IETF Logo Mail Archive

Re: [OAUTH-WG] Partially standardized format for access tokens?

Nat Sakimura <sakimura@gmail.com> Tue, 08 June 2010 03:30 UTC

Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B4A883A6905 for <oauth@core3.amsl.com>; Mon, 7 Jun 2010 20:30:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.165
X-Spam-Level:
X-Spam-Status: No, score=-2.165 tagged_above=-999 required=5 tests=[AWL=0.433, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rdbZPkAVHXKo for <oauth@core3.amsl.com>; Mon, 7 Jun 2010 20:29:59 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 928763A67E9 for <oauth@ietf.org>; Mon, 7 Jun 2010 20:29:59 -0700 (PDT)
Received: by iwn42 with SMTP id 42so4167802iwn.31 for <oauth@ietf.org>; Mon, 07 Jun 2010 20:29:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=Z0f8GVpPPQJo8KjvrCOlKSqopzQQi9pYSS+F5Te9h5g=; b=OW04QzkOoa16xr9Psp8XKT3fJTIHZjEYEFblOgR5uEkgHkirCcSAg1TBPBw+FUdw44 9Gf5FXzmV6OWWeQSZmy9ZlmP98enxJyB8VULWeVHlBzegDRRqHT1NWjNBc1qsp0juZJc Nwhh8y43DRE+eLsYmElgrIE9l5i3lIpWstahQ=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=bbsC2Tix0QgvEFJrCnhhcTZPo+5eZX9dR5labv3NmlbFQP8OOO1zTJv4Sag6Lx4BPp SDw+TuHaFruuq530VW3y0TX+4eqw+I3R5kh3EaS8j3UQdLONd40vA8E44/ssQQut3Lys KINXukQPuyAXwavZF3j1wj+nOoLsKvJece6Rc=
MIME-Version: 1.0
Received: by 10.231.185.6 with SMTP id cm6mr1069003ibb.72.1275967797482; Mon, 07 Jun 2010 20:29:57 -0700 (PDT)
Received: by 10.231.15.133 with HTTP; Mon, 7 Jun 2010 20:29:57 -0700 (PDT)
In-Reply-To: <AANLkTinTOMNN1SfWrs2SQWp6OX9vjpX_wRgCB673xUUy@mail.gmail.com>
References: <AANLkTinQTV9JJPiftquRbvdqAOHxUXk7QQKCMrmQ4LLK@mail.gmail.com> <B549E6C4-A24D-4032-8A26-89ED58EBAA34@facebook.com> <4C090B6C.9030707@aol.com> <B6D1E6FF-D65F-4FD6-B148-C17550421FC9@facebook.com> <1275664996.7068.102.camel@localhost.localdomain> <AANLkTinTOMNN1SfWrs2SQWp6OX9vjpX_wRgCB673xUUy@mail.gmail.com>
Date: Tue, 08 Jun 2010 12:29:57 +0900
Message-ID: <AANLkTinostD5SEMmh9NwwL2JdEZgj-YoosL9tHkTVwz9@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
To: Dick Hardt <dick.hardt@gmail.com>
Content-Type: multipart/alternative; boundary="0050450171ee5071ca04887c6763"
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Partially standardized format for access tokens?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jun 2010 03:30:00 -0000

On Sat, Jun 5, 2010 at 12:37 AM, Dick Hardt <dick.hardt@gmail.com> wrote:

> On Fri, Jun 4, 2010 at 8:23 AM, Justin Richer <jricher@mitre.org> wrote:
>
>> > We should solve one problem at a time. It's easy to layer structure
>> > on top of an opaque blob in a separate spec.
>>
>> +1 to this. Token structure seems like a nice idea, but it's outside
>> what should be dictated by the OAuth spec. We want people to be able to
>> use OAuth to shuttle their existing tokens around, or create hexblobs
>> that mean nothing to anyone else, or encode 37 fields in a structured
>> format that's signed with a private key, or whatever else they want to
>> do, and still have all of that be OAuth. If someone wants to say "we use
>> OAuth and our tokens are UberTokens so they're compatible with everyone
>> else", that's fine; but you should be fully able to do OAuth without
>> adding *any* structure to your tokens whatsoever.
>
>
> Token format has been out of scope of WRAP and OAuth 2.0.
>
> A separate spec defining standard tokens has been discussed.
>

Where is it being done?
I am very interested in it.


>
> Luke was commenting on not supporting multiple AS. That *IS* in scope and
> was a design objective and *IS* being implemented.
>
> -- DIck
>
>>
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>


-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
http://twitter.com/_nat_en

v2.23.0 | Report a Bug | By Email