Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
Torsten Lodderstedt <torsten@lodderstedt.net> Tue, 01 September 2015 16:03 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF7A61B3716 for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 09:03:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.251
X-Spam-Level:
X-Spam-Status: No, score=-2.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j09dik5lEOAm for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 09:03:49 -0700 (PDT)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.18.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80A361B41E5 for <oauth@ietf.org>; Tue, 1 Sep 2015 09:03:43 -0700 (PDT)
Received: from [80.187.113.166] (helo=[10.42.51.78]) by smtprelay02.ispgateway.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-SHA:256) (Exim 4.84) (envelope-from <torsten@lodderstedt.net>) id 1ZWo28-0005of-HC; Tue, 01 Sep 2015 18:03:41 +0200
User-Agent: K-9 Mail for Android
In-Reply-To: <BY2PR03MB442A1C544C1DE1B7608E971F56A0@BY2PR03MB442.namprd03.prod.outlook.com>
References: <20150901045617.CB44D187A98@rfc-editor.org> <55E544A6.3050203@gmx.net> <514ABD00-586C-4ABC-A867-698CBC50DA79@oracle.com> <BY2PR03MB442A1C544C1DE1B7608E971F56A0@BY2PR03MB442.namprd03.prod.outlook.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----F14VEAD3DIJ6UF5IHLNN6OG8CTR6BK"
Content-Transfer-Encoding: 8bit
From: Torsten Lodderstedt <torsten@lodderstedt.net>
Date: Tue, 01 Sep 2015 17:56:29 +0200
To: Mike Jones <Michael.Jones@microsoft.com>, Bill Mills <wimills@microsoft.com>, Phil Hunt <phil.hunt@oracle.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>
Message-ID: <4FCA2B2B-8AF8-464D-91ED-793D295C8DCB@lodderstedt.net>
X-Df-Sender: dG9yc3RlbkBsb2RkZXJzdGVkdC5uZXQ=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/VUGUncledls3QSPsOcgJc8kv34g>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 16:03:54 -0000
+1 Am 1. September 2015 17:44:12 MESZ, schrieb Mike Jones <Michael.Jones@microsoft.com>: >Congratulations, Bill! > >-----Original Message----- >From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Phil Hunt >Sent: Tuesday, September 01, 2015 8:14 AM >To: Hannes Tschofenig >Cc: oauth@ietf.org >Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication >and Security Layer (SASL) Mechanisms for OAuth > >+1 ! > >Phil > >> On Aug 31, 2015, at 23:24, Hannes Tschofenig ><hannes.tschofenig@gmx.net> wrote: >> >> FYI: Thanks to Bill for the hard work! >> >> -------- Forwarded Message -------- >> Subject: RFC 7628 on A Set of Simple Authentication and Security >Layer >> (SASL) Mechanisms for OAuth >> Date: Mon, 31 Aug 2015 21:56:17 -0700 (PDT) >> From: rfc-editor@rfc-editor.org >> Reply-To: ietf@ietf.org >> To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org >> CC: kitten@ietf.org, drafts-update-ref@iana.org, >> rfc-editor@rfc-editor.org >> >> A new Request for Comments is now available in online RFC libraries. >> >> >> RFC 7628 >> >> Title: A Set of Simple Authentication >> and Security Layer (SASL) Mechanisms >> for OAuth >> Author: W. Mills, T. Showalter, H. Tschofenig >> Status: Standards Track >> Stream: IETF >> Date: August 2015 >> Mailbox: wmills_92105@yahoo.com, >> tjs@psaux.com, >> Hannes.Tschofenig@gmx.net >> Pages: 21 >> Characters: 46408 >> Updates/Obsoletes/SeeAlso: None >> >> I-D Tag: draft-ietf-kitten-sasl-oauth-23.txt >> >> URL: >https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.rfc-editor.org%2finfo%2frfc7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=J1hIDrCTw8Xi1hMvg3ZaZ1xvdEFhol3BqHt2q6u6VWg%3d >> >> DOI: >https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdx.doi.org%2f10.17487%2fRFC7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fQVXZSXwbGDS7YVQ446RDFuPUxHNoLLwedzfrx0xKUE%3d >> >> OAuth enables a third-party application to obtain limited access to a > >> protected resource, either on behalf of a resource owner by >> orchestrating an approval interaction or by allowing the third-party >> application to obtain access on its own behalf. >> >> This document defines how an application