Re: [OAUTH-WG] Rechartering

Mike Jones <Michael.Jones@microsoft.com> Thu, 20 October 2011 19:12 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6224F21F8AD9 for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 12:12:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.133
X-Spam-Level:
X-Spam-Status: No, score=-10.133 tagged_above=-999 required=5 tests=[AWL=0.466, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tDO9Mp73B+xT for <oauth@ietfa.amsl.com>; Thu, 20 Oct 2011 12:12:03 -0700 (PDT)
Received: from smtp.microsoft.com (mail2.microsoft.com [131.107.115.215]) by ietfa.amsl.com (Postfix) with ESMTP id AB89B21F8AD1 for <oauth@ietf.org>; Thu, 20 Oct 2011 12:12:03 -0700 (PDT)
Received: from TK5EX14HUBC103.redmond.corp.microsoft.com (157.54.86.9) by TK5-EXGWY-E802.partners.extranet.microsoft.com (10.251.56.168) with Microsoft SMTP Server (TLS) id 8.2.176.0; Thu, 20 Oct 2011 12:11:43 -0700
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.243]) by TK5EX14HUBC103.redmond.corp.microsoft.com ([157.54.86.9]) with mapi id 14.01.0339.002; Thu, 20 Oct 2011 12:11:43 -0700
From: Mike Jones <Michael.Jones@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, OAuth WG <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Rechartering
Thread-Index: AQHMjuZXC/llWGbx10K50cRi4wxHDZWFlltg
Date: Thu, 20 Oct 2011 19:11:42 +0000
Message-ID: <4E1F6AAD24975D4BA5B16804296739435C24DA48@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <725EAF50-3A82-4AAE-8C60-6D4C4AE52A79@gmx.net>
In-Reply-To: <725EAF50-3A82-4AAE-8C60-6D4C4AE52A79@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.34]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] Rechartering
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 19:12:04 -0000

Thanks, Hannes.  Here's my prioritized list of new work:

1.  JSON Web Token (JWT)
2.  Simple Web Discovery (SWD)
3.  JSON Web Token (JWT) Bearer Token Profile
4.  Token Revocation

My prioritized list of existing work items to complete after the core and bearer specs are:

A.  Assertions Specification
B.  SAML Bearer Token Profile

I am ambivalent about whether the working group takes on most of the other work items.

Responding to Eran's comments on SWD versus host-meta, these specs have significantly different goals and use substantially different mechanisms with different privacy characteristics.  Also, if you compare the relative complexity of the example at http://tools.ietf.org/html/draft-hammer-hostmeta-17#appendix-A versus the example at http://tools.ietf.org/html/draft-jones-simple-web-discovery-01#section-1, you can see why SWD was chosen for use in OpenID Connect to discover OAuth authorization and resource server endpoints.

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
Sent: Wednesday, October 19, 2011 10:09 PM
To: OAuth WG
Subject: [OAUTH-WG] Rechartering

Hi all, 

in preparation of the upcoming IETF meeting Barry and I would like to start a re-chartering discussion.  We both are currently attending the Internet Identity Workshop and so we had the chance to solicit input from the participants. This should serve as a discussion starter. 

Potential future OAuth charter items (in random order): 

----------------

1) Dynamic Client Registration Protocol

Available document: 
http://datatracker.ietf.org/doc/draft-hardjono-oauth-dynreg/

2) Token Revocation

Available document: 
http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/

3) UMA 

Available document: 
http://datatracker.ietf.org/doc/draft-hardjono-oauth-umacore/

4) Client Instance Extension

Available document:
http://tools.ietf.org/id/draft-richer-oauth-instance-00.txt

5) XML Encoding

Available document:
http://tools.ietf.org/id/draft-richer-oauth-xml-00.txt

6) JSON Web Token

Available document:
http://tools.ietf.org/html/draft-jones-json-web-token-05

7) JSON Web Token (JWT) Bearer Profile

Available document: 
http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer-00

8) User Experience Extension

Available document:
http://tools.ietf.org/html/draft-recordon-oauth-v2-ux-00

9) Request by Reference

Available document: 
http://tools.ietf.org/html/draft-sakimura-oauth-requrl-00

10) Simple Web Discovery

Available document: 
http://tools.ietf.org/html/draft-jones-simple-web-discovery-00

----------------

We have the following questions: 

a) Are you interested in any of the above-listed items? (as a reviewer, co-author, implementer, or someone who would like to deploy). It is also useful to know if you think that we shouldn't work on a specific item. 

b) Are there other items you would like to see the group working on?

Note: In case your document is expired please re-submit it. 

Ciao
Hannes & Barry

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth