IETF Logo Mail Archive

Re: [OAUTH-WG] First draft of OAuth 2.0

Anthony Nadalin <tonynad@microsoft.com> Wed, 24 March 2010 04:52 UTC

Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 658F83A6C6D for <oauth@core3.amsl.com>; Tue, 23 Mar 2010 21:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.469
X-Spam-Level:
X-Spam-Status: No, score=-9.469 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DNS_FROM_OPENWHOIS=1.13, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eK27JeeWRdOt for <oauth@core3.amsl.com>; Tue, 23 Mar 2010 21:52:56 -0700 (PDT)
Received: from smtp.microsoft.com (smtp.microsoft.com [131.107.115.215]) by core3.amsl.com (Postfix) with ESMTP id 816A03A6995 for <oauth@ietf.org>; Tue, 23 Mar 2010 21:52:56 -0700 (PDT)
Received: from TK5EX14MLTC103.redmond.corp.microsoft.com (157.54.79.174) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Tue, 23 Mar 2010 21:53:16 -0700
Received: from TK5EX14MBXC103.redmond.corp.microsoft.com ([169.254.3.164]) by TK5EX14MLTC103.redmond.corp.microsoft.com ([157.54.79.174]) with mapi; Tue, 23 Mar 2010 21:53:15 -0700
From: Anthony Nadalin <tonynad@microsoft.com>
To: David Recordon <recordond@gmail.com>, Torsten Lodderstedt <torsten@lodderstedt.net>, Chuck Mortimore <cmortimore@salesforce.com>, Mark Mcgloin <mark.mcgloin@ie.ibm.com>
Thread-Topic: [OAUTH-WG] First draft of OAuth 2.0
Thread-Index: AQHKymB6nlc9Lf05x0iW0aEXo7cly5H/3E6AgAACYICAAGPdgIAAQq1w
Date: Wed, 24 Mar 2010 04:53:14 +0000
Message-ID: <A08279DC79B11C48AD587060CD93977125EDADAF@TK5EX14MBXC103.redmond.corp.microsoft.com>
References: <OFF96BDDB5.0F452F7D-ON802576EF.003FF4EA-802576EF.0040455E@ie.ibm.com> <E558602B-48A1-4FB9-AB9D-0BC94DFCCC18@lodderstedt.net> <fd6741651003231047s419db471x98098a2e46aab168@mail.gmail.com>
In-Reply-To: <fd6741651003231047s419db471x98098a2e46aab168@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] First draft of OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Mar 2010 04:52:57 -0000

I don't think that Microsoft ever indicated that we need the SAML flows.

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of David Recordon
Sent: Tuesday, March 23, 2010 10:48 AM
To: Torsten Lodderstedt; Chuck Mortimore; Mark Mcgloin
Cc: OAuth WG
Subject: Re: [OAUTH-WG] First draft of OAuth 2.0

Hey Chuck,
Thanks for rewriting the SAML flow into the style of my draft!  I really appreciate it.

I originally dropped the SAML flow because I hadn't seen support for it on the mailing list(s) the past two months.  I think that our default should be making the spec as short and simple as possible so removed a few things from WRAP in order to start conversations like this one.  It's now clear that Google, Microsoft, Salesforce, and IBM all need the SAML profile.  Chuck, I'll merge your wording in.  Want to be listed as an author?

We're also going to need to figure out which flows should be in the core spec versus which should be developed at the same time but in individual documents.

Thanks,
--David

On Tue, Mar 23, 2010 at 4:50 AM, Torsten Lodderstedt <torsten@lodderstedt.net> wrote:
> +1 for assertion support
>
> what about enhancing the flow #2.4 to accept any kind of user 
> credentials (username/password, SAML assertions, other authz servers 
> tokens)
>
> regards,
> Torsten.
>
> Am 23.03.2010 um 12:42 schrieb Mark Mcgloin <mark.mcgloin@ie.ibm.com>:
>
>> +1 for assertion profile. Was there any reason why it was dropped?
>>
>> On 3/23/10, Chuck Mortimore wrote:
>>>
>>> Just getting a chance to review this - I apologize for not getting 
>>> this
>>
>> before the meeting started.
>>
>>> We'd like to see some form of an Assertion Profile, similar to 
>>> section
>>> 5.2
>>
>> from draft-hardt-oauth-01.   We have strong customer use-cases for an 
>> assertion based flow, specifically SAML bearer tokens, and I >believe 
>> Microsoft may have already shipped a minor variation on this ( 
>> wrap_SAML ) in Azure.
>>
>>
>> Mark McGloin
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email