IETF Logo Mail Archive

Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth Token Introspection" as an OAuth Working Group Item

Justin Richer <jricher@MIT.EDU> Wed, 30 July 2014 00:52 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA27D1B29FF for <oauth@ietfa.amsl.com>; Tue, 29 Jul 2014 17:52:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ru2lyK9x-9vD for <oauth@ietfa.amsl.com>; Tue, 29 Jul 2014 17:52:47 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4149A1A0A9A for <oauth@ietf.org>; Tue, 29 Jul 2014 17:52:47 -0700 (PDT)
X-AuditID: 1209190e-f79946d000007db1-8b-53d841de72ab
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 2E.FD.32177.ED148D35; Tue, 29 Jul 2014 20:52:46 -0400 (EDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id s6U0qiTB002050; Tue, 29 Jul 2014 20:52:44 -0400
Received: from [192.168.128.57] (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s6U0qgx4018914 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Tue, 29 Jul 2014 20:52:43 -0400
Message-ID: <53D841D3.6020505@mit.edu>
Date: Tue, 29 Jul 2014 20:52:35 -0400
From: Justin Richer <jricher@MIT.EDU>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Mike Jones <Michael.Jones@microsoft.com>, George Fletcher <gffletch@aol.com>, Phil Hunt <phil.hunt@oracle.com>, Thomas Broyer <t.broyer@gmail.com>
References: <53D6895F.4050104@gmx.net> <CAEayHEM+pqDqv1qx=Z-qhNuYM-s2cV0z=sQb_FAJaGwcLpq_rQ@mail.gmail.com> <20A36D56-D581-4EDE-9DEA-D3F9C48AD20B@oracle.com> <53D81F2C.2060700@aol.com> <4E1F6AAD24975D4BA5B16804296739439ADF77B2@TK5EX14MBXC293.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439ADF77B2@TK5EX14MBXC293.redmond.corp.microsoft.com>
Content-Type: multipart/alternative; boundary="------------090808090106020405020403"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrKKsWRmVeSWpSXmKPExsUixG6nrnvP8UawwbtX7BZ3ulawW+yd9onF 4uTbV2wWC+Y3slsc/3eR2YHV4/7uleweO2fdZfdYsuQnk0frjr/sHh+f3mIJYI3isklJzcks Sy3St0vgyui7aFawZxJjRUv7D9YGxluZXYycHBICJhKbG9ezQ9hiEhfurWfrYuTiEBKYzSRx +8EJVghnI6PE0s65zBDObSaJHRvPsYC08AqoSUy+vZYJxGYRUJV42bMTzGYDsuevvAVmiwpE Sdy51M8KUS8ocXLmExaQQSICKxgl7vRMAxvEDNSwfvVFoAYODmGBconzV7gglvUyScw4/xJs EKdAosT6pxA1zAJhEouXuU1gFJiFZOwshAyEaS3xbXfRLLD58hLb385hhrC1JVb1nmVCFl/A yLaKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI11gvN7NELzWldBMjKFY4Jfl2MH49qHSIUYCDUYmH d8b/68FCrIllxZW5hxglOZiURHln6N8IFuJLyk+pzEgszogvKs1JLT7EKMHBrCTC+1UOKMeb klhZlVqUD5OS5mBREud9a20VLCSQnliSmp2aWpBaBJOV4eBQkuBVdQBqFCxKTU+tSMvMKUFI M3FwggznARquBFLDW1yQmFucmQ6RP8VoyTHn7rE2Jo4FYPLezFNtTEIsefl5qVLivO0gDQIg DRmleXAzYanvFaM40IvCvLogVTzAtAk39RXQQiaghc9vXQdZWJKIkJJqYFwtyZ8itfLgOfOP LXsiKo0e2zXNqY9k6xLQS529fJPoL9P+i6GBDaW8e8/9FH3xa9PXPi1J60v7VW1/HXTlX3Di wPIb4kp3tRnj+T4bffrPIHd8Gvc6iX1XZ3+WqvUSC5o7g+3v+gkByz/9ebw6Y+4TvQMp/Vtk LuZxcl+OWLB8z6k3B3+kCtUosRRnJBpqMRcVJwIAY01lkFgDAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/JjqhM6VOrBAqF2z3okUVMSiWyWE
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth Token Introspection" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jul 2014 00:52:51 -0000

Reading through this thread, it appears very clear to me that the use 
cases are very well established by a number of existing implementers who 
want to work together to build a common standard. I see no reason to 
delay the work artificially by creating a use case document when such a 
vast array of understanding and interest already exists. Any use cases 
and explanations of applications are welcome to be added to the working 
group draft as it progresses.

