Re: [OAUTH-WG] OAuth WG Re-Chartering
John Bradley <ve7jtb@ve7jtb.com> Wed, 21 March 2012 19:53 UTC
Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D986221E80F3 for <oauth@ietfa.amsl.com>; Wed, 21 Mar 2012 12:53:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.207
X-Spam-Level:
X-Spam-Status: No, score=-3.207 tagged_above=-999 required=5 tests=[AWL=0.392, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CTvo4A+uN3SV for <oauth@ietfa.amsl.com>; Wed, 21 Mar 2012 12:53:16 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id EB4C021E80F0 for <oauth@ietf.org>; Wed, 21 Mar 2012 12:53:15 -0700 (PDT)
Received: by ghbg16 with SMTP id g16so1437645ghb.31 for <oauth@ietf.org>; Wed, 21 Mar 2012 12:53:14 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=subject:mime-version:content-type:from:in-reply-to:date:cc :message-id:references:to:x-mailer:x-gm-message-state; bh=YQxPbFvXBneHXskrOC1au4DDpHSAdg9RtANGd4sy0y8=; b=aC+vv1TFUUMubkcisDfG5KN8FK99cL4NyIP+R8AkR57LLUIpk8XAhZn2845LrVLjdk 9Snz8vvzbIPL4Inn0FJXV875gDAuPVJHdQ526m+1Um9KMd0xVEjlYdqKxJVloQ6/XdlF 5Pyp99HKA2q/Pu693R7X4q0lL+xXs5oVLfpyElhV9C3rF4rcFdx4DqskC0Y6a2PGmClG t9CGOqCy8gx4dJdWTcj8WOFdR6rP4n8zS2xOljvyDS67J0sySK1LY6DtNE7qmkQCtZgJ P3EpYoNrmQZkpvY6N+LeNTwQA5rbM1zx77wR0rNu+GN2bWW5pTeAywr2nS/QnXGBI6nQ dcTQ==
Received: by 10.236.153.104 with SMTP id e68mr5255080yhk.74.1332359594013; Wed, 21 Mar 2012 12:53:14 -0700 (PDT)
Received: from [192.168.1.213] (190-20-62-179.baf.movistar.cl. [190.20.62.179]) by mx.google.com with ESMTPS id d25sm6998311yhe.4.2012.03.21.12.52.59 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 21 Mar 2012 12:53:12 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/signed; boundary="Apple-Mail=_AC7EC563-3C6C-445B-BE61-9667F6FB26CA"; protocol="application/pkcs7-signature"; micalg="sha1"
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <4F6A2D9E.3050503@lodderstedt.net>
Date: Wed, 21 Mar 2012 16:52:34 -0300
Message-Id: <9E23B8E0-057F-42C1-807D-36F35690C7B2@ve7jtb.com>
References: <B327D847-B059-41D7-A468-8B8A5DB8BFCE@gmx.net> <CAAz=scnGaFzNNHv1xEQa0hCiA2gup_J_86HyzCnd7P0YTqfFxw@mail.gmail.com> <999913AB42CC9341B05A99BBF358718D01382ADC@FIESEXC035.nsn-intra.net> <90C41DD21FB7C64BB94121FBBC2E723453AFF089FE@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4F6A2D9E.3050503@lodderstedt.net>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
X-Mailer: Apple Mail (2.1257)
X-Gm-Message-State: ALoCoQnWhqcTx2JzPt7WLH49V1Okl7Wz0W0Em70hKJ5VE4yHT1STeW0fcaexjSG1EmivKNF++HUO
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Mar 2012 19:53:17 -0000
I don't think dynamic registration completely removes the need for a public client, that can't keep secrets. While we did do dynamic client registration for Connect that is a more constrained use case. I would put JWT and AS-RS communication as higher priorities than dynamic registration. Partially because they are more self contained issues. John B. On 2012-03-21, at 4:35 PM, Torsten Lodderstedt wrote: > In my opinion, dynamic client registration would allow us to drop public client thus simplifying the core spec. > > regards, > Torsten. > > Am 15.03.2012 16:00, schrieb Eran Hammer: >> I believe most do, except for the dynamic client registration. I don't have strong objections to it, but it is the least important and least defined / deployed proposal on the list. The AS->RS work is probably simpler and more useful at this point. >> >> EH >> >>> -----Original Message----- >>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf >>> Of Tschofenig, Hannes (NSN - FI/Espoo) >>> Sent: Thursday, March 15, 2012 4:47 AM >>> To: ext Blaine Cook; Hannes Tschofenig >>> Cc: oauth@ietf.org >>> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering >>> >>> Hi Blaine, >>> >>> These are indeed good requirements you stated below. >>> >>> When you look at the list of topics do you think that the proposed items >>> indeed fulfill them? >>> >>> Ciao >>> Hannes >>> >>> >>>> -----Original Message----- >>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf >>>> Of ext Blaine Cook >>>> Sent: Thursday, March 15, 2012 1:31 PM >>>> To: Hannes Tschofenig >>>> Cc: oauth@ietf.org WG >>>> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering >>>> >>>> On 14 March 2012 20:21, Hannes Tschofenig >>> <hannes.tschofenig@gmx.net> >>>> wrote: >>>>> So, here is a proposal: >>>>> >>>>> [Editor's Note: New work for the group. 