Re: [OAUTH-WG] Call for Adoption: Stateless Client Identifier for OAuth 2

Justin Richer <jricher@mit.edu> Sun, 07 February 2016 23:06 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF6641A6FDF for <oauth@ietfa.amsl.com>; Sun, 7 Feb 2016 15:06:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w3I4GmsnmfBL for <oauth@ietfa.amsl.com>; Sun, 7 Feb 2016 15:06:29 -0800 (PST)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1144B1A6FE2 for <oauth@ietf.org>; Sun, 7 Feb 2016 15:06:26 -0800 (PST)
X-AuditID: 1209190f-cb7ff70000006ed4-0d-56b7cdf1ded8
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 9E.5B.28372.1FDC7B65; Sun, 7 Feb 2016 18:06:25 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id u17N6OKH025217; Sun, 7 Feb 2016 18:06:25 -0500
Received: from [192.168.128.56] (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u17N6McA016179 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 7 Feb 2016 18:06:24 -0500
To: Roland Hedberg <roland.hedberg@umu.se>, "oauth@ietf.org" <oauth@ietf.org>
References: <569E265D.2080703@gmx.net> <BY2PR03MB4429FB6A760EC392399B77BF5D10@BY2PR03MB442.namprd03.prod.outlook.com> <FAFA2AA7-B06F-4062-AADF-7940C986A06B@ve7jtb.com> <56B5DC45.5080407@lodderstedt.net> <CAAP42hD7wNRYaZfJgvdNY5zRgPWEV3rgjTtDNZa1gnMN1xL+SA@mail.gmail.com> <27468C38-9A52-4A3C-94BE-C37973739831@adm.umu.se>
From: Justin Richer <jricher@mit.edu>
Message-ID: <56B7CDED.7090203@mit.edu>
Date: Sun, 7 Feb 2016 18:06:21 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <27468C38-9A52-4A3C-94BE-C37973739831@adm.umu.se>
Content-Type: multipart/alternative; boundary="------------060709000302020109010208"
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOIsWRmVeSWpSXmKPExsUixG6nrvvx7PYwg+PXZSxOvn3FZrHv3Bl2 ByaPJUt+MnlcXm8QwBTFZZOSmpNZllqkb5fAlfG8dxdTwTO7ii+rJ7A2MG4z6WLk5JAQMJH4 vfcxUxcjF4eQQBuTxJr1d1khnA2MEhNm7oDK3GKSaJn3kQWkRVggROLh86NgtoiAr0TfsttQ HaeZJBYvP84EkmATUJWYvqYFzOYVUJPY+uo/WAOLgIrEwnVNYLaoQIzExc4jUDWCEidnPgGL cwrYSRyduh0ozsHBLBAm8e+RxARGvllIqmYhZEDCzAK2Enfm7maGsOUlmrfOhrJ1JRZtW8GO LL6AkW0Vo2xKbpVubmJmTnFqsm5xcmJeXmqRrolebmaJXmpK6SZGUPhySvLvYPx2UOkQowAH oxIPr0Lb9jAh1sSy4srcQ4ySHExKorznbbaGCfEl5adUZiQWZ8QXleakFh9ilOBgVhLhrc4B KudNSaysSi3Kh0lJc7AoifMa8W8KExJITyxJzU5NLUgtgsnKcHAoSfCWnAFqFCxKTU+tSMvM KUFIM3FwggznARq+EaSGt7ggMbc4Mx0if4pRUUqcdyFIQgAkkVGaB9cLSi8Jbw+bvmIUB3pF mPcmSBUPMDXBdb8CGswENHjFv20gg0sSEVJSDYwLzJOqb2gv8Dr7yjc0yXzrfq2ITR1Z8wo/ 3HyRdGCXRsqbI196JB7IXuk8k8SRFFhRe8feY+F9nlOT9rO/jwyMrr+xUHuxhP+3C+/yTLRy 34YUWVYfDjp0t1a1tsNPPSYopIPLWnGzcPxVLQUbPp3Ge8812qc3rXo+46lG9UZD+SWvcw51 bVdiKc5INNRiLipOBADEGynRCgMAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/Yi4x_L9xlVXqq_mb0brBNvm2UJ8>
Subject: Re: [OAUTH-WG] Call for Adoption: Stateless Client Identifier for OAuth 2
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Feb 2016 23:06:31 -0000

There's already support for this, but just a quick reminder to the 
working group that we already hint at this capability in RFC7951:

    In some cases, authorization servers MAY choose to accept a software
    statement value directly as a client identifier in an authorization
    request, without a prior dynamic client registration having been
    performed.  The circumstances under which an authorization server
    would do so, and the specific software statement characteristics
    required in this case, are outside the scope of this specification.


(Last paragraph of section 2.3)

  -- Justin

On 2/7/2016 3:07 PM, Roland Hedberg wrote:
> +1
>
>> 6 feb 2016 kl. 19:56 skrev William Denniss <wdenniss@google.com>om>:
>>
>> +1 to adopt.
>>
>> I don't think we're planning to use this, but it looks useful and doesn't harm interoperability so I support it.
>>
>> On Sat, Feb 6, 2016 at 3:43 AM, Torsten Lodderstedt <torsten@lodderstedt.net> wrote:
>> +1
>>
>>
>> Am 04.02.2016 um 17:37 schrieb John Bradley:
>> I support it.
>>
>> I have always thought of this as informational.  It is not the only way to do it, and has no real interoperability impact.
>>
>> John B.
>> On Feb 4, 2016, at 3:29 AM, Mike Jones <Michael.Jones@microsoft.com> wrote:
>>
>> I support adoption of this document by the working group as either an experimental or information specification.
>>
>>                                  -- Mike
>>
>> -----Original Message-----
>> From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig
>> Sent: Tuesday, January 19, 2016 4:05 AM
>> To: oauth@ietf.org
>> Subject: [OAUTH-WG] Call for Adoption: Stateless Client Identifier for OAuth 2
>>
>> Hi all,
>>
>> this is the call for adoption of Stateless Client Identifier for OAuth 2, see
>> https://tools.ietf.org/html/draft-bradley-oauth-stateless-client-id-02
>>
>> Please let us know by Feb 2nd whether you accept / object to the adoption of this document as a starting point for work in the OAuth working group.
>>
>> Ciao
>> Hannes & Derek
>>
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
> ”Everybody should be quiet near a little stream and listen."
>  From ’Open House for Butterflies’ by Ruth Krauss
>
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth