Re: [OAUTH-WG] OAuth & Authentication: What can go wrong?
Anthony Nadalin <tonynad@microsoft.com> Thu, 11 September 2014 22:32 UTC
Return-Path: <tonynad@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A8FEB1A015F for <oauth@ietfa.amsl.com>; Thu, 11 Sep 2014 15:32:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ws_1VdfNHmoP for <oauth@ietfa.amsl.com>; Thu, 11 Sep 2014 15:32:09 -0700 (PDT)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0116.outbound.protection.outlook.com [207.46.100.116]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEE3A1A00C3 for <oauth@ietf.org>; Thu, 11 Sep 2014 15:32:08 -0700 (PDT)
Received: from BLUPR03MB312.namprd03.prod.outlook.com (10.141.48.28) by BLUPR03MB118.namprd03.prod.outlook.com (10.255.212.19) with Microsoft SMTP Server (TLS) id 15.0.1024.12; Thu, 11 Sep 2014 22:32:07 +0000
Received: from BLUPR03MB309.namprd03.prod.outlook.com (10.141.48.22) by BLUPR03MB312.namprd03.prod.outlook.com (10.141.48.28) with Microsoft SMTP Server (TLS) id 15.0.1029.10; Thu, 11 Sep 2014 22:32:06 +0000
Received: from BLUPR03MB309.namprd03.prod.outlook.com ([10.141.48.22]) by BLUPR03MB309.namprd03.prod.outlook.com ([10.141.48.22]) with mapi id 15.00.1029.000; Thu, 11 Sep 2014 22:32:06 +0000
From: Anthony Nadalin <tonynad@microsoft.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] OAuth & Authentication: What can go wrong?
Thread-Index: AQHPzhAGVAFX2NZHi0+Yhg3sPv9VXZv8hDaQ
Date: Thu, 11 Sep 2014 22:32:05 +0000
Message-ID: <1a2eb1cb9138414c83c258a73f92e413@BLUPR03MB309.namprd03.prod.outlook.com>
References: <54122280.1030609@gmx.net>
In-Reply-To: <54122280.1030609@gmx.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [167.220.26.50]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:;UriScan:;UriScan:;
x-forefront-prvs: 03319F6FEF
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(189002)(53754006)(13464003)(199003)(2501002)(86362001)(77982001)(20776003)(33646002)(74316001)(85852003)(92566001)(76482001)(21056001)(87936001)(97736003)(64706001)(66066001)(80022001)(95666004)(83322001)(108616004)(76576001)(81542001)(74662001)(74502001)(31966008)(46102001)(105586002)(2656002)(106356001)(85306004)(107046002)(99396002)(86612001)(76176999)(79102001)(4396001)(90102001)(83072002)(54356999)(50986999)(19580395003)(99286002)(19580405001)(81342001)(106116001)(101416001)(24736002)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BLUPR03MB312; H:BLUPR03MB309.namprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;
X-OriginatorOrg: microsoft.onmicrosoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/ZOHdkfwLjcC-g40bQXmj73eFteo
Cc: Derek Atkins <derek@ihtfp.com>
Subject: Re: [OAUTH-WG] OAuth & Authentication: What can go wrong?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2014 22:32:10 -0000
Add me -----Original Message----- From: OAuth [mailto:oauth-bounces@ietf.org] On Behalf Of Hannes Tschofenig Sent: Thursday, September 11, 2014 3:30 PM To: oauth@ietf.org Cc: Derek Atkins Subject: [OAUTH-WG] OAuth & Authentication: What can go wrong? Hi all, at the last IETF meeting Mike gave a presentation about the draft-hunt-oauth-v2-user-a4c and the conclusion following the discussion was to discuss the problems that happen when OAuth gets used for authentication. The goal of this effort is to document the problems in an informational document. Conference calls could start in about 2 weeks and we would like to know who would be interested to participate in such a discussion. Please drop us a private mail so that we can find suitable dates/times. Ciao Hannes & Derek
- [OAUTH-WG] OAuth & Authentication: What can go wr… Hannes Tschofenig
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Anthony Nadalin
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Nat Sakimura
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Phil Hunt
- Re: [OAUTH-WG] OAuth & Authentication: What can g… John Bradley
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Gil Kirkpatrick
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Antonio Sanso
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Tirumaleswar Reddy (tireddy)
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Torsten Lodderstedt