Re: [OAUTH-WG] Call for agenda items

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Wed, 18 April 2018 19:44 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA78E126C26 for <oauth@ietfa.amsl.com>; Wed, 18 Apr 2018 12:44:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jfNSCv6RI7Q8 for <oauth@ietfa.amsl.com>; Wed, 18 Apr 2018 12:44:47 -0700 (PDT)
Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30047.outbound.protection.outlook.com [40.107.3.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E87D12426E for <oauth@ietf.org>; Wed, 18 Apr 2018 12:44:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=mtgAf9iNHe1JVCftndEC3dcmiejAs2y8725ht1mtCBw=; b=BZRFYoHhY1sNdv3Eek3RXqJcicb6JNAigJ3jb35sdNx1CmGU38nbRJ3qRms00YSEZQg/zxAm0Y26YbuXqhZPZTiVUw3bG/ZfDd1bs81+BzEav6mRO+CSNRBScb0pFGnYLrL80oYGqea2hCNAfrm3M9rWMIWn9oUpoUj+0Khhrzk=
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com (10.173.75.16) by VI1PR0801MB1392.eurprd08.prod.outlook.com (10.167.198.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.675.11; Wed, 18 Apr 2018 19:44:43 +0000
Received: from VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::35fb:6e2c:e118:5644]) by VI1PR0801MB2112.eurprd08.prod.outlook.com ([fe80::35fb:6e2c:e118:5644%17]) with mapi id 15.20.0675.015; Wed, 18 Apr 2018 19:44:43 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Dick Hardt <dick.hardt@gmail.com>
CC: n-sakimura <n-sakimura@nri.co.jp>, oauth <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Call for agenda items
Thread-Index: AdOZokfkKl3QavjXR5+VNijf+3VIVAbDb1oAAA3y6gAAHchUAAACZoYAAB5NaXAAC0wAgAAcFChAB/jIZAAAHQ9wXQALVCywAAbucAAAACgj4AAAU9gAAArvzdA=
Date: Wed, 18 Apr 2018 19:44:43 +0000
Message-ID: <VI1PR0801MB21124163B1FBF63CFD8E2AF7FAB60@VI1PR0801MB2112.eurprd08.prod.outlook.com>
References: <AM4PR0801MB270614990E501071CDB3A2F9FAE40@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAAP42hAy8iFHDa9hQxNMxytiWjf=MyrCDRzZ4MjvRq8xi0+Baw@mail.gmail.com> <CABzCy2DzJUL86MVTA9xL4Cpv4=ooZyZJ3N1QNS0QKvgr8DJHgA@mail.gmail.com> <CAGL6epLa0J0-JH8-cZX_WZ5Ztficz0_n+C9dOP80Gkbp_jvPFQ@mail.gmail.com> <CA+k3eCSVdUWu2Cz1N6tF_V1wVJS_+v8UudvWyosc9W6DLt9HkA@mail.gmail.com> <TY1PR01MB1054A105034F55F6B810D7C3F9D80@TY1PR01MB1054.jpnprd01.prod.outlook.com> <CAGL6epKe5rWdqCio9-feoMoNa11_H7s7HfHAM8GZ2r3gUhv02A@mail.gmail.com> <TY1PR01MB1054C1D6EBB6B6180E31F610F9DF0@TY1PR01MB1054.jpnprd01.prod.outlook.com> <CAD9ie-t+SH2Pc6iUCqJyzJeyMp2gjk1fm4kRRh2sOVjtUSsFBA@mail.gmail.com> <TY2PR01MB2297C4899D098F0B9341D84BF9B60@TY2PR01MB2297.jpnprd01.prod.outlook.com> <VI1PR0801MB2112BC38B8A4ADF9A8ABFC89FAB60@VI1PR0801MB2112.eurprd08.prod.outlook.com> <CAD9ie-tfxcFLY16bKwyiGVN0_GJgNe6Qq-eVi5_Un9+3w31a4g@mail.gmail.com> <VI1PR0801MB2112819E94AB2E3302B4F75DFAB60@VI1PR0801MB2112.eurprd08.prod.outlook.com> <CAD9ie-u9-cPazQfF95X+_=mRKz-OxvZ60p-41KeiC3K88cojTA@mail.gmail.com>
In-Reply-To: <CAD9ie-u9-cPazQfF95X+_=mRKz-OxvZ60p-41KeiC3K88cojTA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=arm.com;
