Re: [OAUTH-WG] Info on how to implement a server

Dick Hardt <dick.hardt@gmail.com> Sun, 18 August 2019 20:47 UTC

Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45E1512020A for <oauth@ietfa.amsl.com>; Sun, 18 Aug 2019 13:47:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aK5kLJsUMcPI for <oauth@ietfa.amsl.com>; Sun, 18 Aug 2019 13:47:30 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 617A81201E3 for <oauth@ietf.org>; Sun, 18 Aug 2019 13:47:30 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id b17so7456439lff.7 for <oauth@ietf.org>; Sun, 18 Aug 2019 13:47:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wN5JG9lrOje/JfRsoNbW/n+PhyRPJva2w5kdSvUxfrM=; b=YlO6CvQLMJV4wRGJthj7GThrAecB8Pss4FRjf4f646eq71orrh5D7BJybTf5SJjoxf 96CrE8uDDra1IzWjUtqMThj6NTGe0Y2vbZ83Ldnrl7Jl/Sey9Opb+mmvH/ZNqwFVTWvX HIc2h8puH5bmN+J3pyhQUX+4EofhiU7rM71BIW1RAn+8+qHs0Au+lruSHNW67zutN2WM Y/xzqCP70NMt/g6/Yf1K5HYJDLOEEZaEV/Bmzs2OxqXII7ybMI0oVxwJ9kLpYFK44IAW SiLfoPTIjFcbw0nAfYcRAUFytdAdSlrHSfkvOqVtmw5/JiwhuYS6gB7MhpV0uA5TJSYu J4Gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wN5JG9lrOje/JfRsoNbW/n+PhyRPJva2w5kdSvUxfrM=; b=dgImzZKcq9lnMQCX4OR7RnvnvLHF2i8uwd9SYKj9YM9LTzo9ydCsb774l5HM9jLb3l piG8lRzMuLBu5i+Rd4HqTe9JhgAhdYHKdcX9WL95GSFKtX0cUhBuw3ObWBHWXC/m0Z1b 1UmmYY9cJCp5MFrzctF4EwOLLStAvXicHuk+qQ+V3CmIEQ4kPz/KqFgQOfFIlDvcb5m/ RZJE6XmKyqaSdftkTyXbj8l1PghkMY7bPo4EtHcUp7he1vc185t3WMTCRTYzYEBsX7tX Sv2gzM+rdfPp3XmZoL7Xon9WKLzGSzBtR6VPhtyG+Sgzy3bZKoXShxSzIzrExtFy4h1U Bf5A==
X-Gm-Message-State: APjAAAXOLJaQWuwMGOEucVrp7BM1t4BgDN/en4swd2+tH1nBI1ZPUDVL 2HRZ5IYKtzalc4iJXnEGoS0EqF1gl9ydeI2Gr9Q=
X-Google-Smtp-Source: APXvYqwDJdvonAUmDmvI+UyJLaOSaBDFBmOqaQz7TcncBhhHVurwdGiKXhYT4PO9LQYu1r2gHvRaFCCO+IZtRDjOMQQ=
X-Received: by 2002:a19:8c57:: with SMTP id i23mr10180999lfj.192.1566161248296; Sun, 18 Aug 2019 13:47:28 -0700 (PDT)
MIME-Version: 1.0
References: <D3FB5975-2448-445B-8B48-0A46D43E0A99@akamai.com> <bc37895b-b4c9-af54-dbfc-6aa2cd80b75b@ve7jtb.com> <CA+iA6uifvqv=18ZYLf+BmDYhp6ZyEvwv+9mWoL37ALWuqozj4w@mail.gmail.com> <74BEF7B5-55AC-4BD6-AEF1-D04DEFE9F0EA@akamai.com>
In-Reply-To: <74BEF7B5-55AC-4BD6-AEF1-D04DEFE9F0EA@akamai.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Sun, 18 Aug 2019 13:47:15 -0700
Message-ID: <CAD9ie-s+03oHh+1+Y5cVhUoBs1zZs1CM_iSzmf-opnpwNbMyPA@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Hans Zandbelt <hans.zandbelt@zmartzone.eu>, John Bradley <ve7jtb@ve7jtb.com>, "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dda29105906a5479"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/WsiwnGXWHlczt7jv3su4UTp7m8c>
Subject: Re: [OAUTH-WG] Info on how to implement a server
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Aug 2019 20:47:33 -0000

What is the goal?

On Sun, Aug 18, 2019 at 12:41 PM Salz, Rich <rsalz@akamai.com>; wrote:

> Thanks for the links, folks.  I’m aware, and sorry for my sloppy
> terminology.
>
>
>
> Imagine a service where anyone with a valid identity is authorized. There
> are many of these on the net. Collapsing authentication to authorization
> (“everyone authenticated is authorized”) seems not unreasonable.
>
>
>
> But I don’t want to get distracted from my main goal.  Thanks.
>
>
>
> *From: *Hans Zandbelt <hans.zandbelt@zmartzone.eu>;
> *Date: *Saturday, August 17, 2019 at 2:34 PM
> *To: *John Bradley <ve7jtb@ve7jtb.com>;
> *Cc: *"oauth@ietf.org"; <oauth@ietf.org>;
> *Subject: *Re: [OAUTH-WG] Info on how to implement a server
>
>
>
> indeed OAuth != identity see https://oauth.net/articles/authentication/
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__oauth.net_articles_authentication_&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=S3hNRZN-F73VNr2ls-yKN4bJPSuH4w92SmFc1PAvi4M&e=>
>
>
>
> Hans.
>
>
>
> On Sat, Aug 17, 2019 at 8:31 PM John Bradley <ve7jtb@ve7jtb.com>; wrote:
>
> The openID Connect kind of OAuth server.
>
> OAuth on its own is not designed to be secure for identity federation.
>
> John B.
>
> On 8/17/2019 1:23 PM, Salz, Rich wrote:
>
> What’s the WG consensus (heh) on the best guide to adding OAUTH support to
> an existing server so that it can act as an identity provider?  Which
> version of oauth is most widely deployed by relying parties these days?
>
>
>
> I want to add OAUTH support to the IETF datatracker.
>
>
>
> Thanks for any pointers.  Replies to me will be summarized for the list.
>
>
>
>                 /r$
>
>
>
>
>
> _______________________________________________
>
> OAuth mailing list
>
> OAuth@ietf.org
>
> https://www.ietf.org/mailman/listinfo/oauth <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_oauth&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=mYG4MvYj3IpSidDiigZr4NtmXiZ4uzpxrFAGd2WtoFM&e=>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_oauth&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=mYG4MvYj3IpSidDiigZr4NtmXiZ4uzpxrFAGd2WtoFM&e=>
>
>
>
>
> --
>
> hans.zandbelt@zmartzone.eu
>
> ZmartZone IAM - www.zmartzone.eu
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.zmartzone.eu&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=rdGZncYUqvlwcXI7_GGrc5Niii46pDWHdpVklsb0Ijg&e=>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>