  -- Justin


On 7/29/2014 8:16 PM, Mike Jones wrote:
>
> Did you consider standardizing the access token format within that 
> deployment so all the parties that needed to could understand it, 
> rather requiring an extra round trip to an introspection endpoint so 
> as to be able to understand things about it?
>
> I realize that might or might not be practical in some cases, but I 
> haven't heard that alternative discussed, so I thought I'd bring it up.
>
> I also second Phil's comment that it would be good to understand the 
> use cases that this is intended to solve before embarking on a 
> particular solution path.
>
> -- Mike
>
> *From:*OAuth [mailto:oauth-bounces@ietf.org] *On Behalf Of *George 
> Fletcher
> *Sent:* Tuesday, July 29, 2014 3:25 PM
> *To:* Phil Hunt; Thomas Broyer
> *Cc:* oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 
> Token Introspection" as an OAuth Working Group Item
>
> We also have a use case where the AS is provided by a partner and the 
> RS is provided by AOL. Being able to have a standardized way of 
> validating and getting data about the token from the AS would make our 
> implementation much simpler as we can use the same mechanism for all 
> Authorization Servers and not have to implement one off solutions for 
> each AS.
>
> Thanks,
> George
>
> On 7/28/14, 8:11 PM, Phil Hunt wrote:
>
>     Could we have some discussion on the interop cases?
>
>     Is it driven by scenarios where AS and resource are separate
>     domains? Or may this be only of interest to specific protocols
>     like UMA?
>
>     From a technique principle, the draft is important and sound. I am
>     just not there yet on the reasons for an interoperable standard.
>
>     Phil
>
>
>     On Jul 28, 2014, at 17:00, Thomas Broyer <t.broyer@gmail.com
>     <mailto:t.broyer@gmail.com>> wrote:
>
>         Yes. This spec is of special interest to the platform we're
>         building for http://www.oasis-eu.org/
>
>         On Mon, Jul 28, 2014 at 7:33 PM, Hannes Tschofenig
>         <hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>>
>         wrote:
>
>         Hi all,
>
>         during the IETF #90 OAuth WG meeting, there was strong
>         consensus in
>         adopting the "OAuth Token Introspection"
>         (draft-richer-oauth-introspection-06.txt) specification as an
>         OAuth WG
>         work item.
>
>         We would now like to verify the outcome of this call for
>         adoption on the
>         OAuth WG mailing list. Here is the link to the document:
>         http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/
>
>         If you did not hum at the IETF 90 OAuth WG meeting, and have
>         an opinion
>         as to the suitability of adopting this document as a WG work item,
>         please send mail to the OAuth WG list indicating your opinion
>         (Yes/No).
>
>         The confirmation call for adoption will last until August 10,
>         2014.  If
>         you have issues/edits/comments on the document, please send these
>         comments along to the list in your response to this Call for
>         Adoption.
>
>         Ciao
>         Hannes & Derek
>
>
>         _______________________________________________
>         OAuth mailing list
>         OAuth@ietf.org <mailto:OAuth@ietf.org>
>         https://www.ietf.org/mailman/listinfo/oauth
>
>
>
>         -- 
>         Thomas Broyer
>         /t?.ma.b?wa.je/ <http://xn--nna.ma.xn--bwa-xxb.je/>
>
>         _______________________________________________
>         OAuth mailing list
>         OAuth@ietf.org <mailto:OAuth@ietf.org>
>         https://www.ietf.org/mailman/listinfo/oauth
>
>
>
>
>     _______________________________________________
>
>     OAuth mailing list
>
>     OAuth@ietf.org  <mailto:OAuth@ietf.org>
>
>     https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email