Re: [OAUTH-WG] Call for agenda items

Dick Hardt <dick.hardt@gmail.com> Wed, 18 April 2018 14:29 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CD7E126B72 for <oauth@ietfa.amsl.com>; Wed, 18 Apr 2018 07:29:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mzXhUfs7zL28 for <oauth@ietfa.amsl.com>; Wed, 18 Apr 2018 07:29:21 -0700 (PDT)
Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com [IPv6:2607:f8b0:400e:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B0BC124F57 for <oauth@ietf.org>; Wed, 18 Apr 2018 07:29:21 -0700 (PDT)
Received: by mail-pg0-x22b.google.com with SMTP id j11so954017pgf.2 for <oauth@ietf.org>; Wed, 18 Apr 2018 07:29:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tqKNf7TXGHNXIr2Bo0srMZ849pxFubgnxYGN4srctxA=; b=XoGhCvxD/L+LWTIJ8KMfNgUjdC/6nRPZNiEsJhYCV+BIt8A5wEj+9DGHoocqcPBcKe v+RBeWqjItj9FmMBCXQJywMqFL19coO3D+eN26Fqo0Tj7AxyOtmODl7yvfuksYQaueQ8 KWKP1jG8CaP1tXV3wEISGAFNznR9/ZUG57Su16ZG2fJCadPLGU72uQfP70JXd2RfRLW+ uoYL42qJvoWy8ohNGyUXOA+wm6oviBzNusnwUH8hP70SjdjAreH/o7rlT2n44jYFr3US LqbXfHfoYm8hdl/LEa08pLAQcLDLegs8wGe8yp++htT0CwrT0iKYzg+zothQQlLkTXjz SZ3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tqKNf7TXGHNXIr2Bo0srMZ849pxFubgnxYGN4srctxA=; b=DiUgkPp2TSwNOjofKsNlmqZoRSrhhMrXvDC4fdmHxD3rqEfa6NG8uvP04iSAkPNAS0 UY0I+CmCzHIOspfeFC6l8+Zo4zLsly0muVbSjU24ft05oau1vozJoQpMqjsdruUd5x8F o6dBgozADdeEMUdz/xJfF73MjPo+NgAUd+2VgAS+vXq37sLEtLsy7opbJN+f0xbhC4G7 G/mGUBKL5JXlQiFdOGbn79/f+uT+bhvbVVC6ANyp0uRYHU4waQ/XA7Oo+GsLnVm4LP74 mTWxf7tjWEMVXOH4wr/AeBu0vsfCVn+9X0HXMaB5KB3QcY+c4G2X5fKbDZHbaUHwqy1W aSYQ==
X-Gm-Message-State: ALQs6tC513MquzLjWGCJ58i4b/KBN8DikYtpxCR/Jo3wpn2Hwjdo0A9j IkdrAj3rQGHNa6vmWBQ7foHo00ZGowa61B+iWzc=
X-Google-Smtp-Source: AIpwx49lF29yEhcid4pXTR6L1dQ+oid0gW9oHJW3NTjOW3KHa7opvLYQzbJMphxTEoIFlck4AHsZnvyUb99bKnkLVY0=
X-Received: by 10.99.109.200 with SMTP id i191mr1865195pgc.291.1524061760512; Wed, 18 Apr 2018 07:29:20 -0700 (PDT)
MIME-Version: 1.0
References: <AM4PR0801MB270614990E501071CDB3A2F9FAE40@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAAP42hAy8iFHDa9hQxNMxytiWjf=MyrCDRzZ4MjvRq8xi0+Baw@mail.gmail.com> <CABzCy2DzJUL86MVTA9xL4Cpv4=ooZyZJ3N1QNS0QKvgr8DJHgA@mail.gmail.com> <CAGL6epLa0J0-JH8-cZX_WZ5Ztficz0_n+C9dOP80Gkbp_jvPFQ@mail.gmail.com> <CA+k3eCSVdUWu2Cz1N6tF_V1wVJS_+v8UudvWyosc9W6DLt9HkA@mail.gmail.com> <TY1PR01MB1054A105034F55F6B810D7C3F9D80@TY1PR01MB1054.jpnprd01.prod.outlook.com> <CAGL6epKe5rWdqCio9-feoMoNa11_H7s7HfHAM8GZ2r3gUhv02A@mail.gmail.com> <TY1PR01MB1054C1D6EBB6B6180E31F610F9DF0@TY1PR01MB1054.jpnprd01.prod.outlook.com> <CAD9ie-t+SH2Pc6iUCqJyzJeyMp2gjk1fm4kRRh2sOVjtUSsFBA@mail.gmail.com> <TY2PR01MB2297C4899D098F0B9341D84BF9B60@TY2PR01MB2297.jpnprd01.prod.outlook.com> <VI1PR0801MB2112BC38B8A4ADF9A8ABFC89FAB60@VI1PR0801MB2112.eurprd08.prod.outlook.com> <CAD9ie-tfxcFLY16bKwyiGVN0_GJgNe6Qq-eVi5_Un9+3w31a4g@mail.gmail.com> <VI1PR0801MB2112819E94AB2E3302B4F75DFAB60@VI1PR0801MB2112.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR0801MB2112819E94AB2E3302B4F75DFAB60@VI1PR0801MB2112.eurprd08.prod.outlook.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Wed, 18 Apr 2018 14:29:08 +0000
