Re: [OAUTH-WG] OMA Liaison Has Arrived!
Barry Leiba <barryleiba@computer.org> Wed, 24 August 2011 12:31 UTC
Return-Path: <barryleiba.mailing.lists@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7324121F8785 for <oauth@ietfa.amsl.com>; Wed, 24 Aug 2011 05:31:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.031
X-Spam-Level:
X-Spam-Status: No, score=-103.031 tagged_above=-999 required=5 tests=[AWL=-0.054, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9OvQdqTV7YAD for <oauth@ietfa.amsl.com>; Wed, 24 Aug 2011 05:31:15 -0700 (PDT)
Received: from mail-yi0-f44.google.com (mail-yi0-f44.google.com [209.85.218.44]) by ietfa.amsl.com (Postfix) with ESMTP id C382121F8569 for <oauth@ietf.org>; Wed, 24 Aug 2011 05:31:15 -0700 (PDT)
Received: by yie12 with SMTP id 12so983394yie.31 for <oauth@ietf.org>; Wed, 24 Aug 2011 05:32:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=Q+t/T/fuIogkZj/x2ZsJ5QolA3TYHKsx4WY+WAcJ1UU=; b=egGbchYtz/3HamxmhMHURs4CRxiyHL2QdalEdx1et1Q/2hgBLZE/ZCXewyjIiP6J6+ 6e+BeKkl8P7b10du2CEMoJqx2+fjd8OJAndWk5900scHQH54qRSZ7S04YamEggKCVcXu F0Ur0vyO6uK2qoS2xGmSvXvHBgMnyyFhB1Zq8=
MIME-Version: 1.0
Received: by 10.146.50.16 with SMTP id x16mr5126645yax.29.1314189145985; Wed, 24 Aug 2011 05:32:25 -0700 (PDT)
Sender: barryleiba.mailing.lists@gmail.com
Received: by 10.147.181.13 with HTTP; Wed, 24 Aug 2011 05:32:25 -0700 (PDT)
In-Reply-To: <CAC4RtVCafc=sTUOZ0h7BtXZ2rmZGpZ5xRCrsP=0fHRh8kOF3Cg@mail.gmail.com>
References: <CAC4RtVCafc=sTUOZ0h7BtXZ2rmZGpZ5xRCrsP=0fHRh8kOF3Cg@mail.gmail.com>
Date: Wed, 24 Aug 2011 08:32:25 -0400
X-Google-Sender-Auth: CNSJVwZkhETU4eNBSrWpAnS1gV0
Message-ID: <CAC4RtVANUV3Q2=_j2tniZVo9xzSRArFsMg_j5Xa40ruEy3gbRw@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: oauth@ietf.org
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [OAUTH-WG] OMA Liaison Has Arrived!
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2011 12:31:16 -0000
On Mon, Aug 22, 2011 at 1:53 PM, Barry Leiba <barryleiba@computer.org> wrote: > I intend to add the following to the response to this item: > "The working group understands that client code needs to know whether > to use and decode percent-encoding. The issue is being discussed and > tracked, and will be resolved before the final version of the bearer > document is produced." For confirmation: Murray Kucherawy, our liaison to OMA, delivered our response yesterday (Tuesday, 23 August), and OMA has acknowledged it. They thank us for our prompt response. Barry, as chair > ----------------------------------------------------------------- > > The IETF OAuth working group thanks OMA ARC SEC for the liaison > statement titled "OAuth discovery and specification availability", > dated 18 July 2011. > > The OMA liaison statement asks the OAuth working group to address five > issues, and our answers are as follows: > > • Availability of the IETF OAuth specifications: especially > [draft-ietf-oauth-v2] and [draft-ietf-oauth-v2-bearer], and also > [draft-hammer-oauth-v2-mac-token], > [draft-lodderstedt-oauth-revocation] and [draft-recordon-oauth-v2-ux]. > > Answer: > The IETF cannot guarantee publication dates, but we can give some > best-guess timeframes. At this writing, draft-ietf-oauth-v2 and > draft-ietf-oauth-v2-bearer have completed Working Group last call and > are undergoing their final revisions before being sent to the IESG. > We expect the final versions of those documents to be in the RFC > Editor queue around the end of September, though it could be later if > issues come up in IETF-wide last call or during IESG evaluation. The > draft-hammer-oauth-v2-mac-token document has been replaced by > draft-ietf-oauth-v2-http-mac, which is a working group document. It > is likely to be in the RFC Editor queue by the end of the year. > > The remaining two documents are not working group documents, and the > working group can say nothing about their status. The OAuth working > group intends to revise its charter in the November timeframe, and > it's possible that one or both of those documents could be adopted by > the working group at that time, and we could have further information > about target publication dates then. > > • Availability of the OAuth Parameters Registry > > Answer: > The draft-ietf-oauth-v2 document establishes the OAuth Parameters > Registry (in section 11.2, as of draft version 20). The registry will > be available when the RFC is published, which will be some time after > the document goes into the RFC Editor queue, depending upon the RFC > Editor's load at the time. > > • IETF intent to specify an OAuth Discovery mechanism > > Answer: > There is interest among OAuth working group participants for > specifying such a mechanism, but the work is not in the current > charter. It will likely be considered during the aforementioned > charter update in (approximately) November. > > • Considerations that can help implementors decide about the type of > OAuth access token to deploy. > > Answer: > There is no current work planned, but documents with such > implementation advice might also be considered during the rechartering > discussion. > > • For bearer tokens: clarification whether the non-support of percent > encoding for scope-v element of WWW-Authenticate Response Header Field > grammar is intentional. > > Answer: > In the bearer token document (Section 2.4 of > draft-ietf-oauth-v2-bearer-08, "The WWW-Authenticate Response Header > Field"), the "scope-v" element is unambiguously defined to allow a > specific set of characters. That set of characters does permit, but > does not mandate, support for percent-encoding of characters. > > -----------------------------------------------------------------
- Re: [OAUTH-WG] OMA Liaison Has Arrived! Barry Leiba
- Re: [OAUTH-WG] OMA Liaison Has Arrived! Igor Faynberg
- Re: [OAUTH-WG] OMA Liaison Has Arrived! Lodderstedt, Torsten
- Re: [OAUTH-WG] OMA Liaison Has Arrived! scope-v Manger, James H
- Re: [OAUTH-WG] OMA Liaison Has Arrived! scope-v Barry Leiba
- Re: [OAUTH-WG] OMA Liaison Has Arrived! scope-v William J. Mills
- Re: [OAUTH-WG] OMA Liaison Has Arrived! scope-v Barry Leiba
- Re: [OAUTH-WG] OMA Liaison Has Arrived! Barry Leiba
- Re: [OAUTH-WG] OMA Liaison Has Arrived! Igor Faynberg