[OAUTH-WG] draft-hunt-oauth-software-statement-00

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 01 November 2013 19:13 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 7957B11E8126 for <oauth@ietfa.amsl.com>; Fri, 1 Nov 2013 12:13:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id QlFplWEEeoWw for <oauth@ietfa.amsl.com>; Fri, 1 Nov 2013 12:13:53 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net []) by ietfa.amsl.com (Postfix) with ESMTP id 2527B11E8179 for <oauth@ietf.org>; Fri, 1 Nov 2013 12:13:53 -0700 (PDT)
Received: from masham-mac.home ([]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MC7em-1VTUSe1Gj2-008urn for <oauth@ietf.org>; Fri, 01 Nov 2013 20:13:52 +0100
Message-ID: <5273FD6F.3070404@gmx.net>
Date: Fri, 01 Nov 2013 20:13:51 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130216 Thunderbird/17.0.3
MIME-Version: 1.0
To: "oauth@ietf.org WG" <oauth@ietf.org>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:sbsJOP34YZuhjY6UMbKslIMs4TVsnUo88s81OtDsNWln/VUmd3g KyAxjXw2fMQI/ZLellPrMOM9MNnXngbiffOscQjr8gVPEqtH9jkxSbwVgHDZXDodxB8KFi5 ruUu/zwB632an9ZVDXsGBLUdo160H6s15S3rLvdDpOlPoUein6VHLXIy0E3Prwn8BB+8zqD GfLqJXVslsxFzRhUxnLQA==
Subject: [OAUTH-WG] draft-hunt-oauth-software-statement-00
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Nov 2013 19:13:59 -0000

Hi Phil, Hi Tony, Hi all,

regarding this document I believe there are the following questions the 
group may want to think about:

a) Is the lifecycle of software development (Figure 1) common accross 
several companies?

b) The document defines a number of attributes. Are those attributes 
also used in other deployments? Is their semantic clearly defined so 
that meaningful actions can be taken when receiving those?

c) Is the proposed approach for conveying the software statement 
acceptable for the group?
(currently the information is conveyed as a bearer token encoded as JWT).

What would be good to have is two things:

  * Examples

  * Text that describes what decisions can be made by the introduction 
of the software assertions. This text could go into the introduction to 
provide a motivation about why to use it.