Message-ID: <CAD9ie-u9-cPazQfF95X+_=mRKz-OxvZ60p-41KeiC3K88cojTA@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: n-sakimura <n-sakimura@nri.co.jp>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="f403045c0500da047a056a2047ba"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/GM3NlxDwYdp7oH7ASFEcB22xNvs>
Subject: Re: [OAUTH-WG] Call for agenda items
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2018 14:29:24 -0000

The last interm meeting was not very productive. The value I got was that
it would be useful to see if Nat, Brian and I could coalesce.

On Wed, Apr 18, 2018 at 7:21 AM Hannes Tschofenig <Hannes.Tschofenig@arm.com>
wrote:

> Hi Dick,
>
>
>
> The value of a conference call as part of the OAuth working group is that
> you involve other interested parties to the discussion, and that you do not
> have to repeat your private conversations later again on the mailing list.
>
> That’s pretty convincing to me ;-)
>
>
>
> Ciao
>
> Hannes
>
>
>
>
>
> *From:* Dick Hardt [mailto:dick.hardt@gmail.com]
> *Sent:* 18 April 2018 16:15
> *To:* Hannes Tschofenig
> *Cc:* n-sakimura; oauth
>
>
> *Subject:* Re: [OAUTH-WG] Call for agenda items
>
>
>
> F2F side/author meeting at Montreal
>
> Ad hock author meeting call prior
>
>
>
> Unclear to me the value of a WG intern meeting
>
>
>
> On Wed, Apr 18, 2018 at 3:59 AM Hannes Tschofenig <
> Hannes.Tschofenig@arm.com> wrote:
>
> Hey guys,
>
>
>
> I am trying to find out what you are planning here.
>
>
>
> Are you talking about scheduling a side meeting at the next IETF meeting
> or a f2f meeting somewhere else?
>
>
>
> Rifaat and I had promised to schedule a conference call (virtual interim
> meeting) about distributed OAuth and we are targeting May. While holding a
> f2f interim meeting for OAuth is possible we have not discussed this so
> far.
>
>
>
> Ciao
> Hannes
>
>
>
> *From:* OAuth [mailto:oauth-bounces@ietf.org] *On Behalf Of *n-sakimura
> *Sent:* 18 April 2018 07:34
> *To:* Dick Hardt; n-sakimura
> *Cc:* oauth
>
>
> *Subject:* Re: [OAUTH-WG] Call for agenda items
>
>
>
> I support the idea. Adding to it, perhaps we can do an ad-hoc before
> Montreal so that we can come up with a combined draft.
>
>
>
> Nat Sakimura
>
> --
>
> PLEASE READ: This e-mail is confidential and intended for the named
> recipient only. If you are not an intended recipient, please notify the
> sender and delete this e-mail.