x-originating-ip: [80.92.115.223]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; VI1PR0801MB1392; 7:MG58KrU+Mm1+Jr7oXVICPkdts2ba1WzcfPumx1DcJcy16KsxIJVrfbEN5EIUq/5EF3ehmT/uATGFWg7Ux4HdX2QCbMrymCBwTvEtfv8BaQnC3XdriKG2Z3uQjMhrFdhEGAbXbHxE+r65ro2K63p2ZC6lM7/S0AUulQ8Y14aZD/xo1ARyJply6knyTZG+BAcU7QQtOae6/JhvH6Xr6mhb5lFBK6NNkH0vKP8eCBD2NiRvICPzLicALN/YP2eXgzJJ
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(48565401081)(2017052603328)(7153060)(7193020); SRVR:VI1PR0801MB1392;
x-ms-traffictypediagnostic: VI1PR0801MB1392:
x-microsoft-antispam-prvs: <VI1PR0801MB1392D229BAB9C923A550EF51FAB60@VI1PR0801MB1392.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(180628864354917)(192374486261705)(85827821059158)(211936372134217)(100405760836317)(153496737603132)(21748063052155)(275809806118684);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(10201501046)(3002001)(3231232)(944501368)(52105095)(93006095)(93001095)(6055026)(6041310)(20161123562045)(20161123558120)(20161123560045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(6072148)(201708071742011); SRVR:VI1PR0801MB1392; BCL:0; PCL:0; RULEID:; SRVR:VI1PR0801MB1392;
x-forefront-prvs: 06469BCC91
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39380400002)(39860400002)(376002)(346002)(396003)(366004)(40434004)(53754006)(365934003)(189003)(199004)(8936002)(8676002)(86362001)(81166006)(25786009)(229853002)(93886005)(4326008)(81156014)(478600001)(316002)(2900100001)(186003)(6916009)(26005)(11346002)(446003)(476003)(102836004)(54906003)(54896002)(6116002)(99286004)(5890100001)(5250100002)(74316002)(7736002)(53546011)(3280700002)(53936002)(6506007)(6246003)(14454004)(39060400002)(7696005)(53946003)(236005)(66066001)(966005)(9686003)(5660300001)(6306002)(790700001)(3846002)(55016002)(72206003)(6436002)(59450400001)(33656002)(76176011)(606006)(2906002)(3660700001)(579004)(559001); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0801MB1392; H:VI1PR0801MB2112.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; MLV:ovrnspm; PTR:InfoNoRecords; MX:1; A:1;
x-microsoft-antispam-message-info: uej2q2Zj2g628Gqyi8rMk5p+Ce4g3SRCHFBkQ/oEnIQtUX3e+8PGv37rog+K89+IKrOFliDJ+SlIuYPpadAwE34JcTyuMsTPmi0/bD7o/SH62g4Lloucl1l+d0hpl9XkR7DApMBD5uuHGS5ihx+DlCNNaQv6WoW8wNBxRbsAg5STQMgX5LmjtV7cs08UnM37
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_VI1PR0801MB21124163B1FBF63CFD8E2AF7FAB60VI1PR0801MB2112_"
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: 7a78e59b-4ff9-430a-259e-08d5a564d512
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7a78e59b-4ff9-430a-259e-08d5a564d512
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Apr 2018 19:44:43.2060 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0801MB1392
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/KPSA7RXde09yI7cQhRCQQnLtAQs>
Subject: Re: [OAUTH-WG] Call for agenda items
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2018 19:44:52 -0000

