Nov 2014 11:27:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fF21xKbDe0oK for <oauth@ietfa.amsl.com>; Mon, 3 Nov 2014 11:27:49 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0075.outbound.protection.outlook.com [65.55.169.75]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5632A1A6F84 for <oauth@ietf.org>; Mon, 3 Nov 2014 11:27:49 -0800 (PST)
Received: from CO1PR02MB206.namprd02.prod.outlook.com (10.242.165.144) by CO1PR02MB208.namprd02.prod.outlook.com (10.242.165.150) with Microsoft SMTP Server (TLS) id 15.1.6.9; Mon, 3 Nov 2014 19:27:47 +0000
Received: from CO1PR02MB206.namprd02.prod.outlook.com ([169.254.8.152]) by CO1PR02MB206.namprd02.prod.outlook.com ([169.254.8.152]) with mapi id 15.01.0006.000; Mon, 3 Nov 2014 19:27:47 +0000
From: Antonio Sanso <asanso@adobe.com>
To: Justin Richer <jricher@MIT.EDU>
Thread-Topic: [OAUTH-WG] End User Authentication using OAuth 2.0
Thread-Index: AQHP9x71zAwS6m0nPUeLvKL4nUyT1ZxPSweA
Date: Mon, 03 Nov 2014 19:27:46 +0000
Message-ID: <5C8B0A4B-6003-434B-9621-234FA3EA7F2A@adobe.com>
References: <545704EE.8080200@mit.edu>
In-Reply-To: <545704EE.8080200@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.147.117.11]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:CO1PR02MB208;
x-exchange-antispam-report-test: UriScan:;
x-forefront-prvs: 0384275935
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(189002)(24454002)(377454003)(199003)(11905935001)(51704005)(46102003)(122556002)(92726001)(40100003)(87936001)(99396003)(15202345003)(64706001)(92566001)(2171001)(36756003)(66066001)(77096003)(62966003)(2656002)(86362001)(105586002)(106356001)(120916001)(101416001)(20776003)(50986999)(19580395003)(76176999)(107046002)(95666004)(99286002)(106116001)(31966008)(82746002)(54356999)(15395725005)(19580405001)(15975445006)(83716003)(21056001)(33656002)(4396001)(77156002)(97736003)(104396001); DIR:OUT; SFP:1101; SCL:1; SRVR:CO1PR02MB208; H:CO1PR02MB206.namprd02.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <41D631A287017B449C67EED242205C41@namprd02.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/8oZYVSMe8ws3tD57nuFS9FsAR6E
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] End User Authentication using OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Nov 2014 19:27:51 -0000
nice stuff Justin. Little nitpicking: is just me or this sounds a bit weird "signed by the identity provider's public key” ? regards antonio On Nov 3, 2014, at 5:30 AM, Justin Richer <jricher@MIT.EDU> wrote: > As of earlier this evening, I've published the article that we've been working on about dealing with OAuth and end-user authentication. It's available here: > > http://oauth.net/articles/authentication/ > > Huge thanks to everyone who commented on the text, both here on the list and last week at IIW. If there are edits to be made, either reply here or just make a pull request directly from GitHub. It's not an RFC, we can keep editing it. :) > > In the process of putting this together for the site, I also created an "Articles" structure on the site so that if there are other topics we want to add, we (the community, not just the WG) can do so. > > -- Justin > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] End User Authentication using OAuth 2.0 Justin Richer
- Re: [OAUTH-WG] End User Authentication using OAut… Sergey Beryozkin
- Re: [OAUTH-WG] End User Authentication using OAut… Antonio Sanso
- Re: [OAUTH-WG] End User Authentication using OAut… Antonio Sanso
- Re: [OAUTH-WG] End User Authentication using OAut… John Bradley