[OAUTH-WG] conf call follow up from today

William Mills <wmills_92105@yahoo.com> Mon, 04 February 2013 20:22 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F48B21F87C4 for <oauth@ietfa.amsl.com>; Mon, 4 Feb 2013 12:22:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.323
X-Spam-Level:
X-Spam-Status: No, score=-0.323 tagged_above=-999 required=5 tests=[AWL=-0.139, BAYES_40=-0.185, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PJqgikQUI+se for <oauth@ietfa.amsl.com>; Mon, 4 Feb 2013 12:22:13 -0800 (PST)
Received: from nm13-vm1.bullet.mail.ne1.yahoo.com (nm13-vm1.bullet.mail.ne1.yahoo.com [98.138.91.62]) by ietfa.amsl.com (Postfix) with ESMTP id D789121F8759 for <oauth@ietf.org>; Mon, 4 Feb 2013 12:22:12 -0800 (PST)
Received: from [98.138.90.57] by nm13.bullet.mail.ne1.yahoo.com with NNFMP; 04 Feb 2013 20:22:12 -0000
Received: from [98.138.87.2] by tm10.bullet.mail.ne1.yahoo.com with NNFMP; 04 Feb 2013 20:22:12 -0000
Received: from [127.0.0.1] by omp1002.mail.ne1.yahoo.com with NNFMP; 04 Feb 2013 20:22:12 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 450692.41930.bm@omp1002.mail.ne1.yahoo.com
Received: (qmail 33567 invoked by uid 60001); 4 Feb 2013 20:22:12 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1360009332; bh=l9pFngQ73RSyoTUAFi+iBSg0Bd/QmAFB97S8R2kEFMQ=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=pIx0OHXjtGDZ2RhZ89h8Iaxqh7idObbcvdoxwYHdKuFRo4TraDjXY9NrrLQ4ORgohCZEv02KFGpz88i0IxYhr5q4iegO4VySlEUJjx6pUy+XwM7kpdk3F6lZyIRbDpW3W5x19Sfvdj70ibCISTKFAwKETHq5blGJ5UT0cxYgLdk=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=emhWhTdY+ydT9F73uLDbG1i+YRy3R7S0K+t/V7id9OICg5ABING8+MTlxut5OoP8WMPo+mX28h9WyNBk1luQK3pCqXRhblDJwF+xozUleGMdEuYwZyLfPH/y8j9J4HLVoTmdTgjj3qNOilhAi6KTCYusSM01prdMmxHX2607uU0=;
X-YMail-OSG: bQIXWSQVM1mDJpV9ixQxcK70UeL1qET7ImUqHlaTL912Qz_ OLZlX88AvF9.84tIOVNSFOU2_6HlW8rdh0rDekrmzFWn.biqQe1IUo8E8F6C 6rAJQyOb.d6WZgqX61wtSioRRN6OIrWZiMTqf6zJ9B1GsujK5a7DRxwqtvX. Q59UNazLihEBuv8X4ZaZ0fbrjxY8ftPBAECaVKJYhAbokO1hKUcK153C1gW5 WkBrWs6xxEys7L7RO9r4b7HUAE9NU2TGEn5ZkxOOAsk9.qAklj9pJ_cGnEKl jUPE9vayipniPoXr5L5OMYSTxMf.xJTKe3gGPm1ayZafSW9bjJMu_sDxFKMn Heu2N060ESkgKtIOxw81WPYwXOYnihpXf8CUCP1Tfxo1VjhuJXmpyvQnrglz uTYP4GbqfUnKBigA5TIMrDfmWxbKOHnUT2BDmAoDZEMk_uy4VDbnLlQymnqA 2sijy5f8s8yiGQRCQHKeSbora4qSJEHXv706LCDu4Yzs4D6Ie5cYzZ9hlBHk ZW8JyUqoeLTip2PGZFzIpgnyWPRryLYLBHUjcIA--
Received: from [209.131.62.113] by web31801.mail.mud.yahoo.com via HTTP; Mon, 04 Feb 2013 12:22:11 PST
X-Rocket-MIMEInfo: 001.001, MSkgwqBJIHRoaW5rIHRoYXQgd2UgbmVlZCB0byBmb2N1cyBvbiBzcGVjaWZpYyBzb2x1dGlvbnMsIGFzIEkgc2FpZCBvbiB0aGUgY2FsbCwgYW5kIHNvbHZlIHRoZSBPQXV0aCAxLjBhL01BQyB1c2UgY2FzZS4gwqBUaGVyZSdzIHNpZ25pZmljYW50IGluc3RhbGxlZCBiYXNlIG9mIE9BdXRoIDEuMGEgYW5kIHdlIG5lZWQgYSBwYXRoIGZvciB0aG9zZSBpbnN0YWxsYXRpb25zIGludG8gT0F1dGggMi4wLiDCoEkgbWF5IHdlbGwgcHVyc3VlIE1BQyBpbiB0aGUgaW50ZXJpbSB0byBkbyB0aGlzLCBidXQgYSBmdWwBMAEBAQE-
X-Mailer: YahooMailWebService/0.8.132.503
Message-ID: <1360009331.12021.YahooMailNeo@web31801.mail.mud.yahoo.com>
Date: Mon, 4 Feb 2013 12:22:11 -0800 (PST)
From: William Mills <wmills_92105@yahoo.com>
To: O Auth WG <oauth@ietf.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-368338466-1500808155-1360009331=:12021"
Subject: [OAUTH-WG] conf call follow up from today
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Feb 2013 20:22:13 -0000

1)  I think that we need to focus on specific solutions, as I said on the call, and solve the OAuth 1.0a/MAC use case.  There's significant installed base of OAuth 1.0a and we need a path for those installations into OAuth 2.0.  I may well pursue MAC in the interim to do this, but a full HOK solution woul work too.

2)  I think the discussion we were having about "which authenticator to use" falls squarely into the endpoint discovery discussion and we should put that energy into endpoint discovery as distinct from HOK.

3)  We haven't talked yet about how a client will be able to specify a token type if it wants a specific one.  OAuth 2 core will need to be extended to support this.

4)  We should leave the key distribution/discovery mechanism either out of scope or define it explicitly per HOK token type profile.  This will have to work with the extensions for #3 above.

5)  I want to avoid the problem in OAuth 1.0a of having to support and accept every possible signing mode.  Being force to accept PLAINTEXT sucks.  We need a way for the discovery endpoint to mandate a specific set of allowed signature methods.

Regards,

-bill