Re: [OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized

Eduardo Gueiros <egueiros@jive.com> Mon, 15 February 2016 23:18 UTC

Return-Path: <egueiros@jive.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EA621A6EED for <oauth@ietfa.amsl.com>; Mon, 15 Feb 2016 15:18:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.268
X-Spam-Level:
X-Spam-Status: No, score=-1.268 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4zV1QAqc2fw5 for <oauth@ietfa.amsl.com>; Mon, 15 Feb 2016 15:18:31 -0800 (PST)
Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3591D1A88F9 for <oauth@ietf.org>; Mon, 15 Feb 2016 15:18:31 -0800 (PST)
Received: by mail-ig0-x232.google.com with SMTP id 5so65943145igt.0 for <oauth@ietf.org>; Mon, 15 Feb 2016 15:18:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jive-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=CEppsLplk28hf/bXseAOUDpt6UafWjpjFFkfyhfdvZM=; b=RfyW9L5eqbi6tr6uNMV/6Jlx54yZakd2nZjXc1t5uSTJQuI3OqGjHuqNZdvB/gKUUB XrdcUuQm16/AILuuT0KyGRJQs2PUECInQLJ9VqBo5pNDQc9tMtkWB5lzBPHZeaYL7CSD HAHlMrow8wVi/dFZtqNCuNJX6QjO2PJb237+qMNsOYGpaI7AJ/ydDbQ8mnRHRjDq1cqZ TAZZSIwgMTfXKJpSZrc2C0I/z/qW3RHIuVx1r8vm96Z//G7jwJ+lyeTKJCIBUTUBlXPB KzzxhAnOwCuTZ3MAOuDSkqu1yjHHvGZwZPchHGxDLCnoBY2nP/m9fE0RRsk6/cg/EB2r RVjA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=CEppsLplk28hf/bXseAOUDpt6UafWjpjFFkfyhfdvZM=; b=bnVuYNB36bGfqFCXgeexXuY2dOV4qXUHVC8797nzhwJPY7/RBp0LoONsVuqx+qkqVR VfwrWEtDJ5R3nssUj9NPMF7jXfkkkj86CxCRk2D5+b/QInoaxaXSoFAeePFIQzQpzUAp 7PADhwLZ2sO2GKgD9Idypl3LC4jPg3SOwt9BuvxflLGGnCFP8Mzz/KJ9A5tZHieHONYT 81PWErsMqvGR6h/XE/jCZFJvaKr5tcCNWevRKBBv+GRLVs/FtmAOB/09s7g1jdONUPqn 0CMjqCc/ORwqRBd7SbHCVRW/BfqNsXbnCzt2T7jlzms0PBAhNc1i70iJ/G5QTpWfjdQ1 m89A==
X-Gm-Message-State: AG10YOQWPIj5JqkSzQhp0eKO6MiPpiLm2AgOzQ/oGWjb/1XLxZJcTwg1b3wd2sZvTgP4Sn1k+hvRX3jnnEcO3Fcc
MIME-Version: 1.0
X-Received: by 10.50.29.51 with SMTP id g19mr13713771igh.41.1455578310409; Mon, 15 Feb 2016 15:18:30 -0800 (PST)
Received: by 10.36.62.69 with HTTP; Mon, 15 Feb 2016 15:18:30 -0800 (PST)
In-Reply-To: <CAOahYUxSMopc0hoXG8ocMk+p1b__NqapuztuHiWchpYRQqvP2w@mail.gmail.com>
References: <56B3A400.2080606@gmx.net> <62D1E1DB-17A4-4ABD-81F3-8659F40D7E88@mit.edu> <CAOahYUxSMopc0hoXG8ocMk+p1b__NqapuztuHiWchpYRQqvP2w@mail.gmail.com>
Date: Mon, 15 Feb 2016 16:18:30 -0700
Message-ID: <CAD_eRaFsFsbDYPXbrkpMk+uM9gwyh31N0kr2hEJb_2ai8DD+Ug@mail.gmail.com>
From: Eduardo Gueiros <egueiros@jive.com>
To: Adam Lewis <adam.lewis@motorolasolutions.com>
Content-Type: multipart/alternative; boundary=e89a8f8399b7229c94052bd73cb7
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/NkUJqMWIvaVB1a0Bv7nYx-D7cwg>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Feb 2016 23:18:33 -0000

+1 Being in the mobile space myself and constantly meeting with native app
developers I've heard my share of horror stories on how OAuth was
implemented, myself being guilty of being "creative" around OAuth.

This draft is be of great value to those of us who are around these
developers, we'll be helping bringing awareness about the correct practices
suggested in the document.

On Fri, Feb 5, 2016 at 8:10 AM, Adam Lewis <adam.lewis@motorolasolutions.com
> wrote:

> +1 that it should be Informational.
>
> Also, I never got to respond to the original request, but I am heavily in
> favor of this draft. I talk with a lot of native app developers who are
> clueless about how to implement OAuth.  The core RFC is very web app
> oriented.  I look forward to having a more profiled RFC to point them to :-)
>
> adam
>
> On Thu, Feb 4, 2016 at 7:13 PM, Justin Richer <jricher@mit.edu> wrote:
>
>> I’d like to note that when Tony brought up it being Experimental on the
>> list, several of us (myself included) pointed out that Informational is the
>> correct designation for this specification.
>>
>>  — Justin
>>
>> > On Feb 4, 2016, at 2:18 PM, Hannes Tschofenig <
>> hannes.tschofenig@gmx.net> wrote:
>> >
>> > Hi all,
>> >
>> > On January 19th I posted a call for adoption of the OAuth 2.0 for Native
>> > Apps specification, see
>> > http://www.ietf.org/mail-archive/web/oauth/current/msg15400.html
>> >
>> > There was very positive feedback during the Yokohama IETF meeting to
>> > work on this document in the OAuth working group. More than 10 persons
>> > responded positively to the call on the mailing list as well.
>> >
>> > Several persons provided additional input for content changes during the
>> > call and here are the relevant links:
>> > http://www.ietf.org/mail-archive/web/oauth/current/msg15434.html
>> > http://www.ietf.org/mail-archive/web/oauth/current/msg15435.html
>> > http://www.ietf.org/mail-archive/web/oauth/current/msg15438.html
>> >
>> > Tony also noted that this document should become an Experimental RFC
>> > rather than a Standards Track RFC. The chairs will consult with the
>> > Security Area directors on this issue.
>> >
>> > To conclude, based on the call <draft-wdenniss-oauth-native-apps> will
>> > become the starting point for work in OAuth. Please submit the document
>> > as draft-ietf-oauth-native-apps-00.txt.
>> >
>> > Ciao
>> > Hannes & Derek
>> >
>> >
>> >
>> > _______________________________________________
>> > OAuth mailing list
>> > OAuth@ietf.org
>> > https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>


-- 
-- 
*Eduardo Gueiros*
*Director, Mobile B.U.* |  Jive Communications, Inc.
jive.com  |  *egueiros@jive.com <egueiros@jive.com>*
<http://www.facebook.com/jive.communications.inc>
<http://www.twitter.com/getjive> <http://goplus.us/jive>
<http://www.youtube.com/jivetalks>
<http://www.linkedin.com/company/jive-communications-inc>