Re: [OAUTH-WG] New podcast on identity specifications
Denis <denis.ietf@free.fr> Wed, 23 September 2020 09:38 UTC
Return-Path: <denis.ietf@free.fr>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B6E03A0EED for <oauth@ietfa.amsl.com>; Wed, 23 Sep 2020 02:38:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.499
X-Spam-Level:
X-Spam-Status: No, score=-1.499 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.398, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYd1VZGz2CiQ for <oauth@ietfa.amsl.com>; Wed, 23 Sep 2020 02:38:20 -0700 (PDT)
Received: from smtp.smtpout.orange.fr (smtp05.smtpout.orange.fr [80.12.242.127]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 21D083A0EE9 for <oauth@ietf.org>; Wed, 23 Sep 2020 02:38:19 -0700 (PDT)
Received: from [192.168.1.11] ([90.91.135.171]) by mwinf5d61 with ME id XMeE230023i31rN03MeEXN; Wed, 23 Sep 2020 11:38:15 +0200
X-ME-Helo: [192.168.1.11]
X-ME-Auth: ZGVuaXMucGlua2FzQG9yYW5nZS5mcg==
X-ME-Date: Wed, 23 Sep 2020 11:38:15 +0200
X-ME-IP: 90.91.135.171
To: Brian Campbell <bcampbell@pingidentity.com>, Vittorio Bertocci <vittorio.bertocci@auth0.com>
References: <MWHPR19MB150106AF452F2C06009E0239AE3A0@MWHPR19MB1501.namprd19.prod.outlook.com> <8dbb18c5-803e-b5a9-02b0-1152bd6ec7ed@connect2id.com>
Cc: Vladimir Dzhuvinov <vladimir@connect2id.com>, oauth@ietf.org
From: Denis <denis.ietf@free.fr>
Message-ID: <67453f19-025a-0a05-e5eb-f56ee4127646@free.fr>
Date: Wed, 23 Sep 2020 11:38:16 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <8dbb18c5-803e-b5a9-02b0-1152bd6ec7ed@connect2id.com>
Content-Type: multipart/alternative; boundary="------------4579FF1398EA1E9F69DEDF49"
Content-Language: fr
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/9ALG3paJtw4zrDGrNfJPsvj60HI>
Subject: Re: [OAUTH-WG] New podcast on identity specifications
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Sep 2020 09:38:23 -0000
Hello Brian and Vittorio, I have two observations: * draft-fett-oauth-dpop-04 which is the last version expired on 5 September 2020, * the podcast as well as draft-fett-oauth-dpop-04 omit to mention the client/user collaborative attack against which draft-fett-oauth-dpop-04 is ineffective. Denis PS. The podcast is a nice effort but is far too long (29:37). > > The mTLS vs DPoP was good in articulating how the two specs are alike, > how they differ and which particular type of app they are meant to serve. > > I'm saying this as a person who is generally allergic to technical > podcasts :) > > Maybe every RFC that comes out of this WG should have a podcast link > at the top, where the authors discuss it in simple, honest and > non-speccy terms, because that's often how people are best able to > perceive the spirit and subtleties of some technical or spec work. > > Vladimir > > On 21/09/2020 09:40, Vittorio Bertocci wrote: >> >> Dear all, >> >> This is an informal mail to inform you that there’s a new podcast >> <http://identityunlocked.com/>, identityunlocked.com >> <http://identityunlocked.com/>, dedicated to inform and explain new >> identity specs developments for developers. >> >> You can find a more detailed explanation of the podcast’s goals in >> https://auth0.com/blog/identity-unlocked-a-podcast-for-developers/, >> but the TL;DR is that the spec themselves aren’t all that easy to >> read for the non-initiated, and a lot of useful info emerges during >> the discussions leading to the spec but rarely surface in a usable >> form to the people who don’t participate in discussions. >> >> The first episode >> <https://auth0.com/blog/identity-unlocked-explained-episode-1/>, >> featuring Brian Campbell discussing MTLS & DPoP, should give you an >> idea of what season 1 of the show will look like. >> >> The full list of the first run is available here >> <https://auth0.com/blog/auth0-launches-identity-unlocked-the-identity-podcast-for-developers/>. >> Of 6 episodes, 3 of them are about specifications coming out of this >> WG- and all guests are actively involved in the IETF. >> >> My main goals sharing this info here are >> >> * *Letting you know that the podcast exists*, so that you can make >> use of it if you so choose (e.g. referring people to it if they >> need to better understand something covered in an episode) >> * *Soliciting proposals for new episodes*: topics you believe are >> currently underserved, topics you are often asked about, topics >> you would like to be interviewed about on the show >> * *Growing the show’s subscriber base*. I was able to get backing >> from my company to produce a podcast that has exactly ZERO >> product pitches and is purely about identity specs promotion, on >> the gamble that the topic does have an audience finding it >> useful. So far the reception has been great, and we need to keep >> it up if we want to have a season 2. >> >> I hope you’ll find the initiative useful! >> >> Cheers, >> >> V. >>
- [OAUTH-WG] New podcast on identity specifications Vittorio Bertocci
- Re: [OAUTH-WG] New podcast on identity specificat… Vladimir Dzhuvinov
- Re: [OAUTH-WG] New podcast on identity specificat… Denis
- Re: [OAUTH-WG] New podcast on identity specificat… Brian Campbell
- Re: [OAUTH-WG] New podcast on identity specificat… Denis