Re: [OAUTH-WG] OAuth in the news again....

Bill Mills <wmills_92105@yahoo.com> Tue, 02 December 2014 00:51 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB95E1ACDF2 for <oauth@ietfa.amsl.com>; Mon, 1 Dec 2014 16:51:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.191
X-Spam-Level: *
X-Spam-Status: No, score=1.191 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLYTO_END_DIGIT=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oqPfeGzrTW_y for <oauth@ietfa.amsl.com>; Mon, 1 Dec 2014 16:51:40 -0800 (PST)
Received: from nm15.bullet.mail.bf1.yahoo.com (nm15.bullet.mail.bf1.yahoo.com [98.139.212.174]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 07DC81ACDDF for <oauth@ietf.org>; Mon, 1 Dec 2014 16:51:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1417481499; bh=L6rJeLD+YU4P6HgQc0td03FlZd123p35rtt8Pj/6VhM=; h=Date:From:Reply-To:To:Cc:In-Reply-To:References:Subject:From:Subject; b=DsqpfSs8tg/YNqf+gHNj3saK6s/UV6H8Uf+H72eDrdywYzYBjfpVrcWvLh8eAcM5eF8oenMnRoS8BgsPaRtdyODNRFweZbsmko/bDV6x1Ql/8Jf2wX5O46iGZbxPMV/6dqjQxTAtX7ZVyNITTnr2UNQdd8fQAFzAK2RjvBw0tfkjAGVcfAcuwSuvkqlfl+LRHGmSJW6mvxwFTtk33XNm0odvKM5tuK3wOEyvCarlNW2Zd1GcpkM+36yHULGrTRWR7X79oEPep2UujmUVg8/nxbty3VF2Stvkz+qx/Eds1SdsVDsiwrCNch99+6yIQ0V0YRkv7yVo7PhJRMv2mu3qzQ==
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s2048; d=yahoo.com; b=BpLNswfefqtyjMeIAjNWxABteblbvvYBjZ/ssHPyPmuKz5+BCXj9e9iB6UriebY4kMCLyX6WML+7lG7xUa30F/5cxFRbAlCeiZ2jPG+eXnls5WIbEdMu+rYI0LUecyQ4Pn0vnzXdxTS72FyyFz0fBsp5yXzoEpRxNVIqflyrVgxOtBhN6jii+sh8EpVYzt08ANl3+0xw+6mmnXrlbvDH35q9seXOINXYb0DuxF7wCa5sBil8crB5xuEN0ApcDo+C9KBWXKIOyu3p8bdJKuaE31LczPltBhjj1yVK1SexxdsKD0OOhxa4sfpOfnd1a2Ji+wz0GQ0WjFGXoBTClCvuPA==;
Received: from [66.196.81.173] by nm15.bullet.mail.bf1.yahoo.com with NNFMP; 02 Dec 2014 00:51:39 -0000
Received: from [98.139.212.243] by tm19.bullet.mail.bf1.yahoo.com with NNFMP; 02 Dec 2014 00:51:39 -0000
Received: from [127.0.0.1] by omp1052.mail.bf1.yahoo.com with NNFMP; 02 Dec 2014 00:51:39 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 147161.58683.bm@omp1052.mail.bf1.yahoo.com
X-YMail-OSG: g6SSMQ8VM1mc.AlI4AoMF0V8r9g4kn8za1f6S2yQjOmhqPbDSyB355OsrM8MHUa hMi0pTGTIa.jYmq4U7cvofjkIx75TdCbKvok3HiPk1oWeALSHxkjzCFJUto.kqQAS3ec47u1R1eS skxyPB_LMbIclguGZZFdZs4YK.nuTOpdmUIu7ni4MRZzjqe3luhN2nyobrLwVvZ7.ehRUtp1cbeg bEXyhlekwpo0PLZXG21_QJzbDcIx4qHBQic9I0LF95Uvryi8DXjtiANBh7MdYSNdKwpbdSo15aEb iE2n3OIp7lh_eMuYPho3nOybHNPm4qxzyEXY3MHBJa4DIkWD86SykyKSHaAIvg_gLZUeW2PKd9PJ aXaUKfmQNkWI81Ou8GrYUaP0hK2jkAMmgrbKcCXpGRG.pQ5BjJfOwog6x2XQ5mQ22cFuROilBRQH CJ1P6NS7VbHaTScANhBsZK.J9KUWS8yAh9vPOKCS.z2HsbGZ0ETrR1eiRTk4OFaX14q2xw6BbWpo-
Received: by 76.13.26.159; Tue, 02 Dec 2014 00:51:38 +0000
Date: Tue, 02 Dec 2014 00:51:38 +0000
From: Bill Mills <wmills_92105@yahoo.com>
To: Nat Sakimura <sakimura@gmail.com>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, John Bradley <ve7jtb@ve7jtb.com>
Message-ID: <20822968.1652156.1417481498275.JavaMail.yahoo@jws10602.mail.bf1.yahoo.com>
In-Reply-To: <CABzCy2BNSj7-37F9DkTawTBHUn5y98pHv2p0feDO5CM7635L7g@mail.gmail.com>
References: <547C9669.3060802@gmx.net> <7B8DD27E-A180-4A13-869E-884F01E2DE36@ve7jtb.com> <547CBA40.3080004@gmx.net> <CABzCy2BNSj7-37F9DkTawTBHUn5y98pHv2p0feDO5CM7635L7g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_1652155_1579151967.1417481498273"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/WZacOZbM1g7c5KCW87lLwtTgQZY
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth in the news again....
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: Bill Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Dec 2014 00:51:44 -0000

Mis-stated perhaps, but it's highlighting a core problem we punt on at the protocol layer.  FB as the example here tries to make teh friction of using a FB login as low as possible, and so the user consent stuff is dialed down to the very minimum of acceptable.  This is the common pattern, get a user consent and you're covered legally and then the drive is to make that consent as minimally invasive (read effective) as possible.