>
>
>
>
>
>
>
>
> ------------------------------
>
> *差出人**:* Dick Hardt <dick.hardt@gmail.com>
> *送信日時**:* 2018年4月18日 0:40:20
> *宛先**:* n-sakimura
> *CC:* Rifaat Shekh-Yusef; oauth
> *件名**:* Re: [OAUTH-WG] Call for agenda items
>
>
>
> ******************************************************************
> 本メールはフリーメールから届いています。標的型攻撃メールはフリーメ
> ールから届くことがありますのでご注意ください。身に覚えのないメール
> であれば添付ファイルやURLを開かず、以下に掲載されている手順に従っ
> て対応をお願いします。
>
> 共有情報>情報セキュリティトピックス>怪しいメールが届いたら
> または、
> NRI Group Security Portal>情報セキュリティトピックス
> >怪しいメールが届いたら
> ******************************************************************
>
> I'd like to coordinate a side meeting with Nat, Brian, myself and other
> interested parties in Montreal to discuss Distributed OAuth.
>
>
>
> If we have two meetings, I'd like a timeslot in the second to summarize
> the side meeting and discuss next steps (if any).
>
>
>
> Separately, I'd like a time slot for an update on Reciprocal OAuth.
>
>
>
> On Wed, Mar 7, 2018 at 5:52 PM, n-sakimura <n-sakimura@nri.co.jp> wrote:
>
> No, not really. I was thinking of more informal thing. The session is
> supposed to be Wednesday afternoon, so I was thinking that it might be a
> good idea to do a bit of recap among contributors to draw up a battle plan
> towards IETF 102.
>
>
>
> Nat
>
>
>
> *From:* Rifaat Shekh-Yusef [mailto:rifaat.ietf@gmail.com]
> *Sent:* Wednesday, March 07, 2018 9:22 PM
> *To:* n-sakimura <n-sakimura@nri.co.jp>
> *Cc:* Brian Campbell <bcampbell@pingidentity.com>; oauth <oauth@ietf.org>
>
>
> *Subject:* Re: [OAUTH-WG] Call for agenda items
>
>
>
> Nat,
>
>
>
> Are you asking for an interim meeting?
>
> We could schedule the Distributed OAuth discussion for the Wednesday
> meeting; that will give you guys sometime to discuss these face-to-face in
> London.
>
>
>
> Regards,
>
>  Rifaat
>
>
>
>
>
>
>
> On Wed, Mar 7, 2018 at 2:00 AM, n-sakimura <n-sakimura@nri.co.jp> wrote:
>
> Then let us do it. We need to put all the proposals on the table and
> strategize the design.
>
> Perhaps we need a side meeting as well.
>
>
>
> nat
>
>
>
> *From:* OAuth [mailto:oauth-bounces@ietf.org] *On Behalf Of *Brian
> Campbell
> *Sent:* Wednesday, March 07, 2018 1:31 AM
> *To:* Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
> *Cc:* oauth <oauth@ietf.org>
> *Subject:* Re: [OAUTH-WG] Call for agenda items
>
>
>
> I hadn't previously been planning on it but am happy to do so.
>
>
>
> On Tue, Mar 6, 2018 at 8:22 AM, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
> wrote:
>
> Nat,
>
>
>
> During the interim meeting, 3 drafts mentioned in the context of *Distributed
> OAuth*:
>
>
>
> https://tools.ietf.org/html/draft-sakimura-oauth-meta-08
> <https://tools.ietf..org/html/draft-sakimura-oauth-meta-08>
>
> https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02
> <https://tools.ietf..org/html/draft-campbell-oauth-resource-indicators-02>
>
> https://tools.ietf.org/html/draft-tschofenig-oauth-audience-00
> <https://tools.ietf..org/html/draft-tschofenig-oauth-audience-00>
>
>
>
>
>
> *Brian, Hannes,*
>
>
>
> Are you planning on presenting your documents?
>
>
>
> Regards,
>
>  Rifaat
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Mon, Mar 5, 2018 at 8:09 PM, Nat Sakimura <sakimura@gmail.com> wrote:
>
> I would be interested in hearing that.
