Re: [OAUTH-WG] OAuth 1.0a
Mike Jones <Michael.Jones@microsoft.com> Tue, 14 August 2012 19:59 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB67521F878E for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 12:59:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.512
X-Spam-Level:
X-Spam-Status: No, score=-3.512 tagged_above=-999 required=5 tests=[AWL=-0.514, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_31=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O3WynkoQX7kG for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 12:59:23 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe001.messaging.microsoft.com [213.199.154.204]) by ietfa.amsl.com (Postfix) with ESMTP id 6499721F879E for <oauth@ietf.org>; Tue, 14 Aug 2012 12:59:16 -0700 (PDT)
Received: from mail92-am1-R.bigfish.com (10.3.201.250) by AM1EHSOBE009.bigfish.com (10.3.204.29) with Microsoft SMTP Server id 14.1.225.23; Tue, 14 Aug 2012 19:59:15 +0000
Received: from mail92-am1 (localhost [127.0.0.1]) by mail92-am1-R.bigfish.com (Postfix) with ESMTP id 69D352A00CB; Tue, 14 Aug 2012 19:59:15 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14MLTC102.redmond.corp.microsoft.com; RD:none; EFVD:NLI
X-SpamScore: -22
X-BigFish: VS-22(zz9371Ic89bhc857h4015Izz1202hzz8275ch1033IL8275bh8275dhz2fh2a8h668h839hd25hf0ah107ah1155h)
Received-SPF: pass (mail92-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14MLTC102.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail92-am1 (localhost.localdomain [127.0.0.1]) by mail92-am1 (MessageSwitch) id 1344974352692674_25636; Tue, 14 Aug 2012 19:59:12 +0000 (UTC)
Received: from AM1EHSMHS019.bigfish.com (unknown [10.3.201.253]) by mail92-am1.bigfish.com (Postfix) with ESMTP id A6EB74C005F; Tue, 14 Aug 2012 19:59:12 +0000 (UTC)
Received: from TK5EX14MLTC102.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS019.bigfish.com (10.3.207.157) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 14 Aug 2012 19:59:12 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.132]) by TK5EX14MLTC102.redmond.corp.microsoft.com ([157.54.79.180]) with mapi id 14.02.0298.005; Tue, 14 Aug 2012 19:59:11 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: William Mills <wmills_92105@yahoo.com>, Torsten Lodderstedt <torsten@lodderstedt.net>
Thread-Topic: [OAUTH-WG] OAuth 1.0a
Thread-Index: AQHNelIeRIYAXXdX2U+xkUXfulfBLJdZsS0ggAACsQCAAAFngIAAAD8wgAADDACAAAFIMA==
Date: Tue, 14 Aug 2012 19:59:11 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366777CEF@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <1344972117.60342.YahooMailNeo@web31802.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B168042967394366777A7F@TK5EX14MBXC283.redmond.corp.microsoft.com> <1344973056.51964.YahooMailNeo@web31812.mail.mud.yahoo.com> <502AAA2D.1050404@lodderstedt.net> <4E1F6AAD24975D4BA5B168042967394366777BBC@TK5EX14MBXC283.redmond.corp.microsoft.com> <1344974064.6561.YahooMailNeo@web31805.mail.mud.yahoo.com>
In-Reply-To: <1344974064.6561.YahooMailNeo@web31805.mail.mud.yahoo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.79]
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B168042967394366777CEFTK5EX14MBXC283r_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: O Auth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 1.0a
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2012 19:59:23 -0000
I’d replace MAC with Bearer
From: William Mills [mailto:wmills_92105@yahoo.com]
Sent: Tuesday, August 14, 2012 12:54 PM
To: Mike Jones; Torsten Lodderstedt
Cc: O Auth WG
Subject: Re: [OAUTH-WG] OAuth 1.0a
Yeah, I still need 1.0a to work which I was hoping to replace with MAC.
________________________________
From: Mike Jones <Michael.Jones@microsoft.com<mailto:Michael.Jones@microsoft.com>>
To: William Mills <wmills_92105@yahoo.com<mailto:wmills_92105@yahoo.com>>; Torsten Lodderstedt <torsten@lodderstedt.net<mailto:torsten@lodderstedt.net>>
Cc: O Auth WG <oauth@ietf.org<mailto:oauth@ietf.org>>
Sent: Tuesday, August 14, 2012 12:44 PM
Subject: RE: [OAUTH-WG] OAuth 1.0a
Agreed. Use Bearer now. If you have requirements that Bearer *can’t* meet, please use them as input to the working group’s future work.
-- Mike
From: Torsten Lodderstedt [mailto:torsten@lodderstedt.net]<mailto:[mailto:torsten@lodderstedt.net]>
Sent: Tuesday, August 14, 2012 12:43 PM
To: William Mills
Cc: Mike Jones; O Auth WG
Subject: Re: [OAUTH-WG] OAuth 1.0a
Hi Bill,
do you need to specify this aspect of your SASL profile now? Why don't you wait for the group to complete the work on signing/HoK?
You could also contribute your use cases to drive the discussion.
best regards,
Torsten.
Am 14.08.2012 21:37, schrieb William Mills:
It's for the OAUTH SASL spec. I've been writing it with the idea that OAuth 1.0a would work (since I think we'll have extant 1.0a typ[e tokens we want to allow for IMAP), but several folks were saying when this all started that 1.0a was dead and I should not refer to it.
I want to make sure the SASL mechanism is build to properly handle signed auth schemes and not just bearer (cookie) type.
-bill
________________________________
From: Mike Jones <Michael.Jones@microsoft.com><mailto:Michael.Jones@microsoft.com>
To: William Mills <wmills_92105@yahoo.com><mailto:wmills_92105@yahoo.com>; O Auth WG <oauth@ietf.org><mailto:oauth@ietf.org>
Sent: Tuesday, August 14, 2012 12:28 PM
Subject: RE: [OAUTH-WG] OAuth 1.0a
What problem are you trying to solve?
From: oauth-bounces@ietf.org<mailto:oauth-bounces@ietf.org> [mailto:oauth-bounces@ietf.org] On Behalf Of William Mills
Sent: Tuesday, August 14, 2012 12:22 PM
To: O Auth WG
Subject: [OAUTH-WG] OAuth 1.0a
What's the general opinion on 1.0a? Am I stepping in something if I refer to it in another draft? I want to reference an auth scheme that uses signing and now MAC is apparently going back to the drawing board, so I'm thinking about using 1.0a.
Thanks,
-bill
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig
- [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Mike Jones
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth 1.0a Mike Jones
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Mike Jones
- Re: [OAUTH-WG] OAuth 1.0a Justin Richer
- Re: [OAUTH-WG] OAuth 1.0a Dick Hardt
- Re: [OAUTH-WG] OAuth 1.0a Ryan Troll
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a William Mills
- Re: [OAUTH-WG] OAuth 1.0a Hannes Tschofenig