IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth WG Re-Chartering

Mike Jones <Michael.Jones@microsoft.com> Thu, 22 March 2012 18:04 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FD7F21F850D for <oauth@ietfa.amsl.com>; Thu, 22 Mar 2012 11:04:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.832
X-Spam-Level:
X-Spam-Status: No, score=-3.832 tagged_above=-999 required=5 tests=[AWL=-0.234, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NzangzoeLNGT for <oauth@ietfa.amsl.com>; Thu, 22 Mar 2012 11:04:47 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe003.messaging.microsoft.com [213.199.154.206]) by ietfa.amsl.com (Postfix) with ESMTP id B0C5221F84FF for <oauth@ietf.org>; Thu, 22 Mar 2012 11:04:46 -0700 (PDT)
Received: from mail19-am1-R.bigfish.com (10.3.201.246) by AM1EHSOBE001.bigfish.com (10.3.204.21) with Microsoft SMTP Server id 14.1.225.23; Thu, 22 Mar 2012 18:04:37 +0000
Received: from mail19-am1 (localhost [127.0.0.1]) by mail19-am1-R.bigfish.com (Postfix) with ESMTP id 9A3A280136; Thu, 22 Mar 2012 18:04:37 +0000 (UTC)
X-SpamScore: -28
X-BigFish: VS-28(zzbb2dI9371I936eKc85fh98dKzz1202hzz1033IL8275bh8275dhz2fh2a8h668h839hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC101.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail19-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC101.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail19-am1 (localhost.localdomain [127.0.0.1]) by mail19-am1 (MessageSwitch) id 133243947652175_31841; Thu, 22 Mar 2012 18:04:36 +0000 (UTC)
Received: from AM1EHSMHS014.bigfish.com (unknown [10.3.201.241]) by mail19-am1.bigfish.com (Postfix) with ESMTP id 074384C0082; Thu, 22 Mar 2012 18:04:36 +0000 (UTC)
Received: from TK5EX14HUBC101.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS014.bigfish.com (10.3.207.152) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 22 Mar 2012 18:04:34 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.237]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.02.0283.004; Thu, 22 Mar 2012 18:04:30 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Justin Richer <jricher@mitre.org>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] OAuth WG Re-Chartering
Thread-Index: Ac0IUOwQCRIf4APwgUm5DSot8V56SQAAULKAAAB/3rA=
Date: Thu, 22 Mar 2012 18:04:28 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739436642CFEB@TK5EX14MBXC284.redmond.corp.microsoft.com>
References: <4E1F6AAD24975D4BA5B16804296739436642CE1A@TK5EX14MBXC284.redmond.corp.microsoft.com> <4F6B62E5.4070500@mitre.org>
In-Reply-To: <4F6B62E5.4070500@mitre.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.76]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739436642CFEBTK5EX14MBXC284r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2012 18:04:49 -0000

I agree that a goal of any OAuth dynamic registration work should be that it can be extended to meet the requirements of the OpenID Connect use case.  I'm sure that extensions would be required, as the Connect registration spec intentionally has knowledge built into it that is specific to choices made in Connect.  For instance, it provides ways to specify requested signature and encryption algorithms for JWTs used as ID Tokens and for signing and/or encrypting UserInfo Endpoint responses; it allows requested Authentication Context Class References to be specified, etc.

If a generic OAuth dynamic registration spec can't be extended to meet these use case needs, that would be a clear failure.  Extensions would be needed because this more specific functionality would likely not be in the more generic, presumably token-type-agnostic OAuth spec.

Also, as a timing issue, I expect the OpenID Connect specs to be final before there's a complete OAuth dynamic registration spec, for what it's worth.

                                                            -- Mike

From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Justin Richer
Sent: Thursday, March 22, 2012 10:36 AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering

I think it's a matter of politics and semantics: The real question is what do we officially build the IETF version off of? The WG can't officially start with the OIDF document due to IETF process, which makes sense. But there's nothing that says we can't start with Thomas's draft and be heavily influenced by the Connect draft, and make a new one as a real starting point for conversation.

If the Connect implementation still needs specific things, it can extend or profile the IETF version, and remain an OIDF document that normatively references the IETF document. This is where I see some real value -- the WG can focus on making a solid interoperable registration piece that different applications can extend and use as they see fit for the particulars of their use cases.

Does this pass muster with everyone?

 -- Justin

On 03/22/2012 01:26 PM, Mike Jones wrote:
I agree with John that submitting the OpenID Connect dynamic client registration spec to the IETF would make no sense.  It is intentionally specific to the requirements of the Connect use case.

I sent the link to it only so people could compare them, if interested.

-- Mike
________________________________
From: John Bradley
Sent: 3/22/2012 9:43 AM
To: Phil Hunt
Cc: Mike Jones; oauth@ietf.org<mailto:oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering

It is a OIDF spec at the moment.  We don't have any plan to submit it currently.

If there is a WG desire for that to happen the OIDF board would have to discuss making a submission.

All in all I don't know that it is worth the IPR Lawyer time, as Thomas has a quite similar ID Submission.

Anything is possible however.

John B.
On 2012-03-22, at 1:24 PM, Phil Hunt wrote:


Would the plan be for the Connect Registration spec to be submitted to IETF so they can become WG drafts?

The spec seems like a good starting point.

Phil

@independentid

[The entire original message is not included.]




_______________________________________________

OAuth mailing list

OAuth@ietf.org<mailto:OAuth@ietf.org>

https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email