Re: [OAUTH-WG] Info on how to implement a server

Dick Hardt <dick.hardt@gmail.com> Sun, 18 August 2019 21:08 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF6D3120220 for <oauth@ietfa.amsl.com>; Sun, 18 Aug 2019 14:08:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HedFvQlqxIMn for <oauth@ietfa.amsl.com>; Sun, 18 Aug 2019 14:08:45 -0700 (PDT)
Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5B1381207FE for <oauth@ietf.org>; Sun, 18 Aug 2019 14:08:45 -0700 (PDT)
Received: by mail-lj1-x235.google.com with SMTP id x18so9702019ljh.1 for <oauth@ietf.org>; Sun, 18 Aug 2019 14:08:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2WY7rkWDd4WwG7MsLItJgiirRNw6pO5jjSgCVY9DkWg=; b=RxLpqeuIozs63m0/5auYH/kr7Dld+ZphVAFKnvP3eMIcKZfhrfwtpt610RlBjVdCAt rFNxc0UNOk4KYFQL42Jepr+OV+Y0/TegfZe2b/NwBnJUpmhGY26wHKZ2NSjPM/+W+BeN DvIQWZRdP9HKVh8YYSe6iIpG93q47YdEW7M36ksqbdUHPxKNdD6yILPJ7qD5cDnfljVH f+Q/v9FGmFKQMQDAVJDP7VNYk8C7lKNt6ACc2RzkgZTxO1wkWZbZ3noE3Q9CtKWFfpUX xBKajDgk65tO8jxI6oxcfp8RYKe/hyNXIzBYLPT2XkDpxQ0kT5Kkn5Fr8xwfgMIDCR2z DLkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2WY7rkWDd4WwG7MsLItJgiirRNw6pO5jjSgCVY9DkWg=; b=s7dXSm+WZvF/uc2sIoBlho236z6htfgT+3QtTsbDkGjX+L9ZGnM8xOGVP2JQux5nVD 9rr/jZdLobsME1Y0kNJo8U9rT8wysIT1+2Eu2MKaJELbz0VajJvXAFEuVQBWoo114h/U WyhIlYXMI9l2d3Gyz35etJ0tMZnv2nthPp6N5cTRPmki5j3DMP4eA22zcAyRAUWK+Vcw medu8V4ocoVLyUsnZfJCsuBreXBSwRYqVo2dOhQNEuX7i58+N9Hk3i+bcWC0RD4XLRRI Qfl4immtppUnJFN9YpBuzSLiPhAVvJehKIWckP0nLkK8GSkozgar+GDwyDHZCrkXuR/0 XFtQ==
X-Gm-Message-State: APjAAAWBmpi1/Jcsr+lQA1VWGb1b5e4UWAWpkmsX6wB1L7LxArHLOK+f Ia4U9pf0zBd6Ap8l7QwBwDXjBEXzlVcxO6x/jg0=
X-Google-Smtp-Source: APXvYqxbV1ri1gMToJD1yxiTj42JMsqt2Xl8yImMImnZ0DmzGpgIusrUx652Pyxsss9nv8yXhURFkRzhHzxbGQzN3iw=
X-Received: by 2002:a2e:80da:: with SMTP id r26mr8566646ljg.62.1566162523454; Sun, 18 Aug 2019 14:08:43 -0700 (PDT)
MIME-Version: 1.0
References: <D3FB5975-2448-445B-8B48-0A46D43E0A99@akamai.com> <bc37895b-b4c9-af54-dbfc-6aa2cd80b75b@ve7jtb.com> <CA+iA6uifvqv=18ZYLf+BmDYhp6ZyEvwv+9mWoL37ALWuqozj4w@mail.gmail.com> <74BEF7B5-55AC-4BD6-AEF1-D04DEFE9F0EA@akamai.com> <CAD9ie-s+03oHh+1+Y5cVhUoBs1zZs1CM_iSzmf-opnpwNbMyPA@mail.gmail.com> <40AA5F98-4EB1-4ECB-A9A6-AEB2E435F693@akamai.com>
In-Reply-To: <40AA5F98-4EB1-4ECB-A9A6-AEB2E435F693@akamai.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Sun, 18 Aug 2019 14:08:32 -0700
Message-ID: <CAD9ie-sr3jBGL-wGcDpbT_iP1XMRtPUwe=+E0NMqwsgXwYFKPA@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Hans Zandbelt <hans.zandbelt@zmartzone.eu>, John Bradley <ve7jtb@ve7jtb.com>, "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000df04e305906aa01f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/FztNo2KpnTAQLdieTC3lMZJC0GU>
Subject: Re: [OAUTH-WG] Info on how to implement a server
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Aug 2019 21:08:55 -0000

That sounds like a means to an end.

