Re: [OAUTH-WG] draft-15 editorials
Paul Madsen <paul.madsen@gmail.com> Thu, 07 April 2011 13:12 UTC
Return-Path: <paul.madsen@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 47FB928C0E3 for <oauth@core3.amsl.com>; Thu, 7 Apr 2011 06:12:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.448
X-Spam-Level:
X-Spam-Status: No, score=-3.448 tagged_above=-999 required=5 tests=[AWL=0.150, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iPqM1ngZvNpx for <oauth@core3.amsl.com>; Thu, 7 Apr 2011 06:12:51 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id 186493A67A1 for <oauth@ietf.org>; Thu, 7 Apr 2011 06:12:51 -0700 (PDT)
Received: by gyf3 with SMTP id 3so1180848gyf.31 for <oauth@ietf.org>; Thu, 07 Apr 2011 06:14:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type; bh=imxmgeU/+st02dHX33wy7auBqtsNP7mGEaTkVwd6AOE=; b=uxddvPMeTztZruaHW/5xIkHzYZ1IBvszpzSy/kqcc3RSaaMX556mHBONGu07OuMS/b U7VZ/9ncqY9XVevWOzQlETPigs3SgL9ugku7eCKUJ369b/JjZ7FiRPZV5kl5u098fLvL ArSO0ZTXtSjH+py0qN6U80nbbYFZbz84kLKhU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; b=YglmD4V5I8XONbrHRMxAIuycnFcXO53xd8LE7+jf7oszLAoArDj4ivaiTPs739Uhbx mS/Zi5AB9tGQc7D6wUqSk7FvZqUMVcgvmyknbw9+aKq6o9dwJWnQ4Iidt3cQl+/TA85d nqRNWlLbONZ1mrNTz+oOZwr/fQP+zUjwbXnGM=
Received: by 10.91.210.12 with SMTP id m12mr771440agq.67.1302182075228; Thu, 07 Apr 2011 06:14:35 -0700 (PDT)
Received: from pmadsen-mbp.local (CPE0022b0cb82b4-CM0012256eb4b4.cpe.net.cable.rogers.com [99.224.152.177]) by mx.google.com with ESMTPS id d20sm349056ang.43.2011.04.07.06.14.31 (version=SSLv3 cipher=OTHER); Thu, 07 Apr 2011 06:14:32 -0700 (PDT)
Message-ID: <4D9DB8B6.6020804@gmail.com>
Date: Thu, 07 Apr 2011 09:14:30 -0400
From: Paul Madsen <paul.madsen@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: "Manger, James H" <James.H.Manger@team.telstra.com>
References: <255B9BB34FB7D647A506DC292726F6E11281BA9188@WSMSG3153V.srv.dir.telstra.com> <4E1F6AAD24975D4BA5B1680429673943252CE4F8@TK5EX14MBXC203.redmond.corp.microsoft.com> <4D9C47A8.30605@gmail.com> <90C41DD21FB7C64BB94121FBBC2E7234465664DF8F@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4D9C836C.9080704@gmail.com> <255B9BB34FB7D647A506DC292726F6E11281C39962@WSMSG3153V.srv.dir.telstra.com>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E11281C39962@WSMSG3153V.srv.dir.telstra.com>
Content-Type: multipart/alternative; boundary="------------060804020007020002060206"
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] draft-15 editorials
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2011 13:12:56 -0000
Hi James, sorry I didnt see your earlier suggestion. And your text works for me - just looking for text that hints at something beyond delegation thanks paul On 4/6/11 11:15 PM, Manger, James H wrote: > > Paul, > > The draft-15.1 abstract is just the first sentence of the abstract I > suggested last month > [http://www.ietf.org/mail-archive/web/oauth/current/msg05693.html and > below]. The rest covered OAuth's other major aspect: issuing temporary > credentials that resource servers can handle, while a separate service > can handle permanent or exotic credentials (eg assertions). Does it > fit what you were after? > > Your "directly negotiate access" phrase hints that there is more to > OAuth 2 than delegation, but I'm not sure that it explains it. > > -- > > James Manger > > *From:*oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] *On > Behalf Of *Paul Madsen > *Sent:* Thursday, 7 April 2011 1:15 AM > *To:* Eran Hammer-Lahav > *Cc:* oauth@ietf.org > *Subject:* Re: [OAUTH-WG] draft-15 editorials > > Proposed text > > The OAuth 2.0 authorization protocol enables a third-party application > to obtain limited access to an HTTP service, either on behalf of an > end-user by orchestrating an approval interaction between the end-user > and the HTTP service, or by allowing the third-party application to > directly 'negotiate', on its own behalf, such access with the HTTP > service. > > And I acknowledge the concerns that 'negotiate' might create, thus the > air quotes .... > > paul > > *From:*oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] *On > Behalf Of *Manger, James H > *Sent:* Thursday, 17 March 2011 1:40 PM > *To:* OAuth WG > *Subject:* [OAUTH-WG] OAuth2 abstract > > Comments on draft-ietf-oauth-v2-13: > > 1. *Abstract* > > The 1-line abstract is not helpful -- it merely repeats the title. The > abstract is important as it is the text most widely seem around the > rest of the IETF community (eg in announcements of drafts and RFCs) > and beyond. It needs to mention: users delegating access to > applications; applications orchestrating that delegation; swapping > permanent credentials for short-lived access tokens; and that it uses > HTTP. Here is my suggestion: > > "The OAuth 2.0 authorization protocol allows an application to gain > limited permission to access an HTTP service on behalf of a user by > orchestrating an approval interaction between the user and the service. > OAuth 2.0 uses temporary credentials, issued by an HTTP service either > directly to an application or to represent user-delegated permissions. > A collection of HTTP services can accept temporary credentials without > needing to handle long-term user or application credentials, which > can be restricted to a secure service that issues the temporary > credentials." > > I think this text can be understood without knowing any of the > specialised terms introduced later in the specification. > > -- > > James Manger >
- [OAUTH-WG] draft-15 editorials Manger, James H
- Re: [OAUTH-WG] draft-15 editorials Mike Jones
- Re: [OAUTH-WG] draft-15 editorials Paul Madsen
- Re: [OAUTH-WG] draft-15 editorials Eran Hammer-Lahav
- Re: [OAUTH-WG] draft-15 editorials Eran Hammer-Lahav
- Re: [OAUTH-WG] draft-15 editorials Paul Madsen
- Re: [OAUTH-WG] draft-15 editorials Manger, James H
- Re: [OAUTH-WG] draft-15 editorials Paul Madsen