Re: [OAUTH-WG] Future of PoP Work

Ludwig Seitz <> Tue, 25 October 2016 05:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2E8B912961B for <>; Mon, 24 Oct 2016 22:50:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id MXKm7QrBQRf6 for <>; Mon, 24 Oct 2016 22:50:53 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4010:c07::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A1FCC127735 for <>; Mon, 24 Oct 2016 22:50:52 -0700 (PDT)
Received: by with SMTP id m193so8825619lfm.4 for <>; Mon, 24 Oct 2016 22:50:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to; bh=x1gHOlExV/KqKqjJ2A1ew2N/11MFwJuEC5xV2ikXveU=; b=Bo1CtpSwn5FltU0wAiLUmgrSTh2Udz1UU/JkqMEjfKfTtlifrHpVndvIJa4AhKAbYi EdQXdohtrHBX73kqlwvbv5Sh0uS0UgR1pTM762d4ufDs0U4L109mdfdEn/fRLqHy7HjJ xCvQUKXCU8eB1zRs96ZtyhN1pTV5PZcUfGCPL+jpSSixWu23CAXvKuOoAiVfKysj7444 OnhkfBGuG8kd0Vb7FJC/8gNMzXb+QsR7L5iOzzGW8Tu2RBV3gKLC8a7YAR6mKUuqt7cM ostB5ZkWIOzCrwkiy5A4gx18nap2kTJA5lWOeEheyUr8KchQus192V1z45l1oEdOGvw7 Hx8g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to; bh=x1gHOlExV/KqKqjJ2A1ew2N/11MFwJuEC5xV2ikXveU=; b=BUbDipFo6TOMnX9bWOZGhqm+3wBtQZT/vLHTqaRMx0cmGsaMJIn5soiVxAXZ913x8E LRTYbwQx9oMbvkG7rL+wPrBI7v152QoqKmIhoooAIPYEkoCf1Q1OcktK4hA9kJHoPlA+ 5HULg8QrJwJ/3v7IuHyKg2tcfBLbOXcIsvtmDIkyHChgbp4Db9Rnm/N4mqStyfcQWGXh jReiYi4ES81QBuuHhvYWacItPE3MIUcRveN7IS5m+lUSaZ/+/H+yshL/z0sghPeq+G46 mDV6pSrJoYB9kgNly6UXANLntlkUM/VOyNJAAS727d877UktwW+HVr7ua6yR3FezD7bu 7hGg==
X-Gm-Message-State: ABUngvdAihZ2tpN6IecDEJs8iRQ9HDhO3GCB1H5hjSrFdsjJxe0rtixoYX3Y4NEGykDHL/hp
X-Received: by with SMTP id o68mr9376626lff.23.1477374650443; Mon, 24 Oct 2016 22:50:50 -0700 (PDT)
Received: from [] ([]) by with ESMTPSA id 85sm335851lfx.29.2016. for <> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Oct 2016 22:50:49 -0700 (PDT)
References: <>
From: Ludwig Seitz <>
Message-ID: <>
Date: Tue, 25 Oct 2016 07:50:48 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms080505090505090407000503"
Archived-At: <>
Subject: Re: [OAUTH-WG] Future of PoP Work
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 25 Oct 2016 05:50:55 -0000

On 2016-10-19 20:45, Hannes Tschofenig wrote:
> Hi all,
> two questions surfaced at the last IETF meeting, namely
> 1) Do we want to proceed with the symmetric implementation of PoP or,
> alternatively, do we want to move it over to the ACE working group?
> 2) Do we want to continue the work on HTTP signing?
> We would appreciate your input on these two questions.
> Ciao
> Hannes & Derek


maybe my 2-cents as author of the ACE draft that needs PoP can 
contribute something here:

I would also prefer that you guys make the PoP specs and I just make a 
ACE profile on top of them. However the ACE work is moving forward and 
the PoP work at OAuth seems to be stuck.

I've currently taken what was available form draft-ietf-oauth-pop-* and 
moved the relevant text into draft-ietf-ace-oauth-authz (acknowledging 
the original authors of course), since it was unclear to me what the 
future status of the pop drafts would be.

I'm absolutely willing to remove the text again and reference an OAuth 
WG document instead, if I feel it will not significantly delay the 
progress of the ACE draft.

Hope this information helps in the decision making.



Ludwig Seitz, PhD   SICS Swedish ICT AB
Ideon Science Park, Building Beta 2
Scheelev├Ągen 17, SE-223 70 Lund
Phone +46(0)70-349 92 51

The RISE institutes SP, Swedish ICT and Innventia are merging in order 
to create a unified institute sector and become a stronger innovation 
partner for businesses and society. At the end of the year we will 
change our name to RISE.