Do you want to enable applications to call datatracker APIs?

On Sun, Aug 18, 2019 at 2:05 PM Salz, Rich <rsalz@akamai.com>; wrote:

> As I said at the start of the thread: I want to add OAUTH support to the
> datatracker.
>
>
>
> *From: *Dick Hardt <dick.hardt@gmail.com>;
> *Date: *Sunday, August 18, 2019 at 4:47 PM
> *To: *Rich Salz <rsalz@akamai.com>;
> *Cc: *Hans Zandbelt <hans.zandbelt@zmartzone.eu>;, John Bradley <
> ve7jtb@ve7jtb.com>;, "oauth@ietf.org"; <oauth@ietf.org>;
> *Subject: *Re: [OAUTH-WG] Info on how to implement a server
>
>
>
> What is the goal?
>
>
>
> On Sun, Aug 18, 2019 at 12:41 PM Salz, Rich <rsalz@akamai.com>; wrote:
>
> Thanks for the links, folks.  I’m aware, and sorry for my sloppy
> terminology.
>
>
>
> Imagine a service where anyone with a valid identity is authorized. There
> are many of these on the net. Collapsing authentication to authorization
> (“everyone authenticated is authorized”) seems not unreasonable.
>
>
>
> But I don’t want to get distracted from my main goal.  Thanks.
>
>
>
> *From: *Hans Zandbelt <hans.zandbelt@zmartzone.eu>;
> *Date: *Saturday, August 17, 2019 at 2:34 PM
> *To: *John Bradley <ve7jtb@ve7jtb.com>;
> *Cc: *"oauth@ietf.org"; <oauth@ietf.org>;
> *Subject: *Re: [OAUTH-WG] Info on how to implement a server
>
>
>
> indeed OAuth != identity see https://oauth.net/articles/authentication/
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__oauth.net_articles_authentication_&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=S3hNRZN-F73VNr2ls-yKN4bJPSuH4w92SmFc1PAvi4M&e=>
>
>
>
> Hans.
>
>
>
> On Sat, Aug 17, 2019 at 8:31 PM John Bradley <ve7jtb@ve7jtb.com>; wrote:
>
> The openID Connect kind of OAuth server.
>
> OAuth on its own is not designed to be secure for identity federation.
>
> John B.
>
> On 8/17/2019 1:23 PM, Salz, Rich wrote:
>
> What’s the WG consensus (heh) on the best guide to adding OAUTH support to
> an existing server so that it can act as an identity provider?  Which
> version of oauth is most widely deployed by relying parties these days?
>
>
>
> I want to add OAUTH support to the IETF datatracker.
>
>
>
> Thanks for any pointers.  Replies to me will be summarized for the list.
>
>
>
>                 /r$
>
>
>
>
>
> _______________________________________________
>
> OAuth mailing list
>
> OAuth@ietf.org
>
> https://www.ietf.org/mailman/listinfo/oauth <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_oauth&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=mYG4MvYj3IpSidDiigZr4NtmXiZ4uzpxrFAGd2WtoFM&e=>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_oauth&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=mYG4MvYj3IpSidDiigZr4NtmXiZ4uzpxrFAGd2WtoFM&e=>
>
>
>
>
> --
>
> hans.zandbelt@zmartzone.eu
>
> ZmartZone IAM - www.zmartzone.eu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.zmartzone.eu&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=rdGZncYUqvlwcXI7_GGrc5Niii46pDWHdpVklsb0Ijg&e=>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_oauth&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=Un8tdGinIVpAqStU4GTgZWwQjRL7tMLUWFLfG5Hciv8&s=rL3JkU3byB6rcZdglzIdfzLMChWwgTRubGUYwiDl_k8&e=>
>
>