5 items maximum! ] >>>>> >>>>> Aug. 2012 Submit 'Token Revocation' to the IESG for consideration >>>> as a Proposed Standard >>>>> Nov. 2012 Submit 'JSON Web Token (JWT)' to the IESG for >>>> consideration as a Proposed Standard >>>>> Nov. 2012 Submit 'JSON Web Token (JWT) Bearer Token Profiles for >>>> OAuth 2.0' to the IESG for consideration >>>>> Jan. 2013 Submit 'OAuth Dynamic Client Registration Protocol' to >>>> the IESG for consideration as a Proposed Standard >>>>> Sep. 2012 Submit 'OAuth Use Cases' to the IESG for consideration >>>> as an Informational RFC >>>> >>>> This looks great to me. >>>> >>>> I have serious concerns about feature-creep, and think that the OAuth >>>> WG should strongly limit its purview to these issues. In general, I >>>> think it prudent for this working group in particular to consider >>>> standardisation of work only under the following criteria: >>>> >>>> 1. Proposals must have a direct relationship to the mechanism of OAuth >>>> (and not, specifically, bound to an application-level protocol). >>>> 2. Proposals must have significant adoption in both enterprise and >>>> startup environments. >>>> 3. Any proposal must be driven based on a consideration of the >>>> different approaches, as adopted in the wild, and strive to be a >>>> better synthesis of those approaches, not a means to an end. >>>> >>>> These are the constraints with which I started the OAuth project, and >>>> they're more relevant than ever. I'd hate to see OAuth fail in the end >>>> because of a WS-*-like death by standards-pile-on. >>>> >>>> b. >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] OAuth WG Re-Chartering Hannes Tschofenig
- Re: [OAUTH-WG] OAuth WG Re-Chartering Igor Faynberg
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Richer, Justin P.
- Re: [OAUTH-WG] OAuth WG Re-Chartering Mike Jones
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Richer, Justin P.
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Anthony Nadalin
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Nat Sakimura
- Re: [OAUTH-WG] OAuth WG Re-Chartering Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] OAuth WG Re-Chartering Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] OAuth WG Re-Chartering Paul Madsen
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Paul Madsen
- Re: [OAUTH-WG] OAuth WG Re-Chartering Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Blaine Cook
- Re: [OAUTH-WG] OAuth WG Re-Chartering Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] OAuth WG Re-Chartering Paul Madsen
- Re: [OAUTH-WG] OAuth WG Re-Chartering Richer, Justin P.
- Re: [OAUTH-WG] OAuth WG Re-Chartering Paul Madsen
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] OAuth WG Re-Chartering Mike Jones
- Re: [OAUTH-WG] OAuth WG Re-Chartering Blaine Cook
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Phil Hunt
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth WG Re-Chartering Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth WG Re-Chartering Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering George Fletcher
- Re: [OAUTH-WG] OAuth WG Re-Chartering Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth WG Re-Chartering Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering George Fletcher
- Re: [OAUTH-WG] OAuth WG Re-Chartering Mike Jones
- Re: [OAUTH-WG] OAuth WG Re-Chartering Phil Hunt
- Re: [OAUTH-WG] OAuth WG Re-Chartering Eran Hammer
- Re: [OAUTH-WG] OAuth WG Re-Chartering John Bradley
- Re: [OAUTH-WG] OAuth WG Re-Chartering Phil Hunt
- Re: [OAUTH-WG] OAuth WG Re-Chartering Mike Jones
- Re: [OAUTH-WG] OAuth WG Re-Chartering Justin Richer
- Re: [OAUTH-WG] OAuth WG Re-Chartering Phil Hunt