[OAUTH-WG] OAuth Milestone Update and Rechartering
Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 08 May 2014 21:04 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B12401A0151 for <oauth@ietfa.amsl.com>; Thu, 8 May 2014 14:04:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.551
X-Spam-Level:
X-Spam-Status: No, score=-2.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dvZ4zM9IgiIR for <oauth@ietfa.amsl.com>; Thu, 8 May 2014 14:04:20 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id 11D2D1A0158 for <oauth@ietf.org>; Thu, 8 May 2014 14:04:08 -0700 (PDT)
Received: from [192.168.10.137] ([64.71.18.60]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0MSdNs-1WJ6qk38p2-00RUtk for <oauth@ietf.org>; Thu, 08 May 2014 23:04:03 +0200
Message-ID: <536BF140.5070106@gmx.net>
Date: Thu, 08 May 2014 23:04:00 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
X-Enigmail-Version: 1.5.2
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="gOj8Fx7wwv3TIa2nE6AHCXAO9e8vqkR7h"
X-Provags-ID: V03:K0:OVYIGk2ykG+3G0xDMEmRYEG9hsWD3pnrOlb0tgALah7L9YH0MW8 px7C89rDazgQ+9kukCscyOsEJ2Qvz+le198sjnz7exe8+4qsEB8JrchM2tTjZkv9tMeNTWm vmvoSd7sYoMb+tJpVCoPjDZMZmBQtDbiQote1QTzbxZTsVqIDJXq1wk0zHmnqD7tmqx3Il8 pglxth9H2bNx4OpGOCzwg==
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Jb99XHlMMlqdL9n1gn5NxvR5Mxw
Subject: [OAUTH-WG] OAuth Milestone Update and Rechartering
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 May 2014 21:04:23 -0000
Hi all, you might have seen that we pushed the assertion documents and the JWT documents to the IESG today. We have also updated the milestones on the OAuth WG page. This means that we can plan to pick up new work in the group. We have sent a request to Kathleen to change the milestone for the OAuth security mechanisms to use the proof-of-possession terminology. We also expect an updated version of the dynamic client registration spec incorporating last call feedback within about 2 weeks. We would like you to think about adding the following milestones to the charter as part of the re-chartering effort: ----- Nov 2014 Submit 'Token introspection' to the IESG for consideration as a Proposed Standard Starting point: <draft-richer-oauth-introspection-04> Jan 2015 Submit 'OAuth Authentication' to the IESG for consideration as a Proposed Standard Starting point: <draft-hunt-oauth-v2-user-a4c-01> Jan 2015 Submit 'Token Exchange' to the IESG for consideration as a Proposed Standard Starting point: <draft-jones-oauth-token-exchange-00> ----- We also updated the charter text to reflect the current situation. Here is the proposed text: ----- Charter for Working Group The Web Authorization (OAuth) protocol allows a user to grant a third-party Web site or application access to the user's protected resources, without necessarily revealing their long-term credentials, or even their identity. For example, a photo-sharing site that supports OAuth could allow its users to use a third-party printing Web site to print their private pictures, without allowing the printing site to gain full control of the user's account and without having the user share his or her photo-sharing sites' long-term credential with the printing site. The OAuth 2.0 protocol suite encompasses * a protocol for obtaining access tokens from an authorization server with the resource owner's consent, * protocols for presenting these access tokens to resource server for access to a protected resource, * guidance for securely using OAuth 2.0, * the ability to revoke access tokens, * standardized format for security tokens encoded in a JSON format (JSON Web Token, JWT), * ways of using assertions with OAuth, and * a dynamic client registration protocol. The working group also developed security schemes for presenting authorization tokens to access a protected resource. This led to the publication of the bearer token, as well as work that remains to be completed on proof-of-possession and token exchange. The ongoing standardization effort within the OAuth working group will focus on enhancing interoperability and functionality of OAuth deployments, such as a standard for a token introspection service and standards for additional security of OAuth requests. ----- Feedback appreciated. Ciao Hannes & Derek
- [OAUTH-WG] OAuth Milestone Update and Rechartering Hannes Tschofenig
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Brian Campbell
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Chuck Mortimore
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Phil Hunt
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Justin Richer
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Anthony Nadalin
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Bill Mills
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Chuck Mortimore
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Phil Hunt
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… George Fletcher
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Chuck Mortimore
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Phil Hunt
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Anil Saldhana
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Chuck Mortimore
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Paul Madsen
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… John Bradley
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Anthony Nadalin
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Anthony Nadalin
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… John Bradley
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Brian Campbell
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Chuck Mortimore
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Prateek Mishra
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Chuck Mortimore
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Phil Hunt
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Justin Richer
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Phil Hunt
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Justin Richer
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Phil Hunt
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Phil Hunt
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Justin Richer
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Phil Hunt
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Anthony Nadalin
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… John Bradley
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Phil Hunt
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Anthony Nadalin
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Anthony Nadalin
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… John Bradley
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… John Bradley
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Anthony Nadalin
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… John Bradley
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Phil Hunt
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Brian Campbell
- Re: [OAUTH-WG] OAuth Milestone Update and Rechart… Brian Campbell