client uses credentials >> obtained via OAuth over the Simple Authentication and Security Layer >> (SASL) to access a protected resource at a resource server. Thereby, > >> it enables schemes defined within the OAuth framework for >> non-HTTP-based application protocols. >> >> Clients typically store the user's long-term credential. This does, >> however, lead to significant security vulnerabilities, for example, >> when such a credential leaks. A significant benefit of OAuth for >> usage in those clients is that the password is replaced by a shared >> secret with higher entropy, i.e., the token. Tokens typically >provide >> limited access rights and can be managed and revoked separately from >> the user's long-term password. >> >> This document is a product of the Common Authentication Technology >> Next Generation Working Group of the IETF. >> >> This is now a Proposed Standard. >> >> STANDARDS TRACK: This document specifies an Internet Standards Track >> protocol for the Internet community, and requests discussion and >> suggestions for improvements. Please refer to the current edition of > >> the Official Internet Protocol Standards >> >(https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww. >> >rfc-editor.org%2fstandards&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=7JPZiamj4nhqHgthEPDIzgpqkvR%2fAA6bj4Ck5vijFPU%3d) >for the standardization state and status of this protocol. >Distribution of this memo is unlimited. >> >> This announcement is sent to the IETF-Announce and rfc-dist lists. >> To subscribe or unsubscribe, see >> >> >https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i >> >etf.org%2fmailman%2flistinfo%2fietf-announce&data=01%7c01%7cMichael.Jo >> >nes%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f14 >> >1af91ab2d7cd011db47%7c1&sdata=aGciLH4fsxKJ6MUO%2fPp6BMj3JFJ37oTjdaSJ5t >> WbEkg%3d >> >https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmailm >> >an.rfc-editor.org%2fmailman%2flistinfo%2frfc-dist&data=01%7c01%7cMicha >> >el.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf >> >86f141af91ab2d7cd011db47%7c1&sdata=agec9juMh0Zzn1mrY6avpBrLPlFfCs8zsyx >> 8bSLgDdc%3d >> >> For searching the RFC series, see >> >https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r >> >fc-editor.org%2fsearch&data=01%7c01%7cMichael.Jones%40microsoft.com%7c >> >9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c >> 1&sdata=veVw3wrA9Wz6CWTUfVTLCKAdduFgUDkiaabcuqFyRxc%3d >> For downloading RFCs, see >> >https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r >> >fc-editor.org%2frfc.html&data=01%7c01%7cMichael.Jones%40microsoft.com% >> >7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47% >> 7c1&sdata=93atgoSh8enZBPOxNfMophuutPvidnrfoMxOc0XmjS8%3d >> >> Requests for special distribution should be addressed to either the >> author of the RFC in question, or to rfc-editor@rfc-editor.org. >> Unless specifically noted otherwise on the RFC itself, all RFCs are >> for unlimited distribution. >> >> >> The RFC Editor Team >> Association Management Solutions, LLC >> >> >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> >https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i >> >etf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40mi >> >crosoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2 >> >d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU% >> 3d > >_______________________________________________ >OAuth mailing list >OAuth@ietf.org >https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%3d > >_______________________________________________ >OAuth mailing list >OAuth@ietf.org >https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authe… Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Phil Hunt
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Mike Jones
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Torsten Lodderstedt
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Bill Mills
- Re: [OAUTH-WG] RFC 7628 on A Set of Simple Authen… Justin Richer
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Bill Mills