Re: [OAUTH-WG] Rechartering
Eran Hammer-Lahav <eran@hueniverse.com> Thu, 20 October 2011 19:42 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC49D21F89BA for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 12:42:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.477
X-Spam-Level:
X-Spam-Status: No, score=-2.477 tagged_above=-999 required=5 tests=[AWL=0.122, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PbOXQN7V0z6z for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 12:42:38 -0700 (PDT)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by ietfa.amsl.com (Postfix) with SMTP id 19AA221F88A0 for <oauth@ietf.org>; Thu, 20 Oct 2011 12:42:38 -0700 (PDT)
Received: (qmail 19891 invoked from network); 20 Oct 2011 19:42:37 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 20 Oct 2011 19:42:36 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Thu, 20 Oct 2011 12:42:36 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, OAuth WG <oauth@ietf.org>
Date: Thu, 20 Oct 2011 12:42:26 -0700
Thread-Topic: [OAUTH-WG] Rechartering
Thread-Index: AQHMjuZXC/llWGbx10K50cRi4wxHDZWFlltggAAMDYA=
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723452631E9186@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <725EAF50-3A82-4AAE-8C60-6D4C4AE52A79@gmx.net> <4E1F6AAD24975D4BA5B16804296739435C24DA48@TK5EX14MBXC283.redmond.corp.microsoft.com>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739435C24DA48@TK5EX14MBXC283.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Rechartering
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 19:42:38 -0000
What possible rational is there for SWD to belong in the OAuth working group and in the security area? EHL > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Mike Jones > Sent: Thursday, October 20, 2011 12:12 PM > To: Hannes Tschofenig; OAuth WG > Subject: Re: [OAUTH-WG] Rechartering > > Thanks, Hannes. Here's my prioritized list of new work: > > 1. JSON Web Token (JWT) > 2. Simple Web Discovery (SWD) > 3. JSON Web Token (JWT) Bearer Token Profile > 4. Token Revocation > > My prioritized list of existing work items to complete after the core and > bearer specs are: > > A. Assertions Specification > B. SAML Bearer Token Profile > > I am ambivalent about whether the working group takes on most of the > other work items. > > Responding to Eran's comments on SWD versus host-meta, these specs have > significantly different goals and use substantially different mechanisms with > different privacy characteristics. Also, if you compare the relative complexity > of the example at http://tools.ietf.org/html/draft-hammer-hostmeta- > 17#appendix-A versus the example at http://tools.ietf.org/html/draft-jones- > simple-web-discovery-01#section-1, you can see why SWD was chosen for > use in OpenID Connect to discover OAuth authorization and resource server > endpoints. > > -- Mike > > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of Hannes Tschofenig > Sent: Wednesday, October 19, 2011 10:09 PM > To: OAuth WG > Subject: [OAUTH-WG] Rechartering > > Hi all, > > in preparation of the upcoming IETF meeting Barry and I would like to start a > re-chartering discussion. We both are currently attending the Internet > Identity Workshop and so we had the chance to solicit input from the > participants. This should serve as a discussion starter. > > Potential future OAuth charter items (in random order): > > ---------------- > > 1) Dynamic Client Registration Protocol > > Available document: > http://datatracker.ietf.org/doc/draft-hardjono-oauth-dynreg/ > > 2) Token Revocation > > Available document: > http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/ > > 3) UMA > > Available document: > http://datatracker.ietf.org/doc/draft-hardjono-oauth-umacore/ > > 4) Client Instance Extension > > Available document: > http://tools.ietf.org/id/draft-richer-oauth-instance-00.txt > > 5) XML Encoding > > Available document: > http://tools.ietf.org/id/draft-richer-oauth-xml-00.txt > > 6) JSON Web