[OAUTH-WG] Mutual and Distributed OAuth

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Fri, 05 January 2018 18:57 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 380EB12D863 for <oauth@ietfa.amsl.com>; Fri, 5 Jan 2018 10:57:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.92
X-Spam-Level:
X-Spam-Status: No, score=-1.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YwNmOuBXa7aY for <oauth@ietfa.amsl.com>; Fri, 5 Jan 2018 10:57:42 -0800 (PST)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10061.outbound.protection.outlook.com [40.107.1.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 725FE126CD8 for <oauth@ietf.org>; Fri, 5 Jan 2018 10:57:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=xI8WE2Bdz70r8n6qyeK6kK8cmdPhd6nf6RLRXwAtBk4=; b=PSZMarWKdmdt7AdQ7rQFg5TGg9YlE/51x6IAjOsXm+0YYkVKLLP/mo4YeCcdk5dzfHIzum+NFZzKoaSnyHiGq8DWiBjkcUgKH5LoejaMDCQKOQLm66nK8nd2s9JXMP2wnO98DmADv83O9cXFb85rsNkJHqz9eBtgGKiHJCVMMB0=
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) by AM4PR0801MB2706.eurprd08.prod.outlook.com (10.167.90.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.366.8; Fri, 5 Jan 2018 18:57:36 +0000
Received: from AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::5957:bfbc:9e56:4c9a]) by AM4PR0801MB2706.eurprd08.prod.outlook.com ([fe80::5957:bfbc:9e56:4c9a%13]) with mapi id 15.20.0366.011; Fri, 5 Jan 2018 18:57:36 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: Mutual and Distributed OAuth
Thread-Index: AdOGUi0ZRfwfiJ7nT+CYQE33GJ5fLw==
Date: Fri, 5 Jan 2018 18:57:36 +0000
Message-ID: <AM4PR0801MB2706FF58FB94863371CF6C1CFA1C0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Hannes.Tschofenig@arm.com;
x-originating-ip: [80.92.123.121]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM4PR0801MB2706; 7:hdhTmm/8XGiy9nHX4qk7DwT0CF5h5uh6wChToEf2ykGdBFpQ9nZ3+e8H0eC+NX55J+lPYoHwLxPQve22Rnen6Cd/qZSgdxyW8AjVLLY8cSJoeZvoreG9L0cQ41cCQZt0EGpQYaWpkpunC9oZ9EguqzqLqbo4yG0aZqoHKfE2bMBntOdIqgEvjMv824fuecc4nngvbU4p1J84NeHOV1Pn31NY/t5JrJNGfpAZun1+oxwNFIv7HF3eDKiFv5c471dX
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 468ee7ba-0834-466c-b72f-08d5546e2fab
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(5600026)(4604075)(3008032)(2017052603307)(7153060); SRVR:AM4PR0801MB2706;
x-ms-traffictypediagnostic: AM4PR0801MB2706:
x-microsoft-antispam-prvs: <AM4PR0801MB270693249AA6B94575C323AFFA1C0@AM4PR0801MB2706.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040470)(2401047)(8121501046)(5005006)(3231023)(944501075)(3002001)(10201501046)(93006095)(93001095)(6055026)(6041268)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123558120)(6072148)(201708071742011); SRVR:AM4PR0801MB2706; BCL:0; PCL:0; RULEID:(100000803101)(100110400095); SRVR:AM4PR0801MB2706;
x-forefront-prvs: 05437568AA
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(376002)(366004)(346002)(39380400002)(39860400002)(53754006)(199004)(189003)(40434004)(99286004)(102836004)(8936002)(59450400001)(6506007)(2501003)(97736004)(5250100002)(5640700003)(5890100001)(7736002)(2900100001)(3280700002)(68736007)(3660700001)(25786009)(1730700003)(66066001)(2351001)(105586002)(106356001)(81166006)(8676002)(55016002)(7696005)(305945005)(74316002)(81156014)(5660300001)(33656002)(6916009)(6116002)(3846002)(3480700004)(6436002)(86362001)(6306002)(72206003)(478600001)(2906002)(53936002)(9686003)(966005)(316002)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0801MB2706; H:AM4PR0801MB2706.eurprd08.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: vnQiZXxabwpasEw15vnGUUdr2jkeeRvq/dVgoKkRHKyLQmOX0yVlYpExNjy1LoBy+6ptj2H2AcnnQG/QsukG7Q==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 468ee7ba-0834-466c-b72f-08d5546e2fab
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Jan 2018 18:57:36.4930 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0801MB2706
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/P8OSgBnKThhx8MqjeBA6irdmAsI>
Subject: [OAUTH-WG] Mutual and Distributed OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jan 2018 18:57:44 -0000

Hi all,

In the upcoming conference calls we will continue the conversation from the Singapore IETF meeting where Dick presented his documents about mutual and distributed OAuth.
There was a fair amount of interest in addressing the problems raised in the two documents (namely https://datatracker.ietf.org/doc/draft-hardt-oauth-distributed/
https://datatracker.ietf.org/doc/draft-hardt-oauth-mutual/). However, some participants also noted that there are other solution approaches and prior work that has to be considered.

In the conference calls we would like to get an agreement on the problem statements and also talk about the solution directions. For this reason we would like to get a good idea what folks in the group consider valid solution approaches. From the meeting minutes we noted that UMA was highlighted as a solution approach for the distributed OAuth topic and token exchange as a solution for mutual OAuth. More needs to be provided to have something to investigate and to compare.

Ciao
Hannes & Rifaat

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.