Rifaat and I are also OK with not having to organize a conference call on that topic if you and the group think that no such meeting is necessary.

From: Dick Hardt [mailto:dick.hardt@gmail.com]
Sent: 18 April 2018 16:29
To: Hannes Tschofenig
Cc: n-sakimura; oauth
Subject: Re: [OAUTH-WG] Call for agenda items

The last interm meeting was not very productive. The value I got was that it would be useful to see if Nat, Brian and I could coalesce.

On Wed, Apr 18, 2018 at 7:21 AM Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> wrote:
Hi Dick,

The value of a conference call as part of the OAuth working group is that you involve other interested parties to the discussion, and that you do not have to repeat your private conversations later again on the mailing list.
That’s pretty convincing to me ;-)

Ciao
Hannes


From: Dick Hardt [mailto:dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>]
Sent: 18 April 2018 16:15
To: Hannes Tschofenig
Cc: n-sakimura; oauth

Subject: Re: [OAUTH-WG] Call for agenda items

F2F side/author meeting at Montreal
Ad hock author meeting call prior

Unclear to me the value of a WG intern meeting

On Wed, Apr 18, 2018 at 3:59 AM Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> wrote:
Hey guys,

I am trying to find out what you are planning here.

Are you talking about scheduling a side meeting at the next IETF meeting or a f2f meeting somewhere else?

Rifaat and I had promised to schedule a conference call (virtual interim meeting) about distributed OAuth and we are targeting May. While holding a f2f interim meeting for OAuth is possible we have not discussed this so far.

Ciao
Hannes

From: OAuth [mailto:oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org>] On Behalf Of n-sakimura
Sent: 18 April 2018 07:34
To: Dick Hardt; n-sakimura
Cc: oauth

Subject: Re: [OAUTH-WG] Call for agenda items


I support the idea. Adding to it, perhaps we can do an ad-hoc before Montreal so that we can come up with a combined draft.


Nat Sakimura
--
PLEASE READ: This e-mail is confidential and intended for the named recipient only. If you are not an intended recipient, please notify the sender and delete this e-mail.






________________________________
差出人: Dick Hardt <dick.hardt@gmail.com<mailto:dick.hardt@gmail.com>>
送信日時: 2018年4月18日 0:40:20
宛先: n-sakimura
CC: Rifaat Shekh-Yusef; oauth
件名: Re: [OAUTH-WG] Call for agenda items

******************************************************************
本メールはフリーメールから届いています。標的型攻撃メールはフリーメ
ールから届くことがありますのでご注意ください。身に覚えのないメール
であれば添付ファイルやURLを開かず、以下に掲載されている手順に従っ
て対応をお願いします。

共有情報>情報セキュリティトピックス>怪しいメールが届いたら
または、
NRI Group Security Portal>情報セキュリティトピックス
>怪しいメールが届いたら
******************************************************************
I'd like to coordinate a side meeting with Nat, Brian, myself and other interested parties in Montreal to discuss Distributed OAuth.

If we have two meetings, I'd like a timeslot in the second to summarize the side meeting and discuss next steps (if any).

Separately, I'd like a time slot for an update on Reciprocal OAuth.

On Wed, Mar 7, 2018 at 5:52 PM, n-sakimura <n-sakimura@nri.co.jp<mailto:n-sakimura@nri.co.jp>> wrote:

No, not really. I was thinking of more informal thing. The session is supposed to be Wednesday afternoon, so I was thinking that it might be a good idea to do a bit of recap among contributors to draw up a battle plan towards IETF 102.



Nat



From: Rifaat Shekh-Yusef [mailto:rifaat.ietf@gmail.com<mailto:rifaat.ietf@gmail.com>]
Sent: Wednesday, March 07, 2018 9:22 PM
To: n-sakimura <n-sakimura@nri.co.jp<mailto:n-sakimura@nri.co.jp>>
Cc: Brian Campbell <bcampbell@pingidentity.com<mailto:bcampbell@pingidentity.com>>; oauth <oauth@ietf.org<mailto:oauth@ietf.org>>

Subject: Re: [OAUTH-WG] Call for agenda items



Nat,



Are you asking for an interim meeting?

We could schedule the Distributed OAuth discussion for the Wednesday meeting; that will give you guys sometime to discuss these face-to-face in London.



Regards,

 Rifaat







On Wed, Mar 7, 2018 at 2:00 AM, n-sakimura <n-sakimura@nri.co.jp<mailto:n-sakimura@nri.co.jp>> wrote:

Then let us do it. We need to put all the proposals on the table and strategize the design.

Perhaps we need a side meeting as well.



nat



From: OAuth [mailto:oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org>] On Behalf Of Brian Campbell
Sent: Wednesday, March 07, 2018 1:31 AM
To: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com<mailto:rifaat.ietf@gmail.com>>
Cc: oauth <oauth@ietf.org<mailto:oauth@ietf.org>>
Subject: Re: [OAUTH-WG] Call for agenda items



I hadn't previously been planning on it but am happy to do so.