Token > > Available document: > http://tools.ietf.org/html/draft-jones-json-web-token-05 > > 7) JSON Web Token (JWT) Bearer Profile > > Available document: > http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-00 > > 8) User Experience Extension > > Available document: > http://tools.ietf.org/html/draft-recordon-oauth-v2-ux-00 > > 9) Request by Reference > > Available document: > http://tools.ietf.org/html/draft-sakimura-oauth-requrl-00 > > 10) Simple Web Discovery > > Available document: > http://tools.ietf.org/html/draft-jones-simple-web-discovery-00 > > ---------------- > > We have the following questions: > > a) Are you interested in any of the above-listed items? (as a reviewer, co- > author, implementer, or someone who would like to deploy). It is also useful > to know if you think that we shouldn't work on a specific item. > > b) Are there other items you would like to see the group working on? > > Note: In case your document is expired please re-submit it. > > Ciao > Hannes & Barry > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] Rechartering Thomas Hardjono
- [OAUTH-WG] Rechartering Hannes Tschofenig
- Re: [OAUTH-WG] Rechartering Hannes Tschofenig
- Re: [OAUTH-WG] Rechartering David Recordon
- Re: [OAUTH-WG] Rechartering Torsten Lodderstedt
- Re: [OAUTH-WG] Rechartering Christian Scholz
- Re: [OAUTH-WG] Rechartering Brian Campbell
- Re: [OAUTH-WG] Rechartering Igor Faynberg
- Re: [OAUTH-WG] Rechartering Justin Richer
- Re: [OAUTH-WG] Rechartering Mark Mcgloin
- Re: [OAUTH-WG] Rechartering Torsten Lodderstedt
- Re: [OAUTH-WG] Rechartering Eve Maler
- Re: [OAUTH-WG] Rechartering Eliot Lear
- Re: [OAUTH-WG] Rechartering Mark Mcgloin
- Re: [OAUTH-WG] Rechartering Anthony Nadalin
- Re: [OAUTH-WG] Rechartering Mike Jones
- Re: [OAUTH-WG] Rechartering Eve Maler
- Re: [OAUTH-WG] Rechartering Eran Hammer-Lahav
- [OAUTH-WG] Rechartering Hannes Tschofenig
- Re: [OAUTH-WG] Rechartering Eran Hammer-Lahav
- Re: [OAUTH-WG] Rechartering Barry Leiba
- Re: [OAUTH-WG] Rechartering Richer, Justin P.
- Re: [OAUTH-WG] Rechartering Hannes Tschofenig
- Re: [OAUTH-WG] Rechartering Eran Hammer-Lahav
- Re: [OAUTH-WG] Rechartering Eran Hammer-Lahav
- Re: [OAUTH-WG] Rechartering Mike Jones
- Re: [OAUTH-WG] Rechartering Eran Hammer-Lahav
- Re: [OAUTH-WG] Rechartering Hannes Tschofenig
- Re: [OAUTH-WG] Rechartering Igor Faynberg
- Re: [OAUTH-WG] Rechartering Torsten Lodderstedt
- Re: [OAUTH-WG] Rechartering Nat Sakimura
- Re: [OAUTH-WG] Rechartering Dan Taflin
- Re: [OAUTH-WG] Rechartering Dave Rochwerger
- Re: [OAUTH-WG] Rechartering Dan Taflin
- Re: [OAUTH-WG] Rechartering Dave Rochwerger
- Re: [OAUTH-WG] Rechartering Eran Hammer-Lahav
- Re: [OAUTH-WG] Rechartering Torsten Lodderstedt
- Re: [OAUTH-WG] Rechartering Igor Faynberg
- Re: [OAUTH-WG] Rechartering Nat Sakimura
- Re: [OAUTH-WG] Rechartering JSON based request. John Bradley
- Re: [OAUTH-WG] Rechartering John Bradley
- Re: [OAUTH-WG] Rechartering JSON based request. Torsten Lodderstedt
- Re: [OAUTH-WG] Rechartering JSON based request. Igor Faynberg
- Re: [OAUTH-WG] Rechartering JSON based request. Igor Faynberg
- Re: [OAUTH-WG] Rechartering JSON based request. John Bradley
- Re: [OAUTH-WG] Rechartering JSON based request. torsten
- Re: [OAUTH-WG] Rechartering JSON based request. Phil Hunt
- Re: [OAUTH-WG] Rechartering JSON based request. Mike Jones
- Re: [OAUTH-WG] Rechartering JSON based request. Phil Hunt
- Re: [OAUTH-WG] Rechartering Multi Token Ressponse. John Bradley
- Re: [OAUTH-WG] Rechartering JSON based request. George Fletcher
- Re: [OAUTH-WG] Rechartering JSON based request. Nat Sakimura
- Re: [OAUTH-WG] Rechartering Dick Hardt
- Re: [OAUTH-WG] Rechartering William Mills
- Re: [OAUTH-WG] Rechartering John Bradley
- Re: [OAUTH-WG] Rechartering Eran Hammer-Lahav
- Re: [OAUTH-WG] Rechartering Anthony Nadalin
- Re: [OAUTH-WG] Rechartering JSON based request. Torsten Lodderstedt
- Re: [OAUTH-WG] Rechartering JSON based request. John Bradley
- Re: [OAUTH-WG] Rechartering Dick Hardt