Re: [OAUTH-WG] Setting Course
David Recordon <recordond@gmail.com> Sat, 16 January 2010 04:06 UTC
Return-Path: <recordond@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 817783A6452 for <oauth@core3.amsl.com>; Fri, 15 Jan 2010 20:06:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.134
X-Spam-Level:
X-Spam-Status: No, score=-2.134 tagged_above=-999 required=5 tests=[AWL=0.465, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d5ARZvg81Hiu for <oauth@core3.amsl.com>; Fri, 15 Jan 2010 20:06:10 -0800 (PST)
Received: from mail-iw0-f201.google.com (mail-iw0-f201.google.com [209.85.223.201]) by core3.amsl.com (Postfix) with ESMTP id 4ECD53A6804 for <oauth@ietf.org>; Fri, 15 Jan 2010 20:06:10 -0800 (PST)
Received: by iwn39 with SMTP id 39so997375iwn.32 for <oauth@ietf.org>; Fri, 15 Jan 2010 20:06:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=KAoZ6rbjnESduFw/rF/T5dnPGjDUiyliARl51UJqfTE=; b=aJWlIjd/DAsK9/10mpl0+fQL+uiudCuFGlCMt7w+vEHhwtfoUYhwugf/VF1H9REV4C tvPi+9555AdWs9EboWggyvgVnRHepnEaghyEhXW8BSaobqDPCJ02BFWTlXuHHSczYEEq 6DeTu5SM0ZGpuFS/7zX1UXSV2OafwPv8LG8AE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=KNHg/+v6DJA78kie1QeXtq3zJjQMimN/oKNidLeM+RIcLpVXbXs3jt826Xz+FOICIq YrXuZUAIrrCbJ7rmG9HI2EmOsFLYYdF3XRxsm8OVmHmp9ugX5ONTDcM7M8NVOFEDOpsF clNhhxK72F5TfP1pkBtsvT8TOYaxmYgNmhBFQ=
MIME-Version: 1.0
Received: by 10.231.40.216 with SMTP id l24mr3281482ibe.40.1263614764505; Fri, 15 Jan 2010 20:06:04 -0800 (PST)
In-Reply-To: <C773AB13.2D05A%eran@hueniverse.com>
References: <C773AB13.2D05A%eran@hueniverse.com>
Date: Fri, 15 Jan 2010 20:06:04 -0800
Message-ID: <fd6741651001152006of0df0e0rdaf85e56074df781@mail.gmail.com>
From: David Recordon <recordond@gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Setting Course
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 16 Jan 2010 04:06:11 -0000
Yes, those two drafts make sense. From other threads it sounds like we're making progress on the Authentication draft which will both support signatures (ala OAuth 1.x) and plaintext plus SSL/TLS (ala WRAP). I'll try to start working toward consensus on the core flows we'd like to support in the Authorization draft next week. --David On Wed, Jan 13, 2010 at 4:53 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote: > I think the goal of the next two months is to produce two semi-stable drafts > covering the two parts of the protocol: > > 1. Authentication - how to make authenticated requests / signed messages > using token credentials. This will be based on my token auth draft [1] as a > starting point. There are a few open issues to decide based on feedback > received from Panzer and Eaton which I will post about shortly. > > 2. Authorization - how to obtain a set of token credentials using web > redirection and other flows introduced by WRAP. This will be a new draft > using the web-delegation draft [2] skeleton and the flows in WRAP section 5 > [3]. There are many open issues to decide, starting with which flows to > keep, which to move to an extension, and if there are additional ones to > add. > > These drafts will be locked before the WG meeting to allow review and will > be discussed at the meeting. We will also discuss any charter changes > required to accommodate the drafts. This approach will allow us to focus on > the work and worry about the charter at the meeting. This will ensure we > ground the process in actual technical consensus. > > Comments? > > EHL > > [1] http://tools.ietf.org/html/draft-hammer-http-token-auth > [2] http://tools.ietf.org/html/draft-ietf-oauth-web-delegation > [3] http://bit.ly/oauth-wrap > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Setting Course Eran Hammer-Lahav
- Re: [OAUTH-WG] Setting Course Peter Saint-Andre
- Re: [OAUTH-WG] Setting Course Eran Hammer-Lahav
- Re: [OAUTH-WG] Setting Course Peter Saint-Andre
- Re: [OAUTH-WG] Setting Course David Recordon