IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth 1.0a

Ryan Troll <rtroll@googlers.com> Tue, 14 August 2012 23:27 UTC

Return-Path: <rtroll@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D25421E80C4 for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 16:27:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.676
X-Spam-Level:
X-Spam-Status: No, score=-102.676 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 37jJRkcFJPiD for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 16:27:47 -0700 (PDT)
Received: from mail-qc0-f172.google.com (mail-qc0-f172.google.com [209.85.216.172]) by ietfa.amsl.com (Postfix) with ESMTP id 6016621E80A4 for <oauth@ietf.org>; Tue, 14 Aug 2012 16:27:47 -0700 (PDT)
Received: by qcac10 with SMTP id c10so908038qca.31 for <oauth@ietf.org>; Tue, 14 Aug 2012 16:27:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlers.com; s=googlers; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record; bh=kN7/OjTS8/xr7Q8flg0n8ccuGwrg0xewZsJ3WpMV8Bc=; b=HqWNCmLSeFOcb6F0Ok51V1Q9X156NHw1BE8oThlx6jOr1OwNWZZQw+huxLHO3y2kcj rIw8c9Pj7wk6J/eEmMzKv8p3quZZrQyaPFMs/9g2IczJCvz8LhopPgVne8lSct7FFvuA cYzWlXNE1ZyJjr1/1dugpALf8U4DwPUSwe2g8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-system-of-record:x-gm-message-state; bh=kN7/OjTS8/xr7Q8flg0n8ccuGwrg0xewZsJ3WpMV8Bc=; b=QG7X7ERAtgPcIX+MsJ9Y20JFPitDYwN/BnnEr/GR4SZk5Ck7w7M3zltWjz2MM6XP9e JOPiW9L+gaUo0Oi2+HVVhhGlDSi9F2qFWgZsln6JLgeWFwtMad8ku1grLhaQhWNhRaUs FeJUqCOOxz97hwqLj74XyFeaN+ra/m2aYjVaDZlNVU2Uc1t1HZWgN/NQn7scKmhzsm6K TbDgRtuOd53QiLpdczxBbx2BO+KpqIwutGNuS3uHulZUDx0X1futZ2pgOBWIAQPIWgPQ s4Z76+CzKD6I6v+Wx43sMrk9RsHxkOuZT+M9sqto2GYLiVmyoF3t0euT6q4R3YZg5+7x iQhA==
Received: by 10.229.134.202 with SMTP id k10mr467531qct.71.1344986866717; Tue, 14 Aug 2012 16:27:46 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.134.202 with SMTP id k10mr467521qct.71.1344986866466; Tue, 14 Aug 2012 16:27:46 -0700 (PDT)
Received: by 10.229.134.13 with HTTP; Tue, 14 Aug 2012 16:27:46 -0700 (PDT)
In-Reply-To: <CA388970-E08B-4C5E-A5BA-A8DC2CA9C4D5@gmail.com>
References: <1344972117.60342.YahooMailNeo@web31802.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B168042967394366777A7F@TK5EX14MBXC283.redmond.corp.microsoft.com> <1344973056.51964.YahooMailNeo@web31812.mail.mud.yahoo.com> <502AAA2D.1050404@lodderstedt.net> <1344974023.98979.YahooMailNeo@web31804.mail.mud.yahoo.com> <CA388970-E08B-4C5E-A5BA-A8DC2CA9C4D5@gmail.com>
Date: Tue, 14 Aug 2012 16:27:46 -0700
Message-ID: <CAPe4CjpVb7SgQLBRTMokNJ14q7Xc8Qezy7LLBMMfPiCMa0hkFg@mail.gmail.com>
From: Ryan Troll <rtroll@googlers.com>
To: Dick Hardt <dick.hardt@gmail.com>
Content-Type: multipart/alternative; boundary="00248c711815673fa004c74228a4"
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQnjqiHBSOuCt6HG8XGlSexMKK4hDd6ibn4xAXd9VODKGztfvsJ0+X341+u2UigMFPTRvBKxYLZzWAG8TLMs8I1OTtMUnM9M2H2UkipQibhzotut8pIPKUHr6giMuga9z8ma6ER49ucekDK0gzW7+q2XuttcOrPrYRN5H5ObxBadsjobjuoMRpSzCTnFx+W/W8oPfhza
Cc: O Auth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 1.0a
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2012 23:27:48 -0000

And our SASL for IMAP (and SMTP) support for OAuth 2.0 will be launching in
the very near future.