>
>
>
> Also, as part of "Distributed OAuth", can we do a bit of re-cap on some of
> the previous drafts on the similar topic as we discussed in the interim?
> i.e., Brian's draft (where is the link now?) and my draft (
> draft-sakimura-oauth-meta
> <https://tools.ietf.org/id/draft-sakimura-oauth-meta-08.txt>)?
>
>
>
> Best,
>
>
>
> Nat
>
>
>
> On Tue, Mar 6, 2018 at 3:30 AM William Denniss <wdenniss@google.com>
> wrote:
>
> Hannes & Rifaat,
>
>
> I would like the opportunity to present on OAuth 2.0 Incremental
> Authorization (draft-wdenniss-oauth-incremental-auth) [an update for which
> will be posted today] and "OAuth 2.0 Device Posture Signals"
> (draft-wdenniss-oauth-device-posture).
>
>
>
> I can also give an update on the status of Device Flow
> (draft-ietf-oauth-device-flow). I expect that to be short now that WGLC has
> concluded and the document has advanced.
>
>
>
> Little late to this thread and I see we already have 2 sessions in the
> draft agenda, but I'd like to add my support to keeping both sessions,
> there's always a lot to discuss and in the past we've been able to use any
> spare time to discuss the security topics of the day.
>
>
>
> Regards,
>
> William
>
>
>
>
>
>
>
> On Tue, Jan 30, 2018 at 4:40 AM Hannes Tschofenig <
> Hannes.Tschofenig@arm.com> wrote:
>
> Hi all,
>
>
>
> It is time already to think about the agenda for the next IETF meeting.
> Rifaat and I were wondering whether we need one or two sessions. We would
> like to make the decision based on the topics we will discuss. Below you
> can find a first version of the agenda with a few remarks. Let us know if
> you have comments or suggestions for additional agenda items.
>
>
>
> Ciao
> Hannes & Rifaat
>
>
>
> OAuth Agenda
>
> ------------
>
>
>
> - Welcome and Status Update  (Chairs)
>
>
>
>   * OAuth Security Workshop Report
>
>
>
>   * Documents in IESG processing
>
>      # draft-ietf-oauth-device-flow-07
>
>      # draft-ietf-oauth-discovery-08
>
>      # draft-ietf-oauth-jwsreq-15
>
>      # draft-ietf-oauth-token-exchange-11
>
>
>
>        Remark: Status updates only if needed.
>
>
>
> -  JSON Web Token Best Current Practices
>
>    # draft-ietf-oauth-jwt-bcp-00
>
>
>
>    Remark: We are lacking reviews on this document.
>
>    Most likely we will not get them during the f2f meeting
>
>    but rather by reaching out to individuals ahead of time.
>
>
>
> -  OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access
> Tokens
>
>    # draft-ietf-oauth-mtls-06
>
>
>
>    Remark: Could be completed by the time of the IETF meeting.
>
>
>
> - OAuth Security Topics
>
>   # draft-ietf-oauth-security-topics-04
>
>
>
>   Remark: We could do a consensus call on parts of the document soon.
>
>
>
> - OAuth 2.0 Token Binding
>
>   # draft-ietf-oauth-token-binding-05
>
>
>
>   Remark: Document is moving along but we are lacking implementations.
>
>
>
> - OAuth 2.0 Device Posture Signals
>
>   # draft-wdenniss-oauth-device-posture-01
>
>
>
>   Remark: Interest in the work but we are lacking content (maybe even
>
>   expertise in the group)
>
>
>
> - Reciprocal OAuth
>
>   # draft-hardt-oauth-mutual-02
>
>
>
>   Remark: We had a virtual interim meeting on this topic and there is
>
>   interest in this work and apparently no competing solutions. The plan
>
>   is to run a call for adoption once we are allowed to add a new milestone
>
>   to our charter.
>
>
>
> - Distributed OAuth
>
>   # draft-hardt-oauth-distributed-00
>
>
>
>   Remark: We had a virtual interim meeting on this topic and there is
>
>   interest in this work. Further work on the scope is needed.
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
> --
>
> Nat Sakimura
>
> Chairman of the Board, OpenID Foundation
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*
>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
>