Re: [OAUTH-WG] Draft -12 feedback deadline
Phil Hunt <phil.hunt@oracle.com> Wed, 16 February 2011 17:00 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D28AD3A6CD0 for <oauth@core3.amsl.com>; Wed, 16 Feb 2011 09:00:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.482
X-Spam-Level:
X-Spam-Status: No, score=-6.482 tagged_above=-999 required=5 tests=[AWL=0.117, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cnY0ZDtvLlB8 for <oauth@core3.amsl.com>; Wed, 16 Feb 2011 09:00:17 -0800 (PST)
Received: from rcsinet10.oracle.com (rcsinet10.oracle.com [148.87.113.121]) by core3.amsl.com (Postfix) with ESMTP id 2B4B33A6EA5 for <oauth@ietf.org>; Wed, 16 Feb 2011 09:00:17 -0800 (PST)
Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by rcsinet10.oracle.com (Switch-3.4.2/Switch-3.4.2) with ESMTP id p1GH0eri026584 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Wed, 16 Feb 2011 17:00:42 GMT
Received: from acsmt355.oracle.com (acsmt355.oracle.com [141.146.40.155]) by acsinet15.oracle.com (Switch-3.4.2/Switch-3.4.1) with ESMTP id p1GEnU2L023467; Wed, 16 Feb 2011 17:00:38 GMT
Received: from abhmt001.oracle.com by acsmt355.oracle.com with ESMTP id 1060469091297875636; Wed, 16 Feb 2011 09:00:36 -0800
Received: from [192.168.1.8] (/24.85.235.164) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 16 Feb 2011 09:00:35 -0800
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Phil Hunt <phil.hunt@oracle.com>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723445A91D3ED3@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Wed, 16 Feb 2011 09:00:32 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <316BD51B-625D-49B2-9DB8-3368C8A01E29@oracle.com>
References: <90C41DD21FB7C64BB94121FBBC2E723445A8D6254D@P3PW5EX1MB01.EX1.SECURESERVER.NET> <AANLkTinMjQW26mLkoN7oMdLWLGAHp0_O9LbVi13RpMJB@mail.gmail.com> <90C41DD21FB7C64BB94121FBBC2E723445A91D3ED3@P3PW5EX1MB01.EX1.SECURESERVER.NET>
To: Eran Hammer-Lahav <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1082)
X-Source-IP: acsmt355.oracle.com [141.146.40.155]
X-Auth-Type: Internal IP
X-CT-RefId: str=0001.0A090205.4D5C02B7.0201:SCFMA4539814,ss=1,fgs=0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Draft -12 feedback deadline
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Feb 2011 17:00:20 -0000
Re: 4.3. This could be something to put in security considerations. Since there will be reasonable cases where for example a password hash is retained. And as indicated by Eran, this is a best practice rather then an inter-op issue. Phil phil.hunt@oracle.com On 2011-02-16, at 8:34 AM, Eran Hammer-Lahav wrote: > > >> -----Original Message----- >> From: Marius Scurtescu [mailto:mscurtescu@google.com] >> Sent: Wednesday, January 26, 2011 12:09 PM > >> - 4.3. Resource Owner Password Credentials. The 3rd paragraph states that >> the client MUST discard the credentials once it obtains an access token. I >> think it SHOULD discard once it obtains a *refresh* token. > > Since this MUST cannot be confirmed, it serves as a community educational tool more than anything else. I rather leave it without conditions. > >> - 4.5. Extensions. For new grant types, we are not using a registry. Is that OK? > > No need. The registry is only to prevent name collisions and since we are using URIs, they already have built-in namespaces. > >> - 5.2. Error Response. The fist part of the first paragraph talks about 401 and >> client credentials in the Authorization header. Since this was dropped from >> core, this looks strange. > > This is specific to client authentication, not grant verification or protected resources. I'll clarify. > > EHL > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Skylar Woodward
- Re: [OAUTH-WG] Draft -12 feedback deadline Richer, Justin P.
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Phil Hunt
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline William Mills
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Brian Campbell
- Re: [OAUTH-WG] Draft -12 feedback deadline Justin Richer
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Mark Mcgloin
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Torsten Lodderstedt
- Re: [OAUTH-WG] Draft -12 feedback deadline Igor Faynberg
- Re: [OAUTH-WG] Draft -12 feedback deadline Marius Scurtescu
- Re: [OAUTH-WG] Draft -12 feedback deadline Phil Hunt
- Re: [OAUTH-WG] Draft -12 feedback deadline Igor Faynberg
- Re: [OAUTH-WG] Draft -12 feedback deadline Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -12 feedback deadline Skylar Woodward
- Re: [OAUTH-WG] Draft -12 feedback deadline Torsten Lodderstedt