[OAUTH-WG] Minutes from the OAuth Design Team Conference Call - 4th February 2013
Hannes Tschofenig <hannes.tschofenig@gmx.net> Wed, 06 February 2013 13:26 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1610321F85ED for <oauth@ietfa.amsl.com>; Wed, 6 Feb 2013 05:26:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -100.844
X-Spam-Level:
X-Spam-Status: No, score=-100.844 tagged_above=-999 required=5 tests=[AWL=-0.824, BAYES_00=-2.599, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_SORBS_WEB=0.619, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w8JZ0ec8shzv for <oauth@ietfa.amsl.com>; Wed, 6 Feb 2013 05:26:19 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id D4FE121F85D2 for <oauth@ietf.org>; Wed, 6 Feb 2013 05:26:18 -0800 (PST)
Received: from mailout-de.gmx.net ([10.1.76.16]) by mrigmx.server.lan (mrigmx002) with ESMTP (Nemesis) id 0MKwSE-1U350z3LiS-000523 for <oauth@ietf.org>; Wed, 06 Feb 2013 14:26:17 +0100
Received: (qmail invoked by alias); 06 Feb 2013 13:26:17 -0000
Received: from unknown (EHLO [10.255.135.174]) [194.251.119.201] by mail.gmx.net (mp016) with SMTP; 06 Feb 2013 14:26:17 +0100
X-Authenticated: #29516787
X-Provags-ID: V01U2FsdGVkX1+lUQA97KCl4QdVocPsTLER57UlIvdJQ14c6p1ueY Og06oPad/z4g6f
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Wed, 06 Feb 2013 15:26:16 +0200
Message-Id: <D9D3D934-D8B8-4ED3-BAD5-A604EC180031@gmx.net>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1085)
X-Mailer: Apple Mail (2.1085)
X-Y-GMX-Trusted: 0
Subject: [OAUTH-WG] Minutes from the OAuth Design Team Conference Call - 4th February 2013
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 13:26:22 -0000
Here are my notes. Participants: * John Bradley * Derek Atkins * Phil Hunt * Prateek Mishra * George Fletcher * Bill Mills * Hannes Tschofenig Notes: We discussed the slides available at http://www.tschofenig.priv.at/OAuth2-Security-4Feb2013.ppt, which contained a summary of the earlier discussion to determine where we have a common view and where not. The entire meeting time was spent to discuss whether a solution at the HTTP layer or at the JSON level would be preferred. The view of the participants on this call indicated a preference for a solution at the HTTP level. The discussion about what HTTP elements should be covered by the keyed message digest indicated a preference for a flexible approach, similar to DKIM, where the list of included headers is carried in the message itself. The next conference call will take place Monday, 11th Feb. 2013.
- [OAUTH-WG] Minutes from the OAuth Design Team Con… Hannes Tschofenig