Re: [oauth] OAUTH Charter Proposal

Eran Hammer-Lahav <eran@hueniverse.com> Mon, 02 February 2009 18:50 UTC

Return-Path: <oauth-bounces@ietf.org>
X-Original-To: oauth-archive@ietf.org
Delivered-To: ietfarch-oauth-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6200A3A6AC8; Mon, 2 Feb 2009 10:50:21 -0800 (PST)
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 116193A6AEE for <oauth@core3.amsl.com>; Mon, 2 Feb 2009 10:50:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.395
X-Spam-Level:
X-Spam-Status: No, score=-4.395 tagged_above=-999 required=5 tests=[AWL=-1.797, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CPDMPVz4X9P for <oauth@core3.amsl.com>; Mon, 2 Feb 2009 10:50:16 -0800 (PST)
Received: from p3plex1out01.prod.phx3.secureserver.net (p3plex1out01.prod.phx3.secureserver.net [72.167.180.17]) by core3.amsl.com (Postfix) with SMTP id 80C4C3A6AC8 for <oauth@ietf.org>; Mon, 2 Feb 2009 10:50:16 -0800 (PST)
Received: (qmail 10422 invoked from network); 2 Feb 2009 18:49:57 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out01.prod.phx3.secureserver.net with SMTP; 2 Feb 2009 18:49:57 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.19]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Mon, 2 Feb 2009 11:49:57 -0700
From: Eran Hammer-Lahav <eran@hueniverse.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Date: Mon, 02 Feb 2009 11:49:45 -0700
Thread-Topic: [oauth] OAUTH Charter Proposal
Thread-Index: AcmFZjvnlaUDAynyQ0KLfQyCsucB4QAAB3fw
Message-ID: <90C41DD21FB7C64BB94121FBBC2E7234127C939A2B@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <3D3C75174CB95F42AD6BCC56E5555B45FFEE62@FIESEXC015.nsn-intra.net> <1bc4603e0902020024j71230bbr47b0b2c65b58b2b4@mail.gmail.com> <ca722a9e0902021044y3e305ed1rf5a568d20d8bcb35@mail.gmail.com>
In-Reply-To: <ca722a9e0902021044y3e305ed1rf5a568d20d8bcb35@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
MIME-Version: 1.0
Subject: Re: [oauth] OAUTH Charter Proposal
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Oauth bof discussion <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1856291084=="
Sender: oauth-bounces@ietf.org
Errors-To: oauth-bounces@ietf.org

Of course, even 'delegation' is a problematic term. HTTP Basic auth is not considered a delegation protocol but it really is. The End User gives the User Agent some credentials to access resources on its behalf on the Web Server. There is no restriction in Basic auth about the number of credentials used, so there could be a special one to give the browser.

Hmm. I guess that makes OAuth a 'goddamn goddamn protocol', if we replace all the problematic words... of course that does not help us at all.

I would not waste too much time trying to find a one liner to describe the protocol. And when in doubt, the Core 1.0 spec defines a framework for us to work with, and can always be used to draw the lines of what we are trying to solve.

EHL

_______________________________________________
oauth mailing list
oauth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth