Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI
"Manger, James H" <James.H.Manger@team.telstra.com> Thu, 06 May 2010 06:48 UTC
Return-Path: <James.H.Manger@team.telstra.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A23F33A6A79 for <oauth@core3.amsl.com>; Wed, 5 May 2010 23:48:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.492
X-Spam-Level: *
X-Spam-Status: No, score=1.492 tagged_above=-999 required=5 tests=[AWL=-0.808, BAYES_50=0.001, HELO_EQ_AU=0.377, HOST_EQ_AU=0.327, HTML_MESSAGE=0.001, J_CHICKENPOX_23=0.6, RELAY_IS_203=0.994]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EX8vMAyAUiUd for <oauth@core3.amsl.com>; Wed, 5 May 2010 23:48:28 -0700 (PDT)
Received: from ipxcvo.tcif.telstra.com.au (ipxcvo.tcif.telstra.com.au [203.35.135.208]) by core3.amsl.com (Postfix) with ESMTP id CCECD3A6AD8 for <oauth@ietf.org>; Wed, 5 May 2010 23:48:27 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.52,339,1270389600"; d="scan'208,217";a="2446643"
Received: from unknown (HELO ipccvi.tcif.telstra.com.au) ([10.97.217.208]) by ipocvi.tcif.telstra.com.au with ESMTP; 06 May 2010 16:48:14 +1000
X-IronPort-AV: E=McAfee;i="5400,1158,5973"; a="1598746"
Received: from wsmsg3704.srv.dir.telstra.com ([172.49.40.197]) by ipccvi.tcif.telstra.com.au with ESMTP; 06 May 2010 16:48:14 +1000
Received: from WSMSG3153V.srv.dir.telstra.com ([172.49.40.159]) by WSMSG3704.srv.dir.telstra.com ([172.49.40.197]) with mapi; Thu, 6 May 2010 16:48:13 +1000
From: "Manger, James H" <James.H.Manger@team.telstra.com>
To: David Recordon <recordond@gmail.com>, OAuth WG <oauth@ietf.org>, "oauth-wrap-wg@googlegroups.com" <oauth-wrap-wg@googlegroups.com>
Date: Thu, 06 May 2010 16:48:12 +1000
Thread-Topic: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI
Thread-Index: Acrs2ve6UI+wx5v9Seu89IHJ0dbpIQAC/rMg
Message-ID: <255B9BB34FB7D647A506DC292726F6E112630738DB@WSMSG3153V.srv.dir.telstra.com>
References: <042e8761-8bb6-44b5-8b6f-5507bf254abf@e35g2000yqm.googlegroups.com> <k2ifd6741651005052213ye98c90f3wde4afededb8542a8@mail.gmail.com>
In-Reply-To: <k2ifd6741651005052213ye98c90f3wde4afededb8542a8@mail.gmail.com>
Accept-Language: en-US, en-AU
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US, en-AU
Content-Type: multipart/alternative; boundary="_000_255B9BB34FB7D647A506DC292726F6E112630738DBWSMSG3153Vsrv_"
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 May 2010 06:48:30 -0000
draft-ietf-oauth-v2 is the current document. http://tools.ietf.org/html/draft-ietf-oauth-v2 The IETF status page for the OAuth working group is a good place to point to: http://tools.ietf.org/wg/oauth/ It links to the latest drafts, mailing list, etc. (Eran’s individual submission draft-hammer-oauth2 became the IETF working group draft draft-ietf-oauth-v2) David, would you like to update http://wiki.oauth.net/OAuth-2.0? -- James Manger From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of David Recordon Sent: Thursday, 6 May 2010 3:14 PM To: OAuth WG; Blaine Cook Subject: Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI +OAuth IETF list -WRAP list to BCC Hi Kevin, OAuth 2.0 should be pretty simple for you to implement and any feedback your team has would be really appreciated! There are already implementations in Cocoa, Python, and Ruby list on the wiki at http://wiki.oauth.net/OAuth-2.0 and you find find the spec at http://tools.ietf.org/html/draft-hammer-oauth2-00. You may also be interested in the mobile web implementation we've built at Facebook. http://developers.facebook.com/docs/guides/mobile/ I'm also cc'ing Blaine Cook who lives in Ireland and might be able to present. Cheers, --David On Tue, May 4, 2010 at 4:20 AM, Kevin Smith, Vodafone <mrkrcsmith@googlemail.com<mailto:mrkrcsmith@googlemail.com>> wrote: Dear OAUTH WRAP group, My name is Kevin Smith of Vodafone R&D, and I lead a cross-mobile operator project called OneAPI ('Open Network Enablers') [1]. The aim is to provide a RESTful API to expose network functions such as location, messaging, payments and more to developers; with the reckoning that this will make it far easier to mash-up Web applications with network capabilities and reduce the time to reach all mobile subscribers in a territory. Thus far we have a live pilot implementation across the 3 major Canadian operators [2] and a non- commercial test site connected to 12 European operators [3], and will be releasing v1.0 specifications backed by the OMA this month. For the first release we did not attempt to prescribe an AAA model to operators, instead leaving them to reuse their own SDP AAA implementation for OneAPI. For our second phase now underway we would like to provide a recommended reference implementation AAA model for operators who are unsure how to allow secure API access whilst allowing user consent and privacy to be respected. Therefore we have discussed OAUTH as an ideal candidate that will be well-known to Web developers. My question regards the suitability of WRAP for such a reference implementation: the decoupling of authentication is good sense and would be welcome by operators, however it appears that WRAP is deprecated and is intended to be replaced by OAUTH 2.0 - is that right? Please could you provide any details on the plans for if/how the two will interoperate? If it's at all possible, we would very much welcome a member of the group to present on WRAP at one of our face-to- face meetings in London - if that is of interest please let me know and I can make arrangements. Thanks for your time and look forward to your advice. Kind regards, Kevin [1] http://www.gsmworld.com/oneapi [2] http://canada.oneapi.gsmworld.com/ [3] http://oneapi.aepona.com/ Kevin Smith Senior Technology Strategist, R&D Vodafone Technology E-mail: kevin.smith@vodafone.com<mailto:kevin.smith@vodafone.com> -- You received this message because you are subscribed to the Google Groups "OAuth WRAP WG" group. To post to this group, send email to oauth-wrap-wg@googlegroups.com<mailto:oauth-wrap-wg@googlegroups.com>. To unsubscribe from this group, send email to oauth-wrap-wg+unsubscribe@googlegroups.com<mailto:oauth-wrap-wg%2Bunsubscribe@googlegroups.com>. For more options, visit this group at http://groups.google.com/group/oauth-wrap-wg?hl=en.
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI David Recordon
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Manger, James H
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI David Recordon
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Kevin Smith
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Torsten Lodderstedt
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Igor Faynberg
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Kevin Smith
- Re: [OAUTH-WG] [WRAP] WRAP in GSMA OneAPI Torsten Lodderstedt