IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth WG Re-Chartering

John Bradley <ve7jtb@ve7jtb.com> Mon, 19 March 2012 17:53 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52A6821F88B5 for <oauth@ietfa.amsl.com>; Mon, 19 Mar 2012 10:53:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.51
X-Spam-Level:
X-Spam-Status: No, score=-2.51 tagged_above=-999 required=5 tests=[AWL=-0.130, BAYES_00=-2.599, J_CHICKENPOX_32=0.6, RCVD_IN_DNSWL_LOW=-1, RCVD_IN_SORBS_WEB=0.619]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vHJyzmL1PpDf for <oauth@ietfa.amsl.com>; Mon, 19 Mar 2012 10:53:01 -0700 (PDT)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by ietfa.amsl.com (Postfix) with ESMTP id 8F44021F889A for <oauth@ietf.org>; Mon, 19 Mar 2012 10:53:01 -0700 (PDT)
Received: by yenm5 with SMTP id m5so6462202yen.31 for <oauth@ietf.org>; Mon, 19 Mar 2012 10:53:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=4YSzAb9FvkzWPNqAazFIeJBaqi5hOrRWSe834t5VarI=; b=QucIygrAYssbNdnnhAe12p/rH63skRQnT9JRAnD3xUQABEdIlMinK1qp32gmTahJit RSzl89I65BnVhMb3ifGTWCn1GnHdscSMlOREP/XqLJ0yiCUdR/EyKZDoSKI/jLCtsT0O urZVgHqKz6cxsKGqOfRo4buroS/IZZWAu5+etDat86YKN0R1OEiYqHkvdxAGlmXx8fTA NU0aMZqSelbAdl5jn8nSCzRZIKqyB3bqJgQEGLgLYr6jSWeM030MnZapdVX81wDSTW3r 8THqiVR7P+BmKP2gA2p4xKErDlc5WNiyC3lxt1Xt6cI9r5Oc+gsYCSX7ibLe/TQegP+0 rsCA==
Received: by 10.101.129.7 with SMTP id g7mr4432048ann.12.1332179580901; Mon, 19 Mar 2012 10:53:00 -0700 (PDT)
Received: from [192.168.1.213] ([190.20.24.135]) by mx.google.com with ESMTPS id g21sm17581997ani.13.2012.03.19.10.52.50 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 19 Mar 2012 10:52:57 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_356BE533-FE10-4347-BB29-1E367C53F098"; protocol="application/pkcs7-signature"; micalg="sha1"
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <DE07A300-B0B8-4AC9-966E-E9E997C352F4@oracle.com>
Date: Mon, 19 Mar 2012 14:52:25 -0300
Message-Id: <0A63B04E-D572-4111-B412-DB0B281E3088@ve7jtb.com>
References: <B327D847-B059-41D7-A468-8B8A5DB8BFCE@gmx.net> <4E1F6AAD24975D4BA5B16804296739436641D81E@TK5EX14MBXC284.redmond.corp.microsoft.com> <5710F82C0E73B04FA559560098BF95B1250DCE94E0@USNAVSXCHMBSA3.ndc.alcatel-lucent.com> <CAAz=scmv6BOYpc0_Nnixz64ZywPmBPf+2xPok4LCu5JMcY1=xw@mail.gmail.com> <D869DA40-5F8D-4905-A3B2-18D868B68B09@ve7jtb.com> <DE07A300-B0B8-4AC9-966E-E9E997C352F4@oracle.com>
To: Phil Hunt <phil.hunt@oracle.com>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQk33E+5SSkKa/KJLXqAMYWiaapwoT9Oa/bLTjjzKrD7X5Bp8I+b5Acg9IDC1deBo4NGuQjr
Cc: "oauth@ietf.org WG" <oauth@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 17:53:02 -0000

JWT and SWD are the highest priority to find a home.   

We are doing token introspection and dynamic registration.
Those are larger tasks to generalize, though probably worthwhile.

John B.
On 2012-03-19, at 2:30 PM, Phil Hunt wrote:

> I would support those features of connect that are more general being part of the general spec family under the WG. 
> 
> Phil
> 
> On 2012-03-19, at 9:31, John Bradley <ve7jtb@ve7jtb.com> wrote:
> 
>> There is not intention to bring the openID Connect work to the OAuth WG.
>> It like many other protocols rely on OAuth 2.0 but are not part of it.
>> 
>> However if there are some things that we are doing as OAuth 2.0 extensions
>> that are more general and can be standardized in the IETF, we should understand 
>> what they are.  
>> 
>> We are having a openID Connect meeting on Sunday prior to IETF.
>> People are encouraged to attend and refine opinions about the appropriate homes
>> for some of this new(to IETF) work.
>> 
>> Registration is at:
>> http://www.eventbrite.com/event/3064019565
>> 
>> The account chooser WG that Blaine mentioned at OIDF is up and running now, with a online meeting happening 
>> Thursday for those that are interested.
>> https://sites.google.com/site/oidfacwg/
>> http://acwg2012march-estw.eventbrite.com
>> 
>> So +1 for composition.
>> 
>> John B.
>> 
>> On 2012-03-19, at 12:24 PM, Blaine Cook wrote:
>> 
>>> On 15 March 2012 17:31, Zeltsan, Zachary (Zachary)
>>> <zachary.zeltsan@alcatel-lucent.com> wrote:
>>>> ...  Considering OpenID Connect as a motivating use case for OAuth, SWD is
>>>> the one spec that would then be missing for this OAuth use case.
>>> 
>>> I worry that bringing OpenID Connect into OAuth (rather than building
>>> upon OAuth) will have detrimental effects for both efforts. OAuth is
>>> successful in part because we chose not to push OAuth-like
>>> functionality into the OpenID umbrella (which at the time was focused
>>> on shipping OpenID 2.0).
>>> 
>>> It seems prudent to learn from the experience of WS-*, where
>>> everything was combined into one huge ball of standards-wax. The
>>> result was both impenetrable and not fit for purpose due to the many
>>> interdependencies (both social and technical) involved.
>>> 
>>> Composition has served the IETF and the internet well, and nothing
>>> prevents the OpenID standards from being created in the context of a
>>> new working group, or from within the OpenID foundation. Indeed, it's
>>> been working quite well, and projects like the Account Chooser are
>>> showing great promise and focusing on the important things (UX) rather
>>> than specifications-for-specification's sake.
>>> 
>>> b.
>>> _______________________________________________
>>> OAuth mailing list
>>> OAuth@ietf.org
>>> https://www.ietf.org/mailman/listinfo/oauth
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email