Re: [OAUTH-WG] OAuth Digest, Vol 78, Issue 31
"sooolooo.mm" <sooolooo.mm@gmail.com> Sat, 02 May 2015 10:36 UTC
Return-Path: <sooolooo.mm@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AB2F1A1BE9 for <oauth@ietfa.amsl.com>; Sat, 2 May 2015 03:36:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oc74kGcspRLF for <oauth@ietfa.amsl.com>; Sat, 2 May 2015 03:36:43 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28CFC1A1B5B for <oauth@ietf.org>; Sat, 2 May 2015 03:36:43 -0700 (PDT)
Received: by widdi4 with SMTP id di4so74769684wid.0 for <oauth@ietf.org>; Sat, 02 May 2015 03:36:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:subject:message-id:from:to:mime-version:content-type :content-transfer-encoding; bh=F5E6/SepmU9UbRYWPWbgTfjs64YjV7uocqtBkMvomUM=; b=s2qrFnydjdh/1lluX6fdale21+mlZNoonWgFYieB/Gk95zBRLJpb+jZ2hmolm+YiqT SWxs9ot5Yavg7K5D6P/jnikNyxjGx+gRzbOiIMrxKON76QUQuIKKYqBkXg7wbCjO32LJ SLM2xymDsSUhA3+Oq3MaVSLNriEZsysVo+BD46EdCmvofY0tY4BM86bjrSNckZ5ZSTCF dqJoLDxnBaljZuESiVB0A5QcwEYr8uapbfeCEe+8zTrTc68oRJCHZ+lrysJJQn+qzhsw qL+yZSWzzmFZUdDWQkj09BqG8TzhgLD3MmIvHXpLOF3b4HIh0TDidACtp+mfJCwdR5Bz 8QJg==
X-Received: by 10.180.91.137 with SMTP id ce9mr3953080wib.76.1430563001908; Sat, 02 May 2015 03:36:41 -0700 (PDT)
Received: from [10.13.205.89] (ip-109-47-194-195.web.vodafone.de. [109.47.194.195]) by mx.google.com with ESMTPSA id fu2sm1819743wic.20.2015.05.02.03.36.36 for <oauth@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 02 May 2015 03:36:41 -0700 (PDT)
Date: Sat, 02 May 2015 12:31:55 +0200
Message-ID: <b391828sjfd2b77s8rnbhfm5.1430562694962@email.android.com>
From: "sooolooo.mm" <sooolooo.mm@gmail.com>
To: oauth@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/D7O7B2B9B1B8g645SCL2bk1P2HY>
Subject: Re: [OAUTH-WG] OAuth Digest, Vol 78, Issue 31
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 May 2015 10:36:45 -0000
oauth-request@ietf.org schrieb: >Send OAuth mailing list submissions to > oauth@ietf.org > >To subscribe or unsubscribe via the World Wide Web, visit > https://www.ietf.org/mailman/listinfo/oauth >or, via email, send a message with subject or body 'help' to > oauth-request@ietf.org > >You can reach the person managing the list at > oauth-owner@ietf.org > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of OAuth digest..." > > >Today's Topics: > > 1. Fwd: Last Call: <draft-ietf-kitten-sasl-oauth-22.txt> (A set > of SASL Mechanisms for OAuth) to Proposed Standard (Benjamin Kaduk) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Thu, 30 Apr 2015 14:37:35 -0400 (EDT) >From: Benjamin Kaduk <kaduk@MIT.EDU> >To: oauth@ietf.org >Subject: [OAUTH-WG] Fwd: Last Call: > <draft-ietf-kitten-sasl-oauth-22.txt> (A set of SASL Mechanisms for > OAuth) to Proposed Standard >Message-ID: <alpine.GSO.1.10.1504301434550.22210@multics.mit.edu> >Content-Type: TEXT/PLAIN; charset=US-ASCII > >Hi all, > >I just wanted to call attention to this IETF Last Call; there were some >changes since the -18 which is the last one that we sent to this list. > >-Ben > >---------- Forwarded message ---------- >Date: Thu, 30 Apr 2015 14:31:47 -0400 >From: The IESG <iesg-secretary@ietf.org> >Reply-To: ietf@ietf.org >To: IETF-Announce <ietf-announce@ietf.org> >Cc: kitten@ietf.org >Subject: [kitten] Last Call: <draft-ietf-kitten-sasl-oauth-22.txt> (A set of > SASL Mechanisms for OAuth) to Proposed Standard > > >The IESG has received a request from the Common Authentication Technology >Next Generation WG (kitten) to consider the following document: >- 'A set of SASL Mechanisms for OAuth' > <draft-ietf-kitten-sasl-oauth-22.txt> as Proposed Standard > >The IESG plans to make a decision in the next few weeks, and solicits >final comments on this action. Please send substantive comments to the >ietf@ietf.org mailing lists by 2015-05-14. Exceptionally, comments may be >sent to iesg@ietf.org instead. In either case, please retain the >beginning of the Subject line to allow automated sorting. > >Abstract > > > OAuth enables a third-party application to obtain limited access to a > protected resource, either on behalf of a resource owner by > orchestrating an approval interaction, or by allowing the third-party > application to obtain access on its own behalf. > > This document defines how an application client uses credentials > obtained via OAuth over the Simple Authentication and Security Layer > (SASL) to access a protected resource at a resource serve. Thereby, > it enables schemes defined within the OAuth framework for non-HTTP- > based application protocols. > > Clients typically store the user's long-term credential. This does, > however, lead to significant security vulnerabilities, for example, > when such a credential leaks. A significant benefit of OAuth for > usage in those clients is that the password is replaced by a shared > secret with higher entropy, i.e., the token. Tokens typically > provide limited access rights and can be managed and revoked > separately from the user's long-term password. > > > > >The file can be obtained via >https://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth/ > >IESG discussion can be tracked via >https://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth/ballot/ > > >No IPR declarations have been submitted directly on this I-D. > >This defines a way to use the obsolete OAUTH1.0a mechanism >as well an OAUTH2 mechanism. That is deliberate and reasonable. > >_______________________________________________ >Kitten mailing list >Kitten@ietf.org >https://www.ietf.org/mailman/listinfo/kitten > > > >------------------------------ > >Subject: Digest Footer > >_______________________________________________ >OAuth mailing list >OAuth@ietf.org >https://www.ietf.org/mailman/listinfo/oauth > > >------------------------------ > >End of OAuth Digest, Vol 78, Issue 31 >*************************************
- Re: [OAUTH-WG] OAuth Digest, Vol 78, Issue 31 sooolooo.mm