IETF Logo Mail Archive

Re: [OAUTH-WG] FW: New Version Notification for draft-hunt-oauth-v2-user-a4c-05.txt

Mike Jones <Michael.Jones@microsoft.com> Mon, 21 July 2014 21:53 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3A841A0110 for <oauth@ietfa.amsl.com>; Mon, 21 Jul 2014 14:53:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EXLX6iIOjupc for <oauth@ietfa.amsl.com>; Mon, 21 Jul 2014 14:53:12 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0244.outbound.protection.outlook.com [207.46.163.244]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56CEE1A006B for <oauth@ietf.org>; Mon, 21 Jul 2014 14:53:12 -0700 (PDT)
Received: from BN3PR0301CA0033.namprd03.prod.outlook.com (25.160.180.171) by BL2PR03MB243.namprd03.prod.outlook.com (10.255.231.23) with Microsoft SMTP Server (TLS) id 15.0.990.7; Mon, 21 Jul 2014 21:53:10 +0000
Received: from BL2FFO11FD050.protection.gbl (2a01:111:f400:7c09::111) by BN3PR0301CA0033.outlook.office365.com (2a01:111:e400:4000::43) with Microsoft SMTP Server (TLS) id 15.0.990.7 via Frontend Transport; Mon, 21 Jul 2014 21:53:11 +0000
Received: from mail.microsoft.com (131.107.125.37) by BL2FFO11FD050.mail.protection.outlook.com (10.173.161.212) with Microsoft SMTP Server (TLS) id 15.0.980.11 via Frontend Transport; Mon, 21 Jul 2014 21:53:10 +0000
Received: from TK5EX14MBXC294.redmond.corp.microsoft.com ([169.254.3.103]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.03.0195.002; Mon, 21 Jul 2014 21:52:37 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Thomas Broyer <t.broyer@gmail.com>
Thread-Topic: [OAUTH-WG] FW: New Version Notification for draft-hunt-oauth-v2-user-a4c-05.txt
Thread-Index: AQHPpRX60tv8mDmAzEK7KukSZJpZLJuq4faggAAdwgCAABC0oA==
Date: Mon, 21 Jul 2014 21:52:36 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739439ADDAA2D@TK5EX14MBXC294.redmond.corp.microsoft.com>
References: <20140721185955.29738.31476.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739439ADDA25E@TK5EX14MBXC294.redmond.corp.microsoft.com> <CAEayHEO-_i+cB6mtb_OUaXF4OfyTrYwfv1mn2EYS-KEzTKY1GA@mail.gmail.com>
In-Reply-To: <CAEayHEO-_i+cB6mtb_OUaXF4OfyTrYwfv1mn2EYS-KEzTKY1GA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.34]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439ADDAA2DTK5EX14MBXC294r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(438002)(13464003)(199002)(189002)(377424004)(377454003)(33656002)(44976005)(79102001)(19300405004)(6806004)(15202345003)(69596002)(74502001)(87936001)(83072002)(92726001)(26826002)(76482001)(4396001)(2656002)(77982001)(19625215002)(85852003)(55846006)(19580395003)(54356999)(84676001)(50986999)(107046002)(15975445006)(68736004)(83322001)(74662001)(104016003)(110136001)(95666004)(16601075003)(19580405001)(76176999)(99396002)(85306003)(106466001)(81156004)(21056001)(512874002)(106116001)(97736001)(84326002)(16236675004)(77096002)(71186001)(64706001)(20776003)(80022001)(66066001)(19617315012)(86612001)(81342001)(46102001)(86362001)(92566001)(81542001)(31966008); DIR:OUT; SFP:; SCL:1; SRVR:BL2PR03MB243; H:mail.microsoft.com; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; MX:1; LANG:en;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0279B3DD0D
Received-SPF: Pass (: domain of microsoft.com designates 131.107.125.37 as permitted sender) receiver=; client-ip=131.107.125.37; helo=mail.microsoft.com;
Authentication-Results: spf=pass (sender IP is 131.107.125.37) smtp.mailfrom=Michael.Jones@microsoft.com;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/P4pGb2_eWZOUmKBZgj_a5tEP1Nw
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FW: New Version Notification for draft-hunt-oauth-v2-user-a4c-05.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 21:53:14 -0000

Thanks for your review, Thomas.  The “prompt=consent” definition being missing is an editorial error.  It should be:

consent
The Authorization Server SHOULD prompt the End-User for consent before returning information to the Client. If it cannot obtain consent, it MUST return an error, typically consent_required.

I’ll plan to add it in the next draft.

I agree that there’s no difference between a response with multiple “amr” values that includes “mfa” and one that doesn’t.  Unless a clear use case for why “mfa” is needed can be identified, we can delete it in the next draft.

                                                            -- Mike

From: Thomas Broyer [mailto:t.broyer@gmail.com]
Sent: Monday, July 21, 2014 1:47 PM
To: Mike Jones
Cc: <oauth@ietf.org>
Subject: Re: [OAUTH-WG] FW: New Version Notification for draft-hunt-oauth-v2-user-a4c-05.txt


The end of section 2.2 talks about prompt=consent but the value is not defined above.

Also, I don't understand the note about "pwd" being used by a service. In which scenario would that happen?

Finally, what's the difference between providing several values for "amr" with and without including "mfa"? IOW, what's the use case for mfa?
Le 21 juil. 2014 21:06, "Mike Jones" <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>> a écrit :

Changes in this version are:

•        Added the Authentication Method Reference Values registry.

•        Renamed the code_for_id_token grant type to urn:ietf:params:oauth:grant-type:code-for-id-token to conform to Section 4.5 of RFC 6749.

                                                            -- Mike



-----Original Message-----
From: internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> [mailto:internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>]
Sent: Monday, July 21, 2014 12:00 PM
To: Phil Hunt; Anthony Nadalin; Phil Hunt; Mike Jones; Anthony Nadalin; Mike Jones
Subject: New Version Notification for draft-hunt-oauth-v2-user-a4c-05.txt





A new version of I-D, draft-hunt-oauth-v2-user-a4c-05.txt

has been successfully submitted by Michael B. Jones and posted to the IETF repository.



Name:                  draft-hunt-oauth-v2-user-a4c

Revision:              05

Title:                     Providing User Authentication Information to OAuth 2.0 Clients

Document date: 2014-07-21

Group:                  Individual Submission

Pages:                  19

URL:            http://www.ietf.org/internet-drafts/draft-hunt-oauth-v2-user-a4c-05.txt

Status:         https://datatracker.ietf.org/doc/draft-hunt-oauth-v2-user-a4c/

Htmlized:       http://tools.ietf.org/html/draft-hunt-oauth-v2-user-a4c-05

Diff:           http://www.ietf.org/rfcdiff?url2=draft-hunt-oauth-v2-user-a4c-05



Abstract:

   This specification defines a way for OAuth 2.0 clients to verify the

   identity of the End-User and obtain consent based upon the

   authentication performed by an Authorization Server.  The

   interactions defined by this specification are intentionally

   compatible with the OpenID Connect protocol.









Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.



The IETF Secretariat



_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email