Re: [OAUTH-WG] OAuth 1.0a
William Mills <wmills_92105@yahoo.com> Tue, 14 August 2012 19:53 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F29B921E808E for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 12:53:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.324
X-Spam-Level:
X-Spam-Status: No, score=-2.324 tagged_above=-999 required=5 tests=[AWL=-0.326, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_31=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ME-LpqRObb2e for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 12:53:45 -0700 (PDT)
Received: from nm38-vm1.bullet.mail.bf1.yahoo.com (nm38-vm1.bullet.mail.bf1.yahoo.com [72.30.239.17]) by ietfa.amsl.com (Postfix) with ESMTP id 1E08D21E8063 for <oauth@ietf.org>; Tue, 14 Aug 2012 12:53:45 -0700 (PDT)
Received: from [98.139.212.144] by nm38.bullet.mail.bf1.yahoo.com with NNFMP; 14 Aug 2012 19:53:44 -0000
Received: from [98.139.212.228] by tm1.bullet.mail.bf1.yahoo.com with NNFMP; 14 Aug 2012 19:53:44 -0000
Received: from [127.0.0.1] by omp1037.mail.bf1.yahoo.com with NNFMP; 14 Aug 2012 19:53:44 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 353772.66736.bm@omp1037.mail.bf1.yahoo.com
Received: (qmail 82838 invoked by uid 60001); 14 Aug 2012 19:53:43 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1344974023; bh=VMAj0LWSNzvrvDDfGrIq9NnRtEDHXx7/T4hsS3xSMIM=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=doVTx8AM5/LPa8muxut3U7xsV62JbjRlWZZcf/eefBFvdEa7fmwJeqzGqHTY8PUG0jBkN+DOPUnsDuLB8NwtR2mxUQpvr7i/h0I69aeJWPAhBWEgqvTGbn6IcTEioxUF7gTjzLsy0KSUcaHLw04EF6T0tWwUfWk4txux9OsnX1k=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=US6lpBiJLyKNnRnsrirsgGmxOvEBzlsh4sPJ2Ew278EqxBBM7QKdYd0UxGQADtMLSRKUfWDl+jO36LZk5okL7OCIZLgJqK45q8ygx4bKpYGSyt97m7oefg3rUyiNL06BpAiGvqkzEPZUFu4j8c2bQD4uD2OOP8XugDcc43M2k0Q=;
X-YMail-OSG: MyQw4qcVM1n6yDbuFFd2bQAMEub5ajFM_vbqD3oNfBC17W4 dGtPjMImSVWEsu8XRHfseaJRVNPeelrU8P6Xa0Po0XvJgvCvAg4GGuVKKrHj B.Xxlpt93FqdZ7Zv5L8O8eEQxJVJvy6PBapN6PZ_A0l5Qu7a9l.mmwtaufxs xtmxjCqh2trXRNNvXqOm1Z.0bwAjCfbPYEkYSiVFwRGz2OvrzaYou1G7wn29 yR18MTmdgUvzAsIJ1ypVRObIqbsYqN2Ll_ctwZhTjRBq7rcMXTQCkCiYy50t NDO2Ytku9OxG8H.4JA4_WwMGOQlG0ZfbMqIwLzjlmAv8xjcPqjfX2dLCfOCh yNkKtXId8nmiWvVyQbMRhxQOf68IsmqauGjbJ567rlajx7xaEkYL_JmPIv3w 1h7wKdqSr7tLmgbBZuRVfuCaPNvsSbB4OEj_i9_Z5xQbFwXtCGEI_z1HQH03 1G60nDUh4gdXj4b27Bfk6lizTkVXjWtKwT.XmhKHFHaIEigsDu7Ops0L7fax PMiw-
Received: from [209.131.62.113] by web31804.mail.mud.yahoo.com via HTTP; Tue, 14 Aug 2012 12:53:43 PDT
X-Mailer: YahooMailWebService/0.8.121.416
References: <1344972117.60342.YahooMailNeo@web31802.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B168042967394366777A7F@TK5EX14MBXC283.redmond.corp.microsoft.com> <1344973056.51964.YahooMailNeo@web31812.mail.mud.yahoo.com> <502AAA2D.1050404@lodderstedt.net>
Message-ID: <1344974023.98979.YahooMailNeo@web31804.mail.mud.yahoo.com>
Date: Tue, 14 Aug 2012 12:53:43 -0700
From: William Mills <wmills_92105@yahoo.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
In-Reply-To: <502AAA2D.1050404@lodderstedt.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="835683298-1845260303-1344974023=:98979"
Cc: O Auth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 1.0a
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2012 19:53:46 -0000
I want to get the SASL work done. HoK is interesting, but I've become convinced that it's not actually anything that needs it's own spec, you can do HoK with MAC or any other signed scheme by including the needed proof of ownership in the token. HoK, however it works out, is unlikely to vary a lot from the elements that would currently be needed to support MAC or 1.0a and if needed can just extend the SASL mechanism. -bill ________________________________ From: Torsten Lodderstedt <torsten@lodderstedt.net> To: William Mills <wmills_92105@yahoo.com> Cc: Mike Jones <Michael.Jones@microsoft.com>; O Auth WG <oauth@ietf.org> Sent: Tuesday, August 14, 2012 12:42 PM Subject: Re: [OAUTH-WG] OAuth 1.0a Hi Bill, do you need to specify this aspect of your SASL profile now? Why don't you wait for the group to complete the work on signing/HoK? You could also contribute your use cases to drive the discussion. best regards, Torsten. Am 14.08.2012 21:37, schrieb William Mills: It's for the OAUTH SASL spec. I've been writing it with the idea that OAuth 1.0a would work (since I think we'll have extant 1.0a typ[e tokens we want to allow for IMAP), but several folks were saying when this all started that 1.0a was dead and I should not refer to it. > > >I want to make sure the SASL mechanism is build to properly handle signed auth schemes and not just bearer (cookie) type. > > >-bill > > > >________________________________ > From: Mike Jones <Michael.Jones@microsoft.com> >To: William Mills <wmills_92105@yahoo.com>; O Auth WG <oauth@ietf.org> >Sent: Tuesday, August 14, 2012 12:28 PM >Subject: RE: [OAUTH-WG] OAuth 1.0a > > > >What problem are you trying to solve? > >From:oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of William Mills >Sent: Tuesday, August 14, 2012 12:22 PM >To: O Auth WG >Subject: [OAUTH-WG] OAuth 1.0a > >What's the general opinion on 1.0a? Am I stepping in something if I refer to it in another draft? I want to reference an auth scheme that uses signing and now MAC is apparently going back to the drawing board, so I'm thinking about using 1.0a. > >Thanks, > >-bill > > > > >_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig
- [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Mike Jones
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth 1.0a Mike Jones
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Mike Jones
- Re: [OAUTH-WG] OAuth 1.0a Justin Richer
- Re: [OAUTH-WG] OAuth 1.0a Dick Hardt
- Re: [OAUTH-WG] OAuth 1.0a Ryan Troll
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig