IETF Logo Mail Archive

Re: [oauth] OAUTH Charter Proposal

"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Mon, 02 February 2009 07:00 UTC

Return-Path: <oauth-bounces@ietf.org>
X-Original-To: oauth-archive@ietf.org
Delivered-To: ietfarch-oauth-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6A7EA3A6870; Sun, 1 Feb 2009 23:00:21 -0800 (PST)
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D4CFF3A6870 for <oauth@core3.amsl.com>; Sun, 1 Feb 2009 23:00:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.614
X-Spam-Level:
X-Spam-Status: No, score=-3.614 tagged_above=-999 required=5 tests=[AWL=-1.015, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f67qSs5njUXC for <oauth@core3.amsl.com>; Sun, 1 Feb 2009 23:00:19 -0800 (PST)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net [217.115.75.234]) by core3.amsl.com (Postfix) with ESMTP id CE5713A63D2 for <oauth@ietf.org>; Sun, 1 Feb 2009 23:00:15 -0800 (PST)
Received: from demuprx017.emea.nsn-intra.net ([10.150.129.56]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id n126xt0g011498 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for <oauth@ietf.org>; Mon, 2 Feb 2009 07:59:55 +0100
Received: from demuexc024.nsn-intra.net (demuexc024.nsn-intra.net [10.159.32.11]) by demuprx017.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id n126xt8h013568 for <oauth@ietf.org>; Mon, 2 Feb 2009 07:59:55 +0100
Received: from FIESEXC015.nsn-intra.net ([10.159.0.23]) by demuexc024.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.3959); Mon, 2 Feb 2009 07:59:54 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Mon, 02 Feb 2009 09:00:39 +0200
Message-ID: <3D3C75174CB95F42AD6BCC56E5555B45FFEE62@FIESEXC015.nsn-intra.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Re: [oauth] OAUTH Charter Proposal
Thread-Index: AcmFA/TGyhpZcEERTZ2O37rALUIGkw==
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
To: oauth@ietf.org
X-OriginalArrivalTime: 02 Feb 2009 06:59:54.0832 (UTC) FILETIME=[DA298500:01C98503]
Subject: Re: [oauth] OAUTH Charter Proposal
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Oauth bof discussion <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: oauth-bounces@ietf.org
Errors-To: oauth-bounces@ietf.org

Hi Chris, 

First, small typo: "OAuth consist of:" should be "OAuth consists of:"

[hannes] Thanks. Fixed.

Second, w/r/t to this:


	Furthermore, Oauth 1.0 defines three signature methods used to
protect requests, namely PLAINTEXT, HMAC-SHA1, and RSA-SHA1. The group
will work on new signature methods in case the existing mechanisms do
not fulfill the security requirements. 


Where are the "security requirements" coming from? Are these defined
separately? Whose are they?

[hannes] I think a pragmatic approach is sensible here: a document that
describes a new mechanism might want to say what requirements guided the
solution and thereby provide some motivation.  

I was not thinking of an independent requirements document. I don't
think that it is well spent time. 

Ciao
Hannes



Chris 


_______________________________________________
oauth mailing list
oauth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email