Re: [OAUTH-WG] JWT Token on-behalf of Use case

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 07 July 2015 19:43 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D62D1A8898 for <oauth@ietfa.amsl.com>; Tue, 7 Jul 2015 12:43:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ynk2pWle6zye for <oauth@ietfa.amsl.com>; Tue, 7 Jul 2015 12:43:31 -0700 (PDT)
Received: from mail-wg0-x232.google.com (mail-wg0-x232.google.com [IPv6:2a00:1450:400c:c00::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 592F21A88A3 for <oauth@ietf.org>; Tue, 7 Jul 2015 12:43:31 -0700 (PDT)
Received: by wgjx7 with SMTP id x7so176967868wgj.2 for <oauth@ietf.org>; Tue, 07 Jul 2015 12:43:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=TmPJt4wuoxPIK7s+U51LUcZKvkDTiY7novUYZLx6nns=; b=UDpRcwO3lKlf5QRCP/Yepgz935n7U1Z6E3FjNXdtgKkvrhI2CZMs8UNgq28VkMMh5N JVlPC7dFQLqbnOECp+Or7m7eTNk6AlKdisM4RK8fnEM0dz4lNfAiOxd2XmsNzsv9/NDY X0PmCE5YBd21XaPehdOpnpjYr+t7pft2Sh787lidLa9Yy8x05gbCsK5eKWejwBlOy5+S RrqeFqkPXrH8xNwRMq4NuWHClnvJfjgIWxXC1CI++Fyyuwk0oVbLIU7a8sOnBQCGghUs sCQoAL6pMoQn6BochrvTKX5phv9WEHQkdSOixaT7dBH61MJufeVtUaWk4gzIlCV4HZTI zvpw==
MIME-Version: 1.0
X-Received: by 10.180.9.75 with SMTP id x11mr63694943wia.80.1436298210094; Tue, 07 Jul 2015 12:43:30 -0700 (PDT)
Received: by 10.28.31.194 with HTTP; Tue, 7 Jul 2015 12:43:29 -0700 (PDT)
In-Reply-To: <tsly4irlqsp.fsf@mit.edu>
References: <6B22D19DBF96664DBF49BC7B326402B42739A904@xmb-aln-x09.cisco.com> <BY2PR03MB442205D40E8F1ECD88082F2F5AE0@BY2PR03MB442.namprd03.prod.outlook.com> <55928DB3.7090300@gmail.com> <5593C270.7000008@gmail.com> <5593DA7D.80401@mit.edu> <5593E5FD.3050403@gmail.com> <CA+k3eCTA+HmwnMBUBzD7FKYWL37BMA7az_2BE+vnqqpO3=2utw@mail.gmail.com> <559A676F.3070008@gmail.com> <CA+k3eCTJsLqn88K4qEYJUzoxwAH4boWGsvJZtZi8guvV6C6zSA@mail.gmail.com> <DEAFAD4A-36F8-47D7-813D-35948CDCEA2C@ve7jtb.com> <BY2PR03MB44276C3D04E3FE5AE238298F5930@BY2PR03MB442.namprd03.prod.outlook.com> <CA+k3eCTRK9ND5c2HbDU=3ctZ3J4u3HMA2QHNZfEpwtfcwiLxfQ@mail.gmail.com> <CY1PR0301MB12437C5CFE06B7837375E5DBA6930@CY1PR0301MB1243.namprd03.prod.outlook.com> <2BB85061-F141-478C-96B1-5086AFDA1F4F@oracle.com> <559B176F.90105@mit.edu> <tsly4irlqsp.fsf@mit.edu>
Date: Tue, 7 Jul 2015 15:43:29 -0400
Message-ID: <CAHbuEH4hZDtr=0fE96bsJDxEzp-ZctJrrpYP4xgEKvGVRJ8Dsw@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Sam Hartman <hartmans-ietf@mit.edu>
Content-Type: multipart/alternative; boundary=001a11c241369ab657051a4e3c98
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/AYt7eR22yCNu4dy8kALogF7Wois>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] JWT Token on-behalf of Use case
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Jul 2015 19:43:33 -0000

I'm just catching up on this tread, but would appreciate an in-room
discussion on this topic that doesn't assume the adopted draft has the
agreed upon approach as I am not reading that there is consensus on that
approach in this thread at all.

Could we see presentations on Mike's draft and Brian's?  Justin, do you
agree that Brian's draft covers the use case in our draft as was implied in
this thread?

I'd like to see a discussion guided by the chairs to see if we can find a
go-forward plan.  There seems to be differing opinions and maybe a pull
towards simpler approaches that extend Oauth.

Thank you.

On Tue, Jul 7, 2015 at 3:18 PM, Sam Hartman <hartmans-ietf@mit.edu> wrote:

> Speaking as someone who is reasonably familiar with Kerberos and the
> general concepts involved, I find both Microsoft/Kerberos technology
> ((constrained delegation/protocol transition) and the ws-trust text
> horribly confusing and would recommend against all of the above as
> examples of clarity.
> After several years I've finally gotten to a point where I understand
> the Kerberos terms, but that's simply by using them regularly, not
> because there was clarity.
>
>
> This may be a case where new terminology is worthwhile if you can find
> something that multiple people (especially new readers not overly
> familiar with the concepts) find to be clear.
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>



-- 

Best regards,
Kathleen