Re: [OAUTH-WG] OAuth & Authentication: What can go wrong?
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Fri, 12 September 2014 06:50 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DA411A064F for <oauth@ietfa.amsl.com>; Thu, 11 Sep 2014 23:50:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.152
X-Spam-Level:
X-Spam-Status: No, score=-16.152 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JQ-xtshM-UE1 for <oauth@ietfa.amsl.com>; Thu, 11 Sep 2014 23:50:53 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB7C41A0584 for <oauth@ietf.org>; Thu, 11 Sep 2014 23:50:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=13957; q=dns/txt; s=iport; t=1410504653; x=1411714253; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=OIaf4lACs9ZUMuno5RnNN4Q9rfwcXkZq271gznX8YjY=; b=a6MsBoOX6qkmEzjRJUkBt5hH7gY6G7YNhBPLV+TBxJbhhlESRI5JdKL7 Y/g33V+TgcSW8ZbW8APXP84aZeUItRtR9BwlE0xvDT4jrUnGEhnfCOnbh rbfI1USA+zNmffH+Ogcvn0rFxvc66CiJpDefYInKpSLkcnubp3Q6Kb8tK o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AkQFALaWElStJV2Y/2dsb2JhbABggkdGU1cExm+BXwEJh04BgQ0WeIQDAQEBBAEBASo7BgsMBAIBCA4DBAEBCx0HIQYLFAkIAgQBDQUIiCYDEQ23DA2GfgEXjSCBXAEBHi0EBgEGA4MmgR0FhQyKKYFuKIQ1hHORDoY9g2FsgQ85gQcBAQE
X-IronPort-AV: E=Sophos;i="5.04,511,1406592000"; d="scan'208,217";a="354643907"
Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by rcdn-iport-8.cisco.com with ESMTP; 12 Sep 2014 06:50:51 +0000
Received: from xhc-aln-x01.cisco.com (xhc-aln-x01.cisco.com [173.36.12.75]) by rcdn-core-1.cisco.com (8.14.5/8.14.5) with ESMTP id s8C6opcl003190 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 12 Sep 2014 06:50:51 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.68]) by xhc-aln-x01.cisco.com ([173.36.12.75]) with mapi id 14.03.0195.001; Fri, 12 Sep 2014 01:50:51 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Antonio Sanso <asanso@adobe.com>, Gil Kirkpatrick <gil.kirkpatrick@viewds.com>
Thread-Topic: [OAUTH-WG] OAuth & Authentication: What can go wrong?
Thread-Index: AQHPzhALLE/wPPZ6HkaBxbovIenGypv82B+AgAAE/ACAAAtuAIAAGS8AgABhgAD//6xeoA==
Date: Fri, 12 Sep 2014 06:50:50 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A2832813F@xmb-rcd-x10.cisco.com>
References: <em7d1c74fc-9e92-4fdc-b198-c7f011f62f76@gilsdesktop> <CCB56177-EA8F-41D4-A21E-9A10EF27E977@adobe.com>
In-Reply-To: <CCB56177-EA8F-41D4-A21E-9A10EF27E977@adobe.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.21.127.220]
Content-Type: multipart/alternative; boundary="_000_913383AAA69FF945B8F946018B75898A2832813Fxmbrcdx10ciscoc_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/SvjPLafit3UWoWsp37KeJ3v2W7s
Cc: Derek Atkins <derek@ihtfp.com>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth & Authentication: What can go wrong?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Sep 2014 06:50:55 -0000
And me. -Tiru From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Antonio Sanso Sent: Friday, September 12, 2014 12:20 PM To: Gil Kirkpatrick Cc: Derek Atkins; oauth@ietf.org Subject: Re: [OAUTH-WG] OAuth & Authentication: What can go wrong? I would like to attend as well ... regards antonio On Sep 12, 2014, at 3:00 AM, Gil Kirkpatrick <gil.kirkpatrick@viewds.com<mailto:gil.kirkpatrick@viewds.com>> wrote: +1 for me. ------ Original Message ------ From: "John Bradley" <ve7jtb@ve7jtb.com<mailto:ve7jtb@ve7jtb.com>> To: "Nat Sakimura" <sakimura@gmail.com<mailto:sakimura@gmail.com>> Cc: "Derek Atkins" <derek@ihtfp.com<mailto:derek@ihtfp.com>>; "oauth@ietf.org<mailto:oauth@ietf.org>" <oauth@ietf.org<mailto:oauth@ietf.org>> Sent: 12/09/2014 9:30:50 AM Subject: Re: [OAUTH-WG] OAuth & Authentication: What can go wrong? And me Sent from my iPhone On Sep 11, 2014, at 7:49 PM, Nat Sakimura <sakimura@gmail.com<mailto:sakimura@gmail.com>> wrote: Add me, too. 2014-09-12 7:32 GMT+09:00 Anthony Nadalin <tonynad@microsoft.com<mailto:tonynad@microsoft.com>>: Add me -----Original Message----- From: OAuth [mailto:oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org>] On Behalf Of Hannes Tschofenig Sent: Thursday, September 11, 2014 3:30 PM To: oauth@ietf.org<mailto:oauth@ietf.org> Cc: Derek Atkins Subject: [OAUTH-WG] OAuth & Authentication: What can go wrong? Hi all, at the last IETF meeting Mike gave a presentation about the draft-hunt-oauth-v2-user-a4c and the conclusion following the discussion was to discuss the problems that happen when OAuth gets used for authentication. The goal of this effort is to document the problems in an informational document. Conference calls could start in about 2 weeks and we would like to know who would be interested to participate in such a discussion. Please drop us a private mail so that we can find suitable dates/times. Ciao Hannes & Derek _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] OAuth & Authentication: What can go wr… Hannes Tschofenig
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Anthony Nadalin
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Nat Sakimura
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Phil Hunt
- Re: [OAUTH-WG] OAuth & Authentication: What can g… John Bradley
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Gil Kirkpatrick
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Antonio Sanso
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Tirumaleswar Reddy (tireddy)
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Torsten Lodderstedt