Re: [OAUTH-WG] Agenda for IETF#87 Meeting

Phil Hunt <phil.hunt@oracle.com> Wed, 17 July 2013 18:27 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A41D11E80CC for <oauth@ietfa.amsl.com>; Wed, 17 Jul 2013 11:27:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.552
X-Spam-Level:
X-Spam-Status: No, score=-5.552 tagged_above=-999 required=5 tests=[AWL=-0.349, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f-Zqdj4IIwZL for <oauth@ietfa.amsl.com>; Wed, 17 Jul 2013 11:27:28 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 0DD2011E80BA for <oauth@ietf.org>; Wed, 17 Jul 2013 11:27:28 -0700 (PDT)
Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r6HIRQ3Q009485 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 17 Jul 2013 18:27:27 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by ucsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r6HIRQqX024072 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 17 Jul 2013 18:27:26 GMT
Received: from abhmt110.oracle.com (abhmt110.oracle.com [141.146.116.62]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r6HIRPll017617; Wed, 17 Jul 2013 18:27:25 GMT
Received: from [192.168.1.125] (/24.86.29.34) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 17 Jul 2013 11:27:25 -0700
References: <E6346ECC-ECCB-4B5C-81F4-273EBCFBD365@gmx.net> <51E6E00F.3000009@lodderstedt.net>
Mime-Version: 1.0 (1.0)
In-Reply-To: <51E6E00F.3000009@lodderstedt.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Message-Id: <699DB88E-9021-4718-8120-AF0EE1A8F831@oracle.com>
X-Mailer: iPhone Mail (10B329)
From: Phil Hunt <phil.hunt@oracle.com>
Date: Wed, 17 Jul 2013 11:27:22 -0700
To: Torsten Lodderstedt <torsten@lodderstedt.net>
X-Source-IP: ucsinet22.oracle.com [156.151.31.94]
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Agenda for IETF#87 Meeting
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jul 2013 18:27:33 -0000

I would like to address the issue of client web apps using oauth to authenticate users--something that is not supported by the specs but people are doing anyway.  

OpenId Connect covers the issue but not in a lightweight way for both as and client. 

There seems to be a gap here.

Phil

On 2013-07-17, at 11:18, Torsten Lodderstedt <torsten@lodderstedt.net> wrote:

> Hi,
> 
> given that most charter items are (nearly) done, I would highly appreciate a discussion about further directions and new topics.
> 
> regards,
> Torsten.
> 
> Am 17.07.2013 19:37, schrieb Hannes Tschofenig:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>> 
>> Hi all,
>> 
>> it is time to discuss the agenda for the meeting. Here is a strawman proposal. Let us know if you would like to add a topic to the agenda:
>> 
>> - --------
>> 
>> Web Authorization Protocol (OAuth)
>> ==================================
>> 
>> Date: WEDNESDAY, July 31, 2013
>> Time: 0900-1130 CEST
>> Room: Tiergarten 1/2
>> 
>> 
>> Agenda:
>> 
>>  * Dynamic Client Registration (TBD)
>>  https://datatracker.ietf.org/doc/draft-ietf-oauth-dyn-reg/
>>  https://datatracker.ietf.org/doc/draft-hunt-oauth-scim-client-reg/
>>    Goal: Discuss open issues with the WG document and determine
>>  whether there is interest to adopt the SCIM proposal in the WG.
>>    * JWT (Mike Jones) -- if necessary
>>  https://datatracker.ietf.org/doc/draft-ietf-oauth-json-web-token/
>>    Background: This work depends on the progress in the JOSE WG.
>>  JOSE made some progress and so the question is whether this
>>  document can enter WGLC (soon). What are the open issues?
>>    * Assertions (Mike Jones) -- if necessary
>>  https://datatracker.ietf.org/doc/draft-ietf-oauth-assertions/
>>  https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/
>>  https://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/
>>    Goal: If there are still open issues we should discuss them.
>>  Expectation is that the documents are back with the IESG
>>  the week before the IETF meeting.
>>    * Security (Hannes Tschofenig)
>>  https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-http-mac/
>>  https://datatracker.ietf.org/doc/draft-tschofenig-oauth-audience/
>>    Goal: Get draft-ietf-oauth-v2-http-mac to WGLC.
>>    * Other items? Rechartering?
>> 
>> - --------
>> 
>> 
>> The latest version of the agenda can be found here:
>> http://www.ietf.org/proceedings/87/agenda/agenda-87-oauth
>> 
>> 
>> Ciao
>> Hannes & Derek
>> 
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
>> Comment: GPGTools - http://gpgtools.org
>> 
>> iQEcBAEBCgAGBQJR5tZqAAoJEGhJURNOOiAtMe0IAIjKEHfkLgMW5TJonwuRcVat
>> 2cNpc0eIQiiTIj1GnELb6QY3GvxmYyB680UtjIg3eY50bbmMd0v+iW1aSdTWAHLz
>> H3eCnMjeVLJnjYPzklNxYcjxvN1F2tC+oBk6o4jJYrGRHizf7nSIt9rbCbFU7T9M
>> kl8Z7dASnTWQYPQ21Jr41Wp/fmUhgq2OvMrpSzFEcYp1DIRz94AeZuTac7Q4buKE
>> 5PV0XWFq6n2iixnGdHmYI9uMyiSw77k48NGngvdPiefQghG0BqZIgSDvgt+3Thee
>> vXWMOCTtxn8/eBe3lvDSiGwi/2PIJztPH06Fc3+szfUnWEdFGdNt8wWk4g6tV9M=
>> =rsLq
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth