Re: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-01.txt
Sergey Beryozkin <sberyozkin@gmail.com> Wed, 28 August 2013 09:27 UTC
Return-Path: <sberyozkin@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47E5C11E815C for <oauth@ietfa.amsl.com>; Wed, 28 Aug 2013 02:27:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.149
X-Spam-Level:
X-Spam-Status: No, score=-2.149 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, J_CHICKENPOX_55=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id taP97hPtMa3p for <oauth@ietfa.amsl.com>; Wed, 28 Aug 2013 02:27:17 -0700 (PDT)
Received: from mail-bk0-x232.google.com (mail-bk0-x232.google.com [IPv6:2a00:1450:4008:c01::232]) by ietfa.amsl.com (Postfix) with ESMTP id 7D9E811E8262 for <oauth@ietf.org>; Wed, 28 Aug 2013 02:27:12 -0700 (PDT)
Received: by mail-bk0-f50.google.com with SMTP id mz11so2029503bkb.37 for <oauth@ietf.org>; Wed, 28 Aug 2013 02:27:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=1Waaf1wUgQ/y18RJsdReHi3gywYV2GHk6KLNudIoiVw=; b=MU2a5dWQH/gzZ8vQBV84/TrU6GYlDkgvW6E+xw9HMb1ifGFqLXAeqlK+yLbaZ6iRfm 0CXP8XusbIUJPW0Kr9QSHBRl4yadfup6GAMUsY/4wmjGyP0bqUe2oRThUoZ4VmzsbEKB VoG4cLCYpknn8hVm3izPPf/gQREVzIL2tvbSyIn3dj+n2z0SMO5JFwQIe0uPZUX8Z+/s cJ0uOdIR4Z3bookWpZ22dTQKQL2wo33oXYsiU7SK3hc1hvEja16Y9pLMUMSabbDQhEct MC0FCPpkqgB7tHz4pzaVE0mYksLuNr2xpB7bl7oIdDzdmnKsckluLFKi7lIs1pGOBroZ Oq+A==
X-Received: by 10.204.71.133 with SMTP id h5mr19316127bkj.0.1377682030409; Wed, 28 Aug 2013 02:27:10 -0700 (PDT)
Received: from [192.168.2.5] ([89.100.141.107]) by mx.google.com with ESMTPSA id zl3sm5545606bkb.4.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 28 Aug 2013 02:27:09 -0700 (PDT)
Message-ID: <521DC26B.1000005@gmail.com>
Date: Wed, 28 Aug 2013 10:27:07 +0100
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7
MIME-Version: 1.0
To: oauth@ietf.org
References: <20130827155645.1310.29989.idtracker@ietfa.amsl.com> <805A22A4-E086-435E-BBA2-E0A04241A334@oracle.com> <1426A97F-8A71-4297-9F46-C824121D36BB@ve7jtb.com>
In-Reply-To: <1426A97F-8A71-4297-9F46-C824121D36BB@ve7jtb.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-01.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Aug 2013 09:27:18 -0000
Hi Phil,
A have a question, re:
"The authorization server MUST:
-Perform the normal OAuth2 authorization process,
-MAY elect not to request consent if no access token is to be
issued (i.e. this is an authentication only request),
"
This last statement confuses me, given that the Authentication Response
"is identical to the one described in Section 4.1.2 [RFC6749]."
In other words, the client may only request the login but get the 'code'
back without the user consent ? This seems wrong but may be I'm missing
something ?
Thanks, Sergey
>
> On 2013-08-27, at 12:52 PM, Phil Hunt <phil.hunt@oracle.com
> <mailto:phil.hunt@oracle.com>> wrote:
>
>> FYI. Based on feedback from Berlin, Tony and I have revised the draft
>> to include:
>>
>> * Alignment with OpenID Connect (using id_token)
>> * Always returns a JWT
>> * Minimum assertion level on request
>> * Return information about the type of authentication performed
>>
>> Thanks for your input.
>>
>> Phil
>>
>> @independentid
>> www.independentid.com <http://www.independentid.com/>
>> phil.hunt@oracle.com <mailto:phil.hunt@oracle.com>
>>
>>
>> Begin forwarded message:
>>
>>> *From: *internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>
>>> *Subject: **New Version Notification for
>>> draft-hunt-oauth-v2-user-a4c-01.txt*
>>> *Date: *27 August, 2013 8:56:45 AM PDT
>>> *To: *Phil Hunt <phil.hunt@yahoo.com <mailto:phil.hunt@yahoo.com>>,
>>> Anthony Nadalin <tonynad@microsoft.com
>>> <mailto:tonynad@microsoft.com>>, Tony Nadalin <tonynad@microsoft.com
>>> <mailto:tonynad@microsoft.com>>
>>>
>>>
>>> A new version of I-D, draft-hunt-oauth-v2-user-a4c-01.txt
>>> has been successfully submitted by Phil Hunt and posted to the
>>> IETF repository.
>>>
>>> Filename:draft-hunt-oauth-v2-user-a4c
>>> Revision:01
>>> Title:OAuth 2.0 User Authentication and Consent For Clients
>>> Creation date:2013-08-27
>>> Group:Individual Submission
>>> Number of pages: 10
>>> URL:
>>> http://www.ietf.org/internet-drafts/draft-hunt-oauth-v2-user-a4c-01.txt
>>> Status: http://datatracker.ietf.org/doc/draft-hunt-oauth-v2-user-a4c
>>> Htmlized: http://tools.ietf.org/html/draft-hunt-oauth-v2-user-a4c-01
>>> Diff: http://www.ietf.org/rfcdiff?url2=draft-hunt-oauth-v2-user-a4c-01
>>>
>>> Abstract:
>>> This specification defines a new OAuth2 endpoint that enables user
>>> authentication session and consent information to be shared with
>>> client applications.
>>>
>>>
>>>
>>>
>>> Please note that it may take a couple of minutes from the time of
>>> submission
>>> until the htmlized version and diff are available at tools.ietf.org
>>> <http://tools.ietf.org/>.
>>>
>>> The IETF Secretariat
>>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org <mailto:OAuth@ietf.org>
>> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listi
- [OAUTH-WG] Fwd: New Version Notification for draf… Phil Hunt
- Re: [OAUTH-WG] Fwd: New Version Notification for … John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Phil Hunt
- Re: [OAUTH-WG] Fwd: New Version Notification for … John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Mike Jones
- Re: [OAUTH-WG] Fwd: New Version Notification for … Phil Hunt
- Re: [OAUTH-WG] Fwd: New Version Notification for … John Bradley
- Re: [OAUTH-WG] Fwd: New Version Notification for … Anthony Nadalin
- Re: [OAUTH-WG] Fwd: New Version Notification for … Sergey Beryozkin
- Re: [OAUTH-WG] Fwd: New Version Notification for … Sergey Beryozkin
- Re: [OAUTH-WG] Fwd: New Version Notification for … Phil Hunt