IETF Logo Mail Archive

Re: [OAUTH-WG] First draft of OAuth 2.0

Torsten Lodderstedt <torsten@lodderstedt.net> Tue, 23 March 2010 11:50 UTC

Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A9E243A67FD for <oauth@core3.amsl.com>; Tue, 23 Mar 2010 04:50:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.481
X-Spam-Level: *
X-Spam-Status: No, score=1.481 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rBihPiACt+KQ for <oauth@core3.amsl.com>; Tue, 23 Mar 2010 04:50:37 -0700 (PDT)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.31.40]) by core3.amsl.com (Postfix) with ESMTP id B9D393A6781 for <oauth@ietf.org>; Tue, 23 Mar 2010 04:50:37 -0700 (PDT)
Received: from [80.187.98.16] (helo=[10.200.10.80]) by smtprelay02.ispgateway.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1Nu2dJ-0004Pm-CQ; Tue, 23 Mar 2010 12:50:53 +0100
References: <OFF96BDDB5.0F452F7D-ON802576EF.003FF4EA-802576EF.0040455E@ie.ibm.com>
Message-Id: <E558602B-48A1-4FB9-AB9D-0BC94DFCCC18@lodderstedt.net>
From: Torsten Lodderstedt <torsten@lodderstedt.net>
To: Mark Mcgloin <mark.mcgloin@ie.ibm.com>
In-Reply-To: <OFF96BDDB5.0F452F7D-ON802576EF.003FF4EA-802576EF.0040455E@ie.ibm.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: quoted-printable
X-Mailer: iPhone Mail (7E18)
Mime-Version: 1.0 (iPhone Mail 7E18)
Date: Tue, 23 Mar 2010 12:50:33 +0100
X-Df-Sender: 141509
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] First draft of OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2010 11:50:38 -0000

+1 for assertion support

what about enhancing the flow #2.4 to accept any kind of user  
credentials (username/password, SAML assertions, other authz servers  
tokens)

regards,
Torsten.

Am 23.03.2010 um 12:42 schrieb Mark Mcgloin <mark.mcgloin@ie.ibm.com>:

> +1 for assertion profile. Was there any reason why it was dropped?
>
> On 3/23/10, Chuck Mortimore wrote:
>> Just getting a chance to review this – I apologize for not getting 
>>  this
> before the meeting started.
>
>> We’d like to see some form of an Assertion Profile, similar to sec 
>> tion 5.2
> from draft-hardt-oauth-01.   We have strong customer use-cases for an
> assertion based flow, specifically SAML bearer tokens, and I >believe
> Microsoft may have already shipped a minor variation on this  
> ( wrap_SAML )
> in Azure.
>
>
> Mark McGloin
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email