Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-signed-http-request-00.txt
Bill Mills <wmills_92105@yahoo.com> Mon, 22 December 2014 16:21 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9C6A1A09CF for <oauth@ietfa.amsl.com>; Mon, 22 Dec 2014 08:21:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.509
X-Spam-Level:
X-Spam-Status: No, score=-1.509 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b_4sQhErsEFp for <oauth@ietfa.amsl.com>; Mon, 22 Dec 2014 08:21:48 -0800 (PST)
Received: from nm15.bullet.mail.bf1.yahoo.com (nm15.bullet.mail.bf1.yahoo.com [98.139.212.174]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 449BF1A1A27 for <oauth@ietf.org>; Mon, 22 Dec 2014 08:21:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1419265307; bh=D/uAGMT6et2cKdl7Zmild0zq7G4BT/79DYs/9jkfE00=; h=Date:From:Reply-To:To:In-Reply-To:References:Subject:From:Subject; b=CU5EAb+B00dhAmMADrA1Ke4mRLgFE34G6Opo31+/j0HNwhvTog00hGxLoihARvMsBSmjll0+5KBhjksjPn6uxNRs7VdwyIHDB76GzPT1lQxrAhkmoHgqXOFHY59J/EcYcdI0rUzaIzT5ZbII0WA/KmfKqBh9xJ+V5x5PUVXmhhDgEQ2xK0E3p4ToaEZ4pEUOUZhY+qRg7I2qJ4No8Q6ubyZahK6ppjjHbS4yT4YcfZMskmF/xqgb22WdMd4hAWnAckgvFES2JaTHTHi1XsvpljZl0ls9fK1MqyzcQP/w5OePxoNuxEKpikIeCThSG80TZst+EogYjMaiqKr40N7Jwg==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=ubcHJUb2qWgpFTKDZxjldjmYLh97FlatkfR4sHNZ0cy9QSAHGkk+gTJioEtD8XHfo3ADObFnNkNMIklhASIl1zfhowQ2WCwztR2EjcuiD8kvK3Q23j9KiPmKY1y+Gep/92iFl3B4e7KI6ChTgwGFGSVbVNdoL1mgncRbfeVOGgv48b6/8JycUJEryaBs85u0XWM02j6yin1+mUKNsj5J0aoZbHGlzbPUV63OtlaaXuSBS9H4qcuyFUc4Nh6xFuKtWo15CuUVLggNKP+Fm2xHEP4SUTqhAoLPRpTx+/VLkUPtumVYsqd+jRIQlCdpA8PgH8+L8x12nlnG1Nnq1QnZJg==;
Received: from [98.139.215.140] by nm15.bullet.mail.bf1.yahoo.com with NNFMP; 22 Dec 2014 16:21:47 -0000
Received: from [98.139.212.219] by tm11.bullet.mail.bf1.yahoo.com with NNFMP; 22 Dec 2014 16:21:47 -0000
Received: from [127.0.0.1] by omp1028.mail.bf1.yahoo.com with NNFMP; 22 Dec 2014 16:21:47 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 441248.15044.bm@omp1028.mail.bf1.yahoo.com
X-YMail-OSG: 92Dto3EVM1nq9QADfV4qD2s8g.4kaRFZZjCsAnsWSjxndICfRBCDtlxeK6eGCXD HQAObpnEgvGJ9iCYNtPPH.GetDLzm_g1tTzLpTg_oynmdSgNSJWUmjxrxq4eLYwW8is9lpdFvrOz _dy0dUd49ntc8OhA8EAmdU_4Uc9UataYSuFpfpzN2bdwRrjn.lHYlyYzXuRitDYMOoDKiZSFYdGN zEp2ZqLCA_yEsqdTlrY_ZaHnjEHAu37LnTP4Br5KmPshuJOG42Q.rBIIiqrVaeNeB7Znh0nf5Vhj 3mFo_KjRDZKGGdbE4ax_7SJS4gyneHzlYUwMC1d4VjPhnWni1MJixKzANiDRihvsv80iZ1fNLaYg 5vDqrsq.V9FQWwPwWmGPeGu1eDSqpATsf4dr5bqnvZxpaIrSQ3OP5GFE1d8Fg2Nr5_obOmrqHUjD seCYAT9W_8SENtT3nksdFkiNPv6fAAoKOJ9mqEmJtU8OlLufRKWxo0PHlZjvdFrly0uqK.Bs745U SQBiupckf
Received: by 76.13.26.142; Mon, 22 Dec 2014 16:21:46 +0000
Date: Mon, 22 Dec 2014 16:21:46 +0000
From: Bill Mills <wmills_92105@yahoo.com>
To: Justin Richer <jricher@mit.edu>, Sergey Beryozkin <sberyozkin@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
Message-ID: <1793186558.221941.1419265306540.JavaMail.yahoo@jws10621.mail.bf1.yahoo.com>
In-Reply-To: <0j3djshkn5mba4hl4yvgn6r6.1419251602904@email.android.com>
References: <0j3djshkn5mba4hl4yvgn6r6.1419251602904@email.android.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_221940_499890343.1419265306536"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Fbbrw1ea_sygxugikd1tTGZldZE
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-signed-http-request-00.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Dec 2014 16:21:50 -0000
Did this get adopted as a WG item already and I missed it?
On Monday, December 22, 2014 4:33 AM, Justin Richer <jricher@mit.edu> wrote:
That's easy: any headers. That's why the signer specifies which ones. Would be good to have since guidance tough, and examples.
-- Justin
/ Sent from my phone /
-------- Original message --------
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date:12/22/2014 7:08 AM (GMT-05:00)
To: oauth@ietf.org
Cc:
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-signed-http-request-00.txt
Hi Justin
I see a fair bit of interest toward this work now being shown from my
colleagues; it would help if the next draft could clarify which HTTP
headers can be signed given it is difficult to get hold of some of HTTP
headers typically created by a low level HTTP transport component.
Thanks, Sergey
On 21/07/14 14:58, internet-drafts@ietf.org wrote:
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
> This draft is a work item of the Web Authorization Protocol Working Group of the IETF.
>
> Title : A Method for Signing an HTTP Requests for OAuth
> Authors : Justin Richer
> John Bradley
> Hannes Tschofenig
> Filename : draft-ietf-oauth-signed-http-request-00.txt
> Pages : 11
> Date : 2014-07-21
>
> Abstract:
> This document a method for offering data origin authentication and
> integrity protection of HTTP requests. To convey the relevant data
> items in the request a JSON-based encapsulation is used and the JSON
> Web Signature (JWS) technique is re-used. JWS offers integrity
> protection using symmetric as well as asymmetric cryptography.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-signed-http-request/
>
> There's also a htmlized version available at:
> http://tools.ietf.org/html/draft-ietf-oauth-signed-http-request-00
>
>
> Please note that it may take a couple of minutes from the time of submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action: draft-ietf-oauth-signed-ht… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-signe… Sergey Beryozkin
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-signe… Justin Richer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-signe… Sergey Beryozkin
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-signe… Bill Mills
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-signe… Richer, Justin P.
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-signe… Bill Mills