[OAUTH-WG] Fwd: IETF#89 OAuth Meeting Summary
Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 04 March 2014 18:06 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 906641A02EF for <oauth@ietfa.amsl.com>; Tue, 4 Mar 2014 10:06:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.447
X-Spam-Level:
X-Spam-Status: No, score=-2.447 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fmuEqmoOSW8j for <oauth@ietfa.amsl.com>; Tue, 4 Mar 2014 10:06:11 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id EBC651A0187 for <oauth@ietf.org>; Tue, 4 Mar 2014 10:06:03 -0800 (PST)
Received: from [192.168.10.253] ([31.133.162.210]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0LkgEO-1Wt8553YKy-00aUPN for <oauth@ietf.org>; Tue, 04 Mar 2014 19:05:59 +0100
Message-ID: <53161606.9000404@gmx.net>
Date: Tue, 04 Mar 2014 19:05:58 +0100
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: oauth@ietf.org
References: <53160654.3030708@gmx.net>
In-Reply-To: <53160654.3030708@gmx.net>
X-Enigmail-Version: 1.5.2
X-Forwarded-Message-Id: <53160654.3030708@gmx.net>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="9L572VGHvloP7uaa3arsjmaPNtewaXn2G"
X-Provags-ID: V03:K0:lC+kkexGlMfKvnOalQnLXGQQ4CC+VKBvbl9QBX49H+C0HrO1CVx k/o528BVhzEZeg0y6nrSffDPNUgxPGEosaxXJUxp0Z6YX0/5ivup9LE0HGmRqUQ5sDCssKz YyTIo6fmhEY4L09lLQSp8QAAU54/io2wwsPntMwiB5chcijQmzUd6aksNRmZrebHHxsZTwW 2w8Azt771RoWtFRYCqVHA==
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/Vn7_g0kW1qcT1PFN8DJgL2_CQq4
Subject: [OAUTH-WG] Fwd: IETF#89 OAuth Meeting Summary
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Mar 2014 18:06:18 -0000
FYI: Here is the summary I sent to the SAAG list. -------- Original Message -------- Subject: IETF#89 OAuth Meeting Summary Date: Tue, 04 Mar 2014 17:59:00 +0100 From: Hannes Tschofenig <hannes.tschofenig@gmx.net> To: saag@ietf.org This morning we had our OAuth working group meeting and here is a short summary of the discussion. * JSON Web Token (JWT) Mike Jones, specification editor, has updated the specification to incorporate the remaining WGLC review comments. The reviewers will have to check whether their feedback has been addresses appropriately. The document is then ready to be forwarded to the IESG for publication but the completion will depend on the finalization of the work in the JOSE WG. The chairs will work on the shepherd write-up. * Assertions The group worked on the use of assertions for client authentication as well as an authorization grant type. The work is documented in three specifications (draft-ietf-oauth-assertions-14, draft-ietf-oauth-jwt-bearer-07, and draft-ietf-oauth-saml2-bearer-18). The assertion framework and the SAML bearer specification are completed and waiting for a publication request by the chairs. During the meeting we decided to put the third document, draft-ietf-oauth-jwt-bearer-07, forward to the IESG at the same time as the other two documents for easier readability. Since draft-ietf-oauth-jwt-bearer-07 depends on the completion of the JWT specification, and that furthermore depends on the work in the JOSE WG to complete there might be a little bit of delay. * Dynamic Client Registration A large part of the time was used to discuss this topic. There are currently three document: - Core: draft-ietf-oauth-dyn-reg-16 - Meta-data: draft-ietf-oauth-dyn-reg-metadata-00 - Management: draft-ietf-oauth-dyn-reg-management-00 The core and meta-data was seen as rather uncontroversial but these two documents will require reviews and several persons volunteered. The management specification, however, raised questions. Concerns were raised about the maturity of the work and suggestions were to add text to the draft to highlight that it is only one possible solution. Changing the document to an Informational or Experimental document was also suggested. The chairs will schedule an informal discussion during this IETF week to get a better understanding of the software development lifecyle and the associated requirements for management of credentials and configuration parameters. * Security The chairs presented a summary of the current state of the work for developing mechanisms that provide security properties beyond bearer tokens. The bearer token concept is described in RFC 6750. Currently, the solutions are documented in draft-ietf-oauth-v2-http-mac-05, and draft-tschofenig-oauth-hotk-03. Based on a discussion last Sunday morning the existing documents will be re-structured and the f2f meeting was used to solicit feedback. We hope to have text within the next few weeks so that those who are deploying solutions already today can be involved in the work. A charter and a milestone update will be necessary to accommodate for the document split.
- [OAUTH-WG] Fwd: IETF#89 OAuth Meeting Summary Hannes Tschofenig