Re: [OAUTH-WG] Security Considerations Suggestion
Mark Mcgloin <mark.mcgloin@ie.ibm.com> Thu, 11 November 2010 13:51 UTC
Return-Path: <mark.mcgloin@ie.ibm.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 76F2B3A689B; Thu, 11 Nov 2010 05:51:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ylaE3NJOlWVs; Thu, 11 Nov 2010 05:51:08 -0800 (PST)
Received: from mtagate6.uk.ibm.com (mtagate6.uk.ibm.com [194.196.100.166]) by core3.amsl.com (Postfix) with ESMTP id 21C783A68EE; Thu, 11 Nov 2010 05:51:07 -0800 (PST)
Received: from d06nrmr1806.portsmouth.uk.ibm.com (d06nrmr1806.portsmouth.uk.ibm.com [9.149.39.193]) by mtagate6.uk.ibm.com (8.13.1/8.13.1) with ESMTP id oABDpaq3016025; Thu, 11 Nov 2010 13:51:36 GMT
Received: from d06av04.portsmouth.uk.ibm.com (d06av04.portsmouth.uk.ibm.com [9.149.37.216]) by d06nrmr1806.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id oABDpV7a2531444; Thu, 11 Nov 2010 13:51:38 GMT
Received: from d06av04.portsmouth.uk.ibm.com (loopback [127.0.0.1]) by d06av04.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id oABDpTG7023749; Thu, 11 Nov 2010 06:51:29 -0700
Received: from d06ml093.portsmouth.uk.ibm.com (d06ml093.portsmouth.uk.ibm.com [9.149.104.171]) by d06av04.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id oABDpTRu023744; Thu, 11 Nov 2010 06:51:29 -0700
In-Reply-To: <52875D50-2EB8-4D87-BD1A-5CA9D1320023@gmx.net>
References: <52875D50-2EB8-4D87-BD1A-5CA9D1320023@gmx.net>
X-KeepSent: E24A327E:BFDE1048-802577D8:004B5034; type=4; name=$KeepSent
To: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>
X-Mailer: Lotus Notes Release 8.5.1 September 28, 2009
Message-ID: <OFE24A327E.BFDE1048-ON802577D8.004B5034-802577D8.004C1F6E@ie.ibm.com>
From: Mark Mcgloin <mark.mcgloin@ie.ibm.com>
Date: Thu, 11 Nov 2010 13:50:54 +0000
X-MIMETrack: Serialize by Router on D06ML093/06/M/IBM(Release 8.0.2FP6|July 15, 2010) at 11/11/2010 13:50:56
MIME-Version: 1.0
Content-type: text/plain; charset="US-ASCII"
Cc: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, oauth@ietf.org, oauth-bounces@ietf.org
Subject: Re: [OAUTH-WG] Security Considerations Suggestion
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2010 13:51:09 -0000
Hannes Can you provide some context for this? How was that doc produced and what was the input - I don't understand some of the format and it seems to duplicate content from the core oauth spec. Also, is the intention to have a separate security considerations doc just like saml? http://docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf Torsten and I have have spent a good bit of time trawling through all the security considerations, taking input from other docs like wrap and feedback from this forum to create the content for our doc -the first version was very rough as we just wanted to add something before China. Based on feedback from people like Richard Barnes and Anthony Nadalin, we intend to rework it but I just wanted to make sure I am not duplicating effort Regards Mark McGloin oauth-bounces@ietf.org wrote on 11/11/2010 11:18:52: > Hannes Tschofenig <Hannes.Tschofenig@gmx.net> > Sent by: oauth-bounces@ietf.org > > 11/11/2010 11:18 > > To > > oauth@ietf.org > > cc > > Hannes Tschofenig <Hannes.Tschofenig@gmx.net> > > Subject > > [OAUTH-WG] Security Considerations Suggestion > > [attachment "OAuth_v2_security_proposal.docx" deleted by Mark > Mcgloin/Ireland/IBM] > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Security Considerations Suggestion Hannes Tschofenig
- Re: [OAUTH-WG] Security Considerations Suggestion Mark Mcgloin