Re: [OAUTH-WG] Which draft to use as a starting point for 'using a token'?
Dick Hardt <dick.hardt@gmail.com> Thu, 11 February 2010 03:52 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 44FAF3A7255 for <oauth@core3.amsl.com>; Wed, 10 Feb 2010 19:52:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kjR4fvy5FomJ for <oauth@core3.amsl.com>; Wed, 10 Feb 2010 19:52:14 -0800 (PST)
Received: from mail-pz0-f174.google.com (mail-pz0-f174.google.com [209.85.222.174]) by core3.amsl.com (Postfix) with ESMTP id 4D19E3A7509 for <oauth@ietf.org>; Wed, 10 Feb 2010 19:52:14 -0800 (PST)
Received: by pzk4 with SMTP id 4so209831pzk.5 for <oauth@ietf.org>; Wed, 10 Feb 2010 19:53:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=nPwJkyW7/gLYk96IEXcl5Dn2haZgGQCBQhs42sv3NXc=; b=oyRK6pgigQM6Ry5zlXE27wDa9WVmGI36CEDZ3KWMdhII9rJu2sLEvJqWO80dxkeU1t 6McKHg82C6gulvB+lQzh8Oh/c72/b4/JjkeHKLIU+DykNwCycPDfMIV7CBdQKVPwr8el pbbMFXkbXyEAjJgvLzkjyOzpk3M/3cOUytE4o=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=nkMIi+wb+OwOnuciLljDK3JKzpH1nw5VSlQAaT8Wo5Q5olOyvaNNVL1yS8U9YWWzoJ lytPTmJNe5dquPZhhKHG7u8zYQ/93i7MiWCTn5e1+NSI3uDFmwGh8XHbL05VQqdfL8AH NkEkPqC7atSeaZrqVaEtL+ySpvMUEVQWm6Gwc=
Received: by 10.141.13.6 with SMTP id q6mr781095rvi.146.1265860403163; Wed, 10 Feb 2010 19:53:23 -0800 (PST)
Received: from ?192.168.1.236? (c-24-17-212-68.hsd1.wa.comcast.net [24.17.212.68]) by mx.google.com with ESMTPS id 21sm684779pzk.11.2010.02.10.19.53.22 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 10 Feb 2010 19:53:22 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E723437DFDDD98F@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Wed, 10 Feb 2010 19:53:21 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <99605412-342E-444E-8C61-83773C9D6669@gmail.com>
References: <90C41DD21FB7C64BB94121FBBC2E723437DFDDD98F@P3PW5EX1MB01.EX1.SECURESERVER.NET>
To: Eran Hammer-Lahav <eran@hueniverse.com>
X-Mailer: Apple Mail (2.1077)
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Which draft to use as a starting point for 'using a token'?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2010 03:52:15 -0000
How about using draft-hardt-oauth-wrap and adding a section for how the Client can sign? -- Dick On 2010-02-04, at 11:28 PM, Eran Hammer-Lahav wrote: > On the call today I clarified what is going on with all the different drafts. In brief: > > draft-hammer-oauth - documentation of the OAuth 1.0 Rev A (with changes) protocol. This is done and should be approved by the IESG shortly for publication. > > draft-ietf-oauth-authentication - the part of OAuth 1.0 dealing with 'how to use a token after you obtain it'. > draft-ietf-oauth-web-delegation - the part of OAuth 1.0 rev A dealing with 'getting a token'. > > draft-hammer-http-token-auth - an alternative proposal (meant to replace draft-ietf-oauth-authentication) which builds on top of OAuth 1.0 but cleans up the structure and removes the client credentials when accessing protected resources. It also changes how the request is normalized into a string before signing. > > We have three options for moving forward with 'how to use a token'. Start with: > > 1. draft-ietf-oauth-authentication > 2. draft-hammer-http-token-auth > 3. something else* > > * Do not suggest something else unless you are going to submit a proposal. It doesn't have to be an I-D, I am happy to do the editorial work but I will need a detailed proposal that is enough to turn into a specification. > > Pick. > > EHL > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Which draft to use as a starting point… Eran Hammer-Lahav
- Re: [OAUTH-WG] Which draft to use as a starting p… Eran Hammer-Lahav
- Re: [OAUTH-WG] Which draft to use as a starting p… Paul C. Bryan
- Re: [OAUTH-WG] Which draft to use as a starting p… Dick Hardt
- Re: [OAUTH-WG] Which draft to use as a starting p… Greg Brail
- Re: [OAUTH-WG] Which draft to use as a starting p… Eran Hammer-Lahav
- Re: [OAUTH-WG] Which draft to use as a starting p… Eran Hammer-Lahav