The implementation conforms to draft-ietf-kitten-sasl-oauth-03, except for
the mechanism name.  (We're launching with an alternate mechanism name, so
that we don't conflict with the standard when it is completed.)  Once this
standard is published, we'll also add support for it.

-R


On Tue, Aug 14, 2012 at 2:11 PM, Dick Hardt <dick.hardt@gmail.com> wrote:

> FYI: Google's SASL for IMAP is with OAuth 1.0A -- took me a while to get
> it working.
>
> On Aug 14, 2012, at 12:53 PM, William Mills wrote:
>
> I want to get the SASL work done.   HoK is interesting, but I've become
> convinced that it's not actually anything that needs it's own spec, you can
> do HoK with MAC or any other signed scheme by including the needed proof of
> ownership in the token.   HoK, however it works out, is unlikely to vary a
> lot from the elements that would currently be needed to support MAC or 1.0a
> and if needed can just extend the SASL mechanism.
>
> -bill
>
>   ------------------------------
> *From:* Torsten Lodderstedt <torsten@lodderstedt.net>
> *To:* William Mills <wmills_92105@yahoo.com>
> *Cc:* Mike Jones <Michael.Jones@microsoft.com>; O Auth WG <oauth@ietf.org>
>
> *Sent:* Tuesday, August 14, 2012 12:42 PM
> *Subject:* Re: [OAUTH-WG] OAuth 1.0a
>
>  Hi Bill,
>
> do you need to specify this aspect of your SASL profile now? Why don't you
> wait for the group to complete the work on signing/HoK?
>
> You could also contribute your use cases to drive the discussion.
>
> best regards,
> Torsten.
>
> Am 14.08.2012 21:37, schrieb William Mills:
>
>  It's for the OAUTH SASL spec.  I've been writing it with the idea that
> OAuth 1.0a would work (since I think we'll have extant 1.0a typ[e tokens we
> want to allow for IMAP), but several folks were saying when this all
> started that 1.0a was dead and I should not refer to it.
>
>  I want to make sure the SASL mechanism is build to properly handle
> signed auth schemes and not just bearer (cookie) type.
>
>  -bill
>
>    ------------------------------
> *From:* Mike Jones <Michael.Jones@microsoft.com><Michael.Jones@microsoft.com>
> *To:* William Mills <wmills_92105@yahoo.com> <wmills_92105@yahoo.com>; O
> Auth WG <oauth@ietf.org> <oauth@ietf.org>
> *Sent:* Tuesday, August 14, 2012 12:28 PM
> *Subject:* RE: [OAUTH-WG] OAuth 1.0a
>
>   What problem are you trying to solve?
>
>  *From:* oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org<oauth-bounces@ietf.org>]
> *On Behalf Of *William Mills
> *Sent:* Tuesday, August 14, 2012 12:22 PM
> *To:* O Auth WG
> *Subject:* [OAUTH-WG] OAuth 1.0a
>
>  What's the general opinion on 1.0a?  Am I stepping in something if I
> refer to it in another draft?  I want to reference an auth scheme that uses
> signing and now MAC is apparently going back to the drawing board, so I'm
> thinking about using 1.0a.
>
>  Thanks,
>
>  -bill
>
>
>
>
> _______________________________________________
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
>
>
>
>  _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

v2.23.0 | Report a Bug | By Email