IETF Logo Mail Archive

Re: [OAUTH-WG] Dynamic Client Registration Conference Call: Thu 22 Aug, 2pm PDT

Phil Hunt <phil.hunt@oracle.com> Mon, 19 August 2013 00:16 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4E3E11E81D9 for <oauth@ietfa.amsl.com>; Sun, 18 Aug 2013 17:16:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.385
X-Spam-Level:
X-Spam-Status: No, score=-5.385 tagged_above=-999 required=5 tests=[AWL=-0.182, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 927qrAIL+weY for <oauth@ietfa.amsl.com>; Sun, 18 Aug 2013 17:16:06 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id BF0D611E81A3 for <oauth@ietf.org>; Sun, 18 Aug 2013 17:16:06 -0700 (PDT)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id r7J0G1Pl013568 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 19 Aug 2013 00:16:02 GMT
Received: from userz7021.oracle.com (userz7021.oracle.com [156.151.31.85]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r7J0G0kM017216 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 19 Aug 2013 00:16:01 GMT
Received: from abhmt102.oracle.com (abhmt102.oracle.com [141.146.116.54]) by userz7021.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r7J0G0sQ005803; Mon, 19 Aug 2013 00:16:00 GMT
Received: from [192.168.1.125] (/174.7.250.104) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Sun, 18 Aug 2013 17:16:00 -0700
References: <DD8AFCA4-6F49-40F1-A65E-C1DDE45A9B32@gmx.net>
In-Reply-To: <DD8AFCA4-6F49-40F1-A65E-C1DDE45A9B32@gmx.net>
Mime-Version: 1.0 (1.0)
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"
Message-Id: <76E10B6F-F28D-456D-84EA-65FF25AEB744@oracle.com>
X-Mailer: iPhone Mail (10B329)
From: Phil Hunt <phil.hunt@oracle.com>
Date: Sun, 18 Aug 2013 17:15:58 -0700
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
Cc: oauth mailing list <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Dynamic Client Registration Conference Call: Thu 22 Aug, 2pm PDT
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2013 00:16:11 -0000

I think we should start by reviewing use cases taxonomy. 

Then a discussion on any client_id assumptions and actual requirements for each client case. Why is registration needed for each case?

The statement can solve some complication but should be put in context of use cases. 

Phil

On 2013-08-18, at 15:01, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> - -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> Based on your feedback via the poll let us start with August 22nd with the first conference call. I will distribute the conference call details on Tuesday. 
> 
> Let us talk about the agenda. There were several items brought up in discussions, namely 
> 
> * Software assertions / software statements
> 
> We briefly discussed this topic at the IETF OAuth session but we may need more time to understand the implications for the current dynamic client registration document: 
> http://www.ietf.org/proceedings/87/slides/slides-87-oauth-2.pptx
> 
> * SCIM vs. current dynamic client registration approach for interacting with the client configuration endpoint
> 
> In the past we said that it would be fine to have a profile defined in SCIM to provide the dynamic client registration for those who implement SCIM and want to manage clients also using SCIM. It might, however, be useful to compare the two approaches in detail to see what the differences are. 
> 
> * Interactions with the client registration endpoint 
> 
> Justin added some "life cycle" description to the document to motivate some of the design decisions. Maybe we need to discuss those in more detail and add further text. 
> Additional text could come from the NIST Blue Button / Green Button usage. 
> 
> * Aspects that allow servers to store less / no state
> 
> - - From the discussions on the list it was not clear whether this is actually accomplishable with the current version of OAuth. We could explore this new requirement and try to get a better understanding how much this relates to dynamic client registration and to what extend it requires changes to the core spec. 
> 
> 
> What would you like to start with? Other topics you would like to bring up? 
> - -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> 
> iQEcBAEBCgAGBQJSEULvAAoJEGhJURNOOiAtttEH/Aogg8Q/R/L9/mzU05IQbnze
> AdXB1ZvySkV3jZT4I5shmP7hQr6mc6P6UdvyOrSjrvPlBHen55/oa5z7Cwchd1dk
> dcDUEavbodjnm9SrOs0nKaTvdeZimFSBkGMrfhoTYLXpymP24F9PZgwUXdOcFocF
> OiCs3qDajYaA395DCg5+4mOLQQgDnmy4drlgj2NPv1nMBRDBubzgAhJccwF2BLN9
> IW7MAwTEu7vYT/gwIFzriPkui7gYpf8sAqsnzf/z7FtXbsP8imgOKUlQxzZzeSSP
> QEb6+syyMD9Gt6wxQfWzyl5T0bYLP6DQ+ldZR8yGKCwb+2k3LN6Q8bIpj4mIERI=
> =tkGT
> - -----END PGP SIGNATURE-----
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> 
> iQEcBAEBCgAGBQJSEUQfAAoJEGhJURNOOiAt8wkIAI3xgdsWuOB36KLiMLRUG+Zb
> RvYqV+rOH80m7YVJcdOLjQJcpPqOIBdzq/yuNiAaF1uFJCqBn97ZQ/NLXLNGcg8x
> wI/Laz7kP2U4B2trBTMtAf2wsY9uYw4Eh+eOEDKGF6cmkEzrzrlw4q/Sfu6vy181
> VI+kqwzZ+iYX4iL3NYPlkg3rwF4OZ1v3T08Erg2SPrbmNd1TRfJJU8HrYFEJQo1q
> p0RiLjcFFDCEZs0gDr9zliCXllV7J9h2ttqLq8+xwPATDuO6buQdFS9vZQ8t1u36
> a0FIuy3NM8PQbblC3B5WumUjW4kntLV09ytYV8h6S8C/dgFwMqzAwEAeNx1exyE=
> =3qNI
> -----END PGP SIGNATURE-----
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email