Re: [OAUTH-WG] First draft of OAuth 2.0
Torsten Lodderstedt <torsten@lodderstedt.net> Tue, 23 March 2010 11:50 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A9E243A67FD for <oauth@core3.amsl.com>; Tue, 23 Mar 2010 04:50:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.481
X-Spam-Level: *
X-Spam-Status: No, score=1.481 tagged_above=-999 required=5 tests=[BAYES_50=0.001, DNS_FROM_OPENWHOIS=1.13, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rBihPiACt+KQ for <oauth@core3.amsl.com>; Tue, 23 Mar 2010 04:50:37 -0700 (PDT)
Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.31.40]) by core3.amsl.com (Postfix) with ESMTP id B9D393A6781 for <oauth@ietf.org>; Tue, 23 Mar 2010 04:50:37 -0700 (PDT)
Received: from [80.187.98.16] (helo=[10.200.10.80]) by smtprelay02.ispgateway.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1Nu2dJ-0004Pm-CQ; Tue, 23 Mar 2010 12:50:53 +0100
References: <OFF96BDDB5.0F452F7D-ON802576EF.003FF4EA-802576EF.0040455E@ie.ibm.com>
Message-Id: <E558602B-48A1-4FB9-AB9D-0BC94DFCCC18@lodderstedt.net>
From: Torsten Lodderstedt <torsten@lodderstedt.net>
To: Mark Mcgloin <mark.mcgloin@ie.ibm.com>
In-Reply-To: <OFF96BDDB5.0F452F7D-ON802576EF.003FF4EA-802576EF.0040455E@ie.ibm.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: quoted-printable
X-Mailer: iPhone Mail (7E18)
Mime-Version: 1.0 (iPhone Mail 7E18)
Date: Tue, 23 Mar 2010 12:50:33 +0100
X-Df-Sender: 141509
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] First draft of OAuth 2.0
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2010 11:50:38 -0000
+1 for assertion support what about enhancing the flow #2.4 to accept any kind of user credentials (username/password, SAML assertions, other authz servers tokens) regards, Torsten. Am 23.03.2010 um 12:42 schrieb Mark Mcgloin <mark.mcgloin@ie.ibm.com>: > +1 for assertion profile. Was there any reason why it was dropped? > > On 3/23/10, Chuck Mortimore wrote: >> Just getting a chance to review this – I apologize for not getting >> this > before the meeting started. > >> We’d like to see some form of an Assertion Profile, similar to sec >> tion 5.2 > from draft-hardt-oauth-01. We have strong customer use-cases for an > assertion based flow, specifically SAML bearer tokens, and I >believe > Microsoft may have already shipped a minor variation on this > ( wrap_SAML ) > in Azure. > > > Mark McGloin > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] OAuth 2.0: client_secret, state Richard Barnes
- Re: [OAUTH-WG] First draft of OAuth 2.0 Chuck Mortimore
- [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- Re: [OAUTH-WG] First draft of OAuth 2.0 Eve Maler
- Re: [OAUTH-WG] First draft of OAuth 2.0 John Panzer
- Re: [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- Re: [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- Re: [OAUTH-WG] First draft of OAuth 2.0 Eve Maler
- Re: [OAUTH-WG] First draft of OAuth 2.0 Eve Maler
- Re: [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- [OAUTH-WG] OAuth 2.0: client_secret, state Manger, James H
- Re: [OAUTH-WG] First draft of OAuth 2.0 Manger, James H
- Re: [OAUTH-WG] OAuth 2.0: client_secret, state Luke Shepard
- Re: [OAUTH-WG] OAuth 2.0: client_secret, state David Recordon
- Re: [OAUTH-WG] OAuth 2.0: client_secret, state Manger, James H
- Re: [OAUTH-WG] OAuth 2.0: client_secret, state Allen Tom
- Re: [OAUTH-WG] OAuth 2.0: client_secret, state David Recordon
- Re: [OAUTH-WG] OAuth 2.0: client_secret, state Richard Barnes
- Re: [OAUTH-WG] First draft of OAuth 2.0 Chuck Mortimore
- Re: [OAUTH-WG] First draft of OAuth 2.0 Mark Mcgloin
- Re: [OAUTH-WG] First draft of OAuth 2.0 Torsten Lodderstedt
- Re: [OAUTH-WG] First draft of OAuth 2.0 John Panzer
- Re: [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- Re: [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- Re: [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- Re: [OAUTH-WG] First draft of OAuth 2.0 Torsten Lodderstedt
- Re: [OAUTH-WG] First draft of OAuth 2.0 Paul Madsen
- Re: [OAUTH-WG] First draft of OAuth 2.0 Torsten Lodderstedt
- Re: [OAUTH-WG] OAuth 2.0: client_secret, state Allen Tom
- Re: [OAUTH-WG] First draft of OAuth 2.0 Dick Hardt
- Re: [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- Re: [OAUTH-WG] First draft of OAuth 2.0 Chuck Mortimore
- Re: [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- Re: [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- Re: [OAUTH-WG] First draft of OAuth 2.0 Brian Eaton
- Re: [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- Re: [OAUTH-WG] First draft of OAuth 2.0 David Recordon
- Re: [OAUTH-WG] First draft of OAuth 2.0 Dick Hardt
- Re: [OAUTH-WG] First draft of OAuth 2.0 Dick Hardt
- Re: [OAUTH-WG] First draft of OAuth 2.0 Dick Hardt
- Re: [OAUTH-WG] First draft of OAuth 2.0 Anthony Nadalin
- Re: [OAUTH-WG] First draft of OAuth 2.0 Dick Hardt
- Re: [OAUTH-WG] First draft of OAuth 2.0 Dick Hardt
- Re: [OAUTH-WG] First draft of OAuth 2.0 Torsten Lodderstedt
- Re: [OAUTH-WG] First draft of OAuth 2.0 Chuck Mortimore
- Re: [OAUTH-WG] First draft of OAuth 2.0 Anthony Nadalin
- Re: [OAUTH-WG] First draft of OAuth 2.0 Hans Granqvist
- Re: [OAUTH-WG] First draft of OAuth 2.0 Eve Maler
- Re: [OAUTH-WG] First draft of OAuth 2.0 Eve Maler
- Re: [OAUTH-WG] OAuth 2.0: client_secret, state Marius Scurtescu