Re: [OAUTH-WG] New podcast on identity specifications

Denis <denis.ietf@free.fr> Wed, 23 September 2020 09:38 UTC

Return-Path: <denis.ietf@free.fr>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B6E03A0EED for <oauth@ietfa.amsl.com>; Wed, 23 Sep 2020 02:38:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.398, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYd1VZGz2CiQ for <oauth@ietfa.amsl.com>; Wed, 23 Sep 2020 02:38:20 -0700 (PDT)
Received: from smtp.smtpout.orange.fr (smtp05.smtpout.orange.fr [80.12.242.127]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21D083A0EE9 for <oauth@ietf.org>; Wed, 23 Sep 2020 02:38:19 -0700 (PDT)
Received: from [192.168.1.11] ([90.91.135.171]) by mwinf5d61 with ME id XMeE230023i31rN03MeEXN; Wed, 23 Sep 2020 11:38:15 +0200
X-ME-Helo: [192.168.1.11]
X-ME-Auth: ZGVuaXMucGlua2FzQG9yYW5nZS5mcg==
X-ME-Date: Wed, 23 Sep 2020 11:38:15 +0200
X-ME-IP: 90.91.135.171
To: Brian Campbell <bcampbell@pingidentity.com>, Vittorio Bertocci <vittorio.bertocci@auth0.com>
References: <MWHPR19MB150106AF452F2C06009E0239AE3A0@MWHPR19MB1501.namprd19.prod.outlook.com> <8dbb18c5-803e-b5a9-02b0-1152bd6ec7ed@connect2id.com>
Cc: Vladimir Dzhuvinov <vladimir@connect2id.com>, oauth@ietf.org
From: Denis <denis.ietf@free.fr>
Message-ID: <67453f19-025a-0a05-e5eb-f56ee4127646@free.fr>
Date: Wed, 23 Sep 2020 11:38:16 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <8dbb18c5-803e-b5a9-02b0-1152bd6ec7ed@connect2id.com>
Content-Type: multipart/alternative; boundary="------------4579FF1398EA1E9F69DEDF49"
Content-Language: fr
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/9ALG3paJtw4zrDGrNfJPsvj60HI>
Subject: Re: [OAUTH-WG] New podcast on identity specifications
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2020 09:38:23 -0000

Hello Brian and Vittorio,

I have two observations:

  * draft-fett-oauth-dpop-04 which is the last version expired on 5
    September 2020,
  * the podcast as well as draft-fett-oauth-dpop-04 omit to mention the
    client/user collaborative attack against which
    draft-fett-oauth-dpop-04 is ineffective.


Denis

PS. The podcast is a nice effort but is far too long (29:37).
>
> The mTLS vs DPoP was good in articulating how the two specs are alike, 
> how they differ and which particular type of app they are meant to serve.
>
> I'm saying this as a person who is generally allergic to technical 
> podcasts :)
>
> Maybe every RFC that comes out of this WG should have a podcast link 
> at the top, where the authors discuss it in simple, honest and 
> non-speccy terms, because that's often how people are best able to 
> perceive the spirit and subtleties of some technical or spec work.
>
> Vladimir
>
> On 21/09/2020 09:40, Vittorio Bertocci wrote:
>>
>> Dear all,
>>
>> This is an informal mail to inform you that there’s a new podcast 
>> <http://identityunlocked.com/>, identityunlocked.com 
>> <http://identityunlocked.com/>, dedicated to inform and explain new 
>> identity specs developments for developers.
>>
>> You can find a more detailed explanation of the podcast’s goals in 
>> https://auth0.com/blog/identity-unlocked-a-podcast-for-developers/, 
>> but the TL;DR is that the spec themselves aren’t all that easy to 
>> read for the non-initiated, and a lot of useful info emerges during 
>> the discussions leading to the spec but rarely surface in a usable 
>> form to the people who don’t participate in discussions.
>>
>> The first episode 
>> <https://auth0.com/blog/identity-unlocked-explained-episode-1/>, 
>> featuring Brian Campbell discussing MTLS & DPoP, should give you an 
>> idea of what season 1 of the show will look like.
>>
>> The full list of the first run is available here 
>> <https://auth0.com/blog/auth0-launches-identity-unlocked-the-identity-podcast-for-developers/>. 
>> Of 6 episodes, 3 of them are about specifications coming out of this 
>> WG- and all guests are actively involved in the IETF.
>>
>> My main goals sharing this info here are
>>
>>   * *Letting you know that the podcast exists*, so that you can make
>>     use of it if you so choose (e.g. referring people to it if they
>>     need to better understand something covered in an episode)
>>   * *Soliciting proposals for new episodes*: topics you believe are
>>     currently underserved, topics you are often asked about, topics
>>     you would like to be interviewed about on the show
>>   * *Growing the show’s subscriber base*. I was able to get backing
>>     from my company to produce a podcast that has exactly ZERO
>>     product pitches and is purely about identity specs promotion, on
>>     the gamble that the topic does have an audience finding it
>>     useful. So far the reception has been great, and we need to keep
>>     it up if we want to have a season 2.
>>
>> I hope you’ll find the initiative useful!
>>
>> Cheers,
>>
>> V.
>>