[OAUTH-WG] Shepherd Writeup for OAuth AMR
Hannes Tschofenig <hannes.tschofenig@gmx.net> Mon, 26 September 2016 12:02 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE8EC12B191 for <oauth@ietfa.amsl.com>; Mon, 26 Sep 2016 05:02:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.917
X-Spam-Level:
X-Spam-Status: No, score=-4.917 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-2.316, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zxaor6aEzN_2 for <oauth@ietfa.amsl.com>; Mon, 26 Sep 2016 05:01:55 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEC6812B199 for <oauth@ietf.org>; Mon, 26 Sep 2016 05:01:51 -0700 (PDT)
Received: from [192.168.91.133] ([80.92.122.18]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0Lk7T8-1bDlwM3RsY-00c7xf for <oauth@ietf.org>; Mon, 26 Sep 2016 14:01:49 +0200
To: "oauth@ietf.org" <oauth@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Message-ID: <ba8804ba-8276-b06a-8847-1574c78b2d53@gmx.net>
Date: Mon, 26 Sep 2016 14:01:47 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:13iABB/6pFaWFHkQSeMwKny9eVoGyAkXzw/f2zQZTNwp357KIzw vHfwdpTFBNut0On7O9hrsWbGci0GGPdZ9bx+JJDTqnFwUQl+pEQICMZiaSwwUj4IrVMmKAB bhpJoN4cm0/hBbrGsZKhKJOWkkceolWQioBZNqFMT0DBeLmC3n1gJZl83vmWKNtECWL3Uh1 vNZRf6wTAw2PkZkVb/mAg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:M0eUwPYyrNs=:O6CoTIQ74h+IxA24patQm0 HMCsI3wpkUwwuM0UF0AMOb/+ltf1hDvaRkhdfWVZPE/5aKhuGoH8bvekMVJkMG+KO6qlYDf6G 4eCbNwrKfTZbo8F00fpR37INqaLUowLikEO/zo3VbPQIsSCz7mUkjyP6mTCPd/aUYt0jCO+ax y3Mpt9VCxKex/Fel6Z5sehaWiatiaVL5SWF3giVrDvNZRTXHe2TsyZqxJW+EmMg1Gew0ELSM3 UXs3Ad9KKHEVyQvFXd2Truaz5alKLEOnkDVP3kRQOQ1/oSEIcDSHDPiiuQ3M2WFZK9dU4Zka+ dBhRnukPVThnTtoHTSpbpDnziTP2V2cJuUv81AHLQ3oVFGwvXoRlZWkuJINDCUjcGbR8gD3C7 eXuK16jVdxjsmYvX298HzjVG1vLW+orrEmmdqFmKiEgPQPKCPj8UghgZmW5Tju9z7dNE2vcrC osadSGvVndXAAVyTAl/+pwMf0+/kpgWeF9+Qcru9J3ZHtBwinYy21d9qnkWZsbHrcOuJ+VtxV ydQ9UoF1XFiMdRGtFMEOHrl6X6M+ZyegQTzkeRdZUqXTKtHsDfroyG7katVMK1IQxlbiqizxe XmAr24mY96MoZIrqTTeRpanud7inPM9CoZOFRyzVbNOTlIlSUw+EeK+DUOLI481n5Op0Z4TBT tQnpjEGzL5IcQ/bzrnSeukA7GXjq7gvr09nQrc6Api9hXLk76SGibLIRTBxyAT/CWdIpyMGRl jI++bpfb8uLl0618lp447uz7JzfrF1ydYP9V8w/oEp2s04dehVG3mRkePBX+FK2tlkhYleBTk oJTRvx9
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/VcWXnxCoM5g7lUiim-skNiXGToI>
Subject: [OAUTH-WG] Shepherd Writeup for OAuth AMR
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2016 12:02:02 -0000
Hi all, Here is the writeup for OAuth AMR: https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_AMR.txt There are some questions regarding the normative references. Currently, the list of normative references contains documents that would be clarified as downrefs (since they are informational RFCs). I wonder whether we could make the following references informative: [RFC4226] M'Raihi, D., Bellare, M., Hoornaert, F., Naccache, D., and O. Ranen, "HOTP: An HMAC-Based One-Time Password Algorithm", RFC 4226, DOI 10.17487/RFC4226, December 2005, <http://www.rfc-editor.org/info/rfc4226>. [RFC6238] M'Raihi, D., Machani, S., Pei, M., and J. Rydell, "TOTP: Time-Based One-Time Password Algorithm", RFC 6238, DOI 10.17487/RFC6238, May 2011, <http://www.rfc-editor.org/info/rfc6238>. [RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)", RFC 4211, DOI 10.17487/RFC4211, September 2005, <http://www.rfc-editor.org/info/rfc4211>. [JECM] Williamson, G., "Enhanced Authentication In Online Banking", Journal of Economic Crime Management 4.2: 18-19, 2006, <http://utica.edu/academic/institutes/ecii/publications/ articles/51D6D996-90F2-F468-AC09C4E8071575AE.pdf>. [MSDN] Microsoft, "Integrated Windows Authentication with Negotiate", September 2011, <http://blogs.msdn.com/b/benjaminperkins/ archive/2011/09/14/iis-integrated-windows-authentication- with-negotiate.aspx>. [NIST.800-63-2] National Institute of Standards and Technology (NIST), "Electronic Authentication Guideline", NIST Special Publication 800-63-2, August 2013, <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/ NIST.SP.800-63-2.pdf>. Comments on the shepherd writeup are welcome. Ciao Hannes
- [OAUTH-WG] Shepherd Writeup for OAuth AMR Hannes Tschofenig
- Re: [OAUTH-WG] Shepherd Writeup for OAuth AMR Mike Jones