On Tue, Mar 6, 2018 at 8:22 AM, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com<mailto:rifaat.ietf@gmail.com>> wrote:

Nat,



During the interim meeting, 3 drafts mentioned in the context of Distributed OAuth:



https://tools.ietf.org/html/draft-sakimura-oauth-meta-08<https://tools.ietf..org/html/draft-sakimura-oauth-meta-08>

https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02<https://tools.ietf..org/html/draft-campbell-oauth-resource-indicators-02>

https://tools.ietf.org/html/draft-tschofenig-oauth-audience-00<https://tools.ietf..org/html/draft-tschofenig-oauth-audience-00>





Brian, Hannes,



Are you planning on presenting your documents?



Regards,

 Rifaat













On Mon, Mar 5, 2018 at 8:09 PM, Nat Sakimura <sakimura@gmail.com<mailto:sakimura@gmail.com>> wrote:

I would be interested in hearing that.



Also, as part of "Distributed OAuth", can we do a bit of re-cap on some of the previous drafts on the similar topic as we discussed in the interim? i.e., Brian's draft (where is the link now?) and my draft (draft-sakimura-oauth-meta<https://tools.ietf.org/id/draft-sakimura-oauth-meta-08.txt>)?



Best,



Nat



On Tue, Mar 6, 2018 at 3:30 AM William Denniss <wdenniss@google.com<mailto:wdenniss@google.com>> wrote:

Hannes & Rifaat,

I would like the opportunity to present on OAuth 2.0 Incremental Authorization (draft-wdenniss-oauth-incremental-auth) [an update for which will be posted today] and "OAuth 2.0 Device Posture Signals" (draft-wdenniss-oauth-device-posture).



I can also give an update on the status of Device Flow (draft-ietf-oauth-device-flow). I expect that to be short now that WGLC has concluded and the document has advanced.



Little late to this thread and I see we already have 2 sessions in the draft agenda, but I'd like to add my support to keeping both sessions, there's always a lot to discuss and in the past we've been able to use any spare time to discuss the security topics of the day.



Regards,

William







On Tue, Jan 30, 2018 at 4:40 AM Hannes Tschofenig <Hannes.Tschofenig@arm.com<mailto:Hannes.Tschofenig@arm.com>> wrote:

Hi all,



It is time already to think about the agenda for the next IETF meeting. Rifaat and I were wondering whether we need one or two sessions. We would like to make the decision based on the topics we will discuss. Below you can find a first version of the agenda with a few remarks. Let us know if you have comments or suggestions for additional agenda items.



Ciao
Hannes & Rifaat



OAuth Agenda

------------



- Welcome and Status Update  (Chairs)



  * OAuth Security Workshop Report



  * Documents in IESG processing

     # draft-ietf-oauth-device-flow-07

     # draft-ietf-oauth-discovery-08

     # draft-ietf-oauth-jwsreq-15

     # draft-ietf-oauth-token-exchange-11



       Remark: Status updates only if needed.



-  JSON Web Token Best Current Practices

   # draft-ietf-oauth-jwt-bcp-00



   Remark: We are lacking reviews on this document.

   Most likely we will not get them during the f2f meeting

   but rather by reaching out to individuals ahead of time.



-  OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens

   # draft-ietf-oauth-mtls-06



   Remark: Could be completed by the time of the IETF meeting.



- OAuth Security Topics

  # draft-ietf-oauth-security-topics-04



  Remark: We could do a consensus call on parts of the document soon.



- OAuth 2.0 Token Binding

  # draft-ietf-oauth-token-binding-05



  Remark: Document is moving along but we are lacking implementations.



- OAuth 2.0 Device Posture Signals

  # draft-wdenniss-oauth-device-posture-01



  Remark: Interest in the work but we are lacking content (maybe even

  expertise in the group)



- Reciprocal OAuth

  # draft-hardt-oauth-mutual-02



  Remark: We had a virtual interim meeting on this topic and there is

  interest in this work and apparently no competing solutions. The plan

  is to run a call for adoption once we are allowed to add a new milestone

  to our charter.



- Distributed OAuth

  # draft-hardt-oauth-distributed-00



  Remark: We had a virtual interim meeting on this topic and there is

  interest in this work. Further work on the scope is needed.

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

--

Nat Sakimura

Chairman of the Board, OpenID Foundation

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth



CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited.  If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.



_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.