Re: [OAUTH-WG] OAuth Digest, Vol 78, Issue 31

"sooolooo.mm" <sooolooo.mm@gmail.com> Sat, 02 May 2015 10:36 UTC

Return-Path: <sooolooo.mm@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AB2F1A1BE9 for <oauth@ietfa.amsl.com>; Sat, 2 May 2015 03:36:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oc74kGcspRLF for <oauth@ietfa.amsl.com>; Sat, 2 May 2015 03:36:43 -0700 (PDT)
Received: from mail-wi0-x235.google.com (mail-wi0-x235.google.com [IPv6:2a00:1450:400c:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28CFC1A1B5B for <oauth@ietf.org>; Sat, 2 May 2015 03:36:43 -0700 (PDT)
Received: by widdi4 with SMTP id di4so74769684wid.0 for <oauth@ietf.org>; Sat, 02 May 2015 03:36:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:subject:message-id:from:to:mime-version:content-type :content-transfer-encoding; bh=F5E6/SepmU9UbRYWPWbgTfjs64YjV7uocqtBkMvomUM=; b=s2qrFnydjdh/1lluX6fdale21+mlZNoonWgFYieB/Gk95zBRLJpb+jZ2hmolm+YiqT SWxs9ot5Yavg7K5D6P/jnikNyxjGx+gRzbOiIMrxKON76QUQuIKKYqBkXg7wbCjO32LJ SLM2xymDsSUhA3+Oq3MaVSLNriEZsysVo+BD46EdCmvofY0tY4BM86bjrSNckZ5ZSTCF dqJoLDxnBaljZuESiVB0A5QcwEYr8uapbfeCEe+8zTrTc68oRJCHZ+lrysJJQn+qzhsw qL+yZSWzzmFZUdDWQkj09BqG8TzhgLD3MmIvHXpLOF3b4HIh0TDidACtp+mfJCwdR5Bz 8QJg==
X-Received: by 10.180.91.137 with SMTP id ce9mr3953080wib.76.1430563001908; Sat, 02 May 2015 03:36:41 -0700 (PDT)
Received: from [10.13.205.89] (ip-109-47-194-195.web.vodafone.de. [109.47.194.195]) by mx.google.com with ESMTPSA id fu2sm1819743wic.20.2015.05.02.03.36.36 for <oauth@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 02 May 2015 03:36:41 -0700 (PDT)
Date: Sat, 02 May 2015 12:31:55 +0200
Message-ID: <b391828sjfd2b77s8rnbhfm5.1430562694962@email.android.com>
From: "sooolooo.mm" <sooolooo.mm@gmail.com>
To: oauth@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/D7O7B2B9B1B8g645SCL2bk1P2HY>
Subject: Re: [OAUTH-WG] OAuth Digest, Vol 78, Issue 31
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 May 2015 10:36:45 -0000


oauth-request@ietf.org schrieb:

>Send OAuth mailing list submissions to
>	oauth@ietf.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>	https://www.ietf.org/mailman/listinfo/oauth
>or, via email, send a message with subject or body 'help' to
>	oauth-request@ietf.org
>
>You can reach the person managing the list at
>	oauth-owner@ietf.org
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of OAuth digest..."
>
>
>Today's Topics:
>
>   1. Fwd: Last Call: <draft-ietf-kitten-sasl-oauth-22.txt> (A set
>      of SASL Mechanisms for OAuth) to Proposed Standard (Benjamin Kaduk)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Thu, 30 Apr 2015 14:37:35 -0400 (EDT)
>From: Benjamin Kaduk <kaduk@MIT.EDU>
>To: oauth@ietf.org
>Subject: [OAUTH-WG] Fwd: Last Call:
>	<draft-ietf-kitten-sasl-oauth-22.txt> (A set of SASL Mechanisms for
>	OAuth) to Proposed Standard
>Message-ID: <alpine.GSO.1.10.1504301434550.22210@multics.mit.edu>
>Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>Hi all,
>
>I just wanted to call attention to this IETF Last Call; there were some
>changes since the -18 which is the last one that we sent to this list.
>
>-Ben
>
>---------- Forwarded message ----------
>Date: Thu, 30 Apr 2015 14:31:47 -0400
>From: The IESG <iesg-secretary@ietf.org>
>Reply-To: ietf@ietf.org
>To: IETF-Announce <ietf-announce@ietf.org>
>Cc: kitten@ietf.org
>Subject: [kitten] Last Call: <draft-ietf-kitten-sasl-oauth-22.txt> (A set of
>    SASL Mechanisms for OAuth) to Proposed Standard
>
>
>The IESG has received a request from the Common Authentication Technology
>Next Generation WG (kitten) to consider the following document:
>- 'A set of SASL Mechanisms for OAuth'
>  <draft-ietf-kitten-sasl-oauth-22.txt> as Proposed Standard
>
>The IESG plans to make a decision in the next few weeks, and solicits
>final comments on this action. Please send substantive comments to the
>ietf@ietf.org mailing lists by 2015-05-14. Exceptionally, comments may be
>sent to iesg@ietf.org instead. In either case, please retain the
>beginning of the Subject line to allow automated sorting.
>
>Abstract
>
>
>   OAuth enables a third-party application to obtain limited access to a
>   protected resource, either on behalf of a resource owner by
>   orchestrating an approval interaction, or by allowing the third-party
>   application to obtain access on its own behalf.
>
>   This document defines how an application client uses credentials
>   obtained via OAuth over the Simple Authentication and Security Layer
>   (SASL) to access a protected resource at a resource serve.  Thereby,
>   it enables schemes defined within the OAuth framework for non-HTTP-
>   based application protocols.
>
>   Clients typically store the user's long-term credential.  This does,
>   however, lead to significant security vulnerabilities, for example,
>   when such a credential leaks.  A significant benefit of OAuth for
>   usage in those clients is that the password is replaced by a shared
>   secret with higher entropy, i.e., the token.  Tokens typically
>   provide limited access rights and can be managed and revoked
>   separately from the user's long-term password.
>
>
>
>
>The file can be obtained via
>https://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth/
>
>IESG discussion can be tracked via
>https://datatracker.ietf.org/doc/draft-ietf-kitten-sasl-oauth/ballot/
>
>
>No IPR declarations have been submitted directly on this I-D.
>
>This defines a way to use the obsolete OAUTH1.0a mechanism
>as well an OAUTH2 mechanism. That is deliberate and reasonable.
>
>_______________________________________________
>Kitten mailing list
>Kitten@ietf.org
>https://www.ietf.org/mailman/listinfo/kitten
>
>
>
>------------------------------
>
>Subject: Digest Footer
>
>_______________________________________________
>OAuth mailing list
>OAuth@ietf.org
>https://www.ietf.org/mailman/listinfo/oauth
>
>
>------------------------------
>
>End of OAuth Digest, Vol 78, Issue 31
>*************************************