Re: [OAUTH-WG] Info on how to implement a server
Dick Hardt <dick.hardt@gmail.com> Sun, 18 August 2019 20:47 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45E1512020A for <oauth@ietfa.amsl.com>; Sun, 18 Aug 2019 13:47:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aK5kLJsUMcPI for <oauth@ietfa.amsl.com>; Sun, 18 Aug 2019 13:47:30 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 617A81201E3 for <oauth@ietf.org>; Sun, 18 Aug 2019 13:47:30 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id b17so7456439lff.7 for <oauth@ietf.org>; Sun, 18 Aug 2019 13:47:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wN5JG9lrOje/JfRsoNbW/n+PhyRPJva2w5kdSvUxfrM=; b=YlO6CvQLMJV4wRGJthj7GThrAecB8Pss4FRjf4f646eq71orrh5D7BJybTf5SJjoxf 96CrE8uDDra1IzWjUtqMThj6NTGe0Y2vbZ83Ldnrl7Jl/Sey9Opb+mmvH/ZNqwFVTWvX HIc2h8puH5bmN+J3pyhQUX+4EofhiU7rM71BIW1RAn+8+qHs0Au+lruSHNW67zutN2WM Y/xzqCP70NMt/g6/Yf1K5HYJDLOEEZaEV/Bmzs2OxqXII7ybMI0oVxwJ9kLpYFK44IAW SiLfoPTIjFcbw0nAfYcRAUFytdAdSlrHSfkvOqVtmw5/JiwhuYS6gB7MhpV0uA5TJSYu J4Gw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wN5JG9lrOje/JfRsoNbW/n+PhyRPJva2w5kdSvUxfrM=; b=dgImzZKcq9lnMQCX4OR7RnvnvLHF2i8uwd9SYKj9YM9LTzo9ydCsb774l5HM9jLb3l piG8lRzMuLBu5i+Rd4HqTe9JhgAhdYHKdcX9WL95GSFKtX0cUhBuw3ObWBHWXC/m0Z1b 1UmmYY9cJCp5MFrzctF4EwOLLStAvXicHuk+qQ+V3CmIEQ4kPz/KqFgQOfFIlDvcb5m/ RZJE6XmKyqaSdftkTyXbj8l1PghkMY7bPo4EtHcUp7he1vc185t3WMTCRTYzYEBsX7tX Sv2gzM+rdfPp3XmZoL7Xon9WKLzGSzBtR6VPhtyG+Sgzy3bZKoXShxSzIzrExtFy4h1U Bf5A==
X-Gm-Message-State: APjAAAXOLJaQWuwMGOEucVrp7BM1t4BgDN/en4swd2+tH1nBI1ZPUDVL 2HRZ5IYKtzalc4iJXnEGoS0EqF1gl9ydeI2Gr9Q=
X-Google-Smtp-Source: APXvYqwDJdvonAUmDmvI+UyJLaOSaBDFBmOqaQz7TcncBhhHVurwdGiKXhYT4PO9LQYu1r2gHvRaFCCO+IZtRDjOMQQ=
X-Received: by 2002:a19:8c57:: with SMTP id i23mr10180999lfj.192.1566161248296; Sun, 18 Aug 2019 13:47:28 -0700 (PDT)
MIME-Version: 1.0
References: <D3FB5975-2448-445B-8B48-0A46D43E0A99@akamai.com> <bc37895b-b4c9-af54-dbfc-6aa2cd80b75b@ve7jtb.com> <CA+iA6uifvqv=18ZYLf+BmDYhp6ZyEvwv+9mWoL37ALWuqozj4w@mail.gmail.com> <74BEF7B5-55AC-4BD6-AEF1-D04DEFE9F0EA@akamai.com>
In-Reply-To: <74BEF7B5-55AC-4BD6-AEF1-D04DEFE9F0EA@akamai.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Sun, 18 Aug 2019 13:47:15 -0700
Message-ID: <CAD9ie-s+03oHh+1+Y5cVhUoBs1zZs1CM_iSzmf-opnpwNbMyPA@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Hans Zandbelt <hans.zandbelt@zmartzone.eu>, John Bradley <ve7jtb@ve7jtb.com>, "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dda29105906a5479"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/WsiwnGXWHlczt7jv3su4UTp7m8c>
Subject: Re: [OAUTH-WG] Info on how to implement a server
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Aug 2019 20:47:33 -0000
What is the goal? On Sun, Aug 18, 2019 at 12:41 PM Salz, Rich <rsalz@akamai.com> wrote: > Thanks for the links, folks. I’m aware, and sorry for my sloppy > terminology. > > > > Imagine a service where anyone with a valid identity is authorized. There > are many of these on the net. Collapsing authentication to authorization > (“everyone authenticated is authorized”) seems not unreasonable. > > > > But I don’t want to get distracted from my main goal. Thanks. > > > > *From: *Hans Zandbelt <hans.zandbelt@zmartzone.eu> > *Date: *Saturday, August 17, 2019 at 2:34 PM > *To: *John Bradley <ve7jtb@ve7jtb.com> > *Cc: *"oauth@ietf.org" <oauth@ietf.org> > *Subject: *Re: [OAUTH-WG] Info on how to implement a server > > > > indeed OAuth != identity see https://oauth.net/articles/authentication/ > <https://urldefense.proofpoint.com/v2/url?u=https-3A__oauth.net_articles_authentication_&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=S3hNRZN-F73VNr2ls-yKN4bJPSuH4w92SmFc1PAvi4M&e=> > > > > Hans. > > > > On Sat, Aug 17, 2019 at 8:31 PM John Bradley <ve7jtb@ve7jtb.com> wrote: > > The openID Connect kind of OAuth server. > > OAuth on its own is not designed to be secure for identity federation. > > John B. > > On 8/17/2019 1:23 PM, Salz, Rich wrote: > > What’s the WG consensus (heh) on the best guide to adding OAUTH support to > an existing server so that it can act as an identity provider? Which > version of oauth is most widely deployed by relying parties these days? > > > > I want to add OAUTH support to the IETF datatracker. > > > > Thanks for any pointers. Replies to me will be summarized for the list. > > > > /r$ > > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_oauth&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=mYG4MvYj3IpSidDiigZr4NtmXiZ4uzpxrFAGd2WtoFM&e=> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_oauth&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=mYG4MvYj3IpSidDiigZr4NtmXiZ4uzpxrFAGd2WtoFM&e=> > > > > > -- > > hans.zandbelt@zmartzone.eu > > ZmartZone IAM - www.zmartzone.eu > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.zmartzone.eu&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=QNNK_MY9rFkxOH8kTY5Lb9XzaocnzqHfE2Qy1s1rKIQ&s=rdGZncYUqvlwcXI7_GGrc5Niii46pDWHdpVklsb0Ijg&e=> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Info on how to implement a server Salz, Rich
- Re: [OAUTH-WG] Info on how to implement a server John Bradley
- Re: [OAUTH-WG] Info on how to implement a server Hans Zandbelt
- Re: [OAUTH-WG] Info on how to implement a server Salz, Rich
- Re: [OAUTH-WG] Info on how to implement a server Dick Hardt
- Re: [OAUTH-WG] Info on how to implement a server Salz, Rich
- Re: [OAUTH-WG] Info on how to implement a server Dick Hardt
- Re: [OAUTH-WG] Info on how to implement a server Aaron Parecki
- Re: [OAUTH-WG] Info on how to implement a server Salz, Rich
- Re: [OAUTH-WG] Info on how to implement a server Salz, Rich
- Re: [OAUTH-WG] Info on how to implement a server Dick Hardt
- Re: [OAUTH-WG] Info on how to implement a server Salz, Rich