IETF Logo Mail Archive

[OAUTH-WG] Re: [mailmaint] Standardized OAuth 2.0 Scopes for Mail, Calendar, and Contact Access

Clinton Bunch <cdbunch@emeraldgroupware.org> Sun, 20 July 2025 17:48 UTC

Return-Path: <cdbunch@emeraldgroupware.org>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 6D94246CFEFE for <oauth@mail2.ietf.org>; Sun, 20 Jul 2025 10:48:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 1.609
X-Spam-Level: *
X-Spam-Status: No, score=1.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_SBL_CSS=3.335, RCVD_IN_XBL=0.375, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=emeraldgroupware.org
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T28SlXkWRFYr for <oauth@mail2.ietf.org>; Sun, 20 Jul 2025 10:48:29 -0700 (PDT)
Received: from iris.zentaur.org (iris.zentaur.org [IPv6:2600:3c00::f03c:91ff:fe5f:b4e]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 11B4446CFEEE for <oauth@ietf.org>; Sun, 20 Jul 2025 10:48:29 -0700 (PDT)
Received: from iris.zentaur.org (localhost [127.0.0.1]) by iris.zentaur.org (Postfix) with ESMTP id 4blWGh4v5qz3wb4 for <oauth@ietf.org>; Sun, 20 Jul 2025 17:48:28 +0000 (UTC)
Authentication-Results: iris.zentaur.org (amavis); dkim=pass (2048-bit key) reason="pass (just generated, assumed good)" header.d=emeraldgroupware.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d= emeraldgroupware.org; h=content-transfer-encoding:content-type :in-reply-to:from:content-language:references:to:subject :user-agent:mime-version:date:message-id; s=dkim20240912; t= 1753033708; x=1753037309; bh=GZEmvhOrFfzkTUTFIjopOnOkFSbRXBKx4i0 7C+WXHD0=; b=NSkjyILusT1ajFcQju4uKPRgRk9zXhOPYUiDn5TV7fh+SMM1SXz c0uRYtMC/EwR2KgupKyC2bgBHXwmcQn859S11s2QOZ6rLkdEAh3NNgezRkVxC/55 uokvbMce/5nQt49Bgck/x/EdXAXw6q/RtA+zocdWIgoXP5rFq5GL/uQ5YJgY6Xm0 3CGoxhoHgTdhcsqYXJyhiOcgPlfePYO0cq+dXFRM7Jjf6dw2IDu3wqN/LxIApNMn SFjfN4T8Y80gOTeJG0z/c8WnUczbxa+ZlHLjvzDNK5qlnuZGvqdCeNMjWi2h6WDt QvzCudwmxezMe1LipGmgFdbr/MfZc5JAAHw==
X-Virus-Scanned: amavis at iris.zentaur.org
Received: from iris.zentaur.org ([127.0.0.1]) by iris.zentaur.org (iris.zentaur.org [127.0.0.1]) (amavis, port 10026) with ESMTP id v4b31r5H2fd8 for <oauth@ietf.org>; Sun, 20 Jul 2025 17:48:28 +0000 (UTC)
Received: from [192.168.72.107] (unknown [136.50.119.16]) by iris.zentaur.org (Postfix) with ESMTPSA id 4blWGg5BSzz3wZv; Sun, 20 Jul 2025 17:48:27 +0000 (UTC)
Message-ID: <e284d36f-c4f0-45f5-beda-a128ad501c22@emeraldgroupware.org>
Date: Sun, 20 Jul 2025 12:48:28 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: calsify@ietf.org, mailmaint@ietf.org, jmap@ietf.org, oauth@ietf.org
References: <29d7aac4-24e8-4f7f-b727-9d1fd95c8331@emeraldgroupware.org> <2ab36529-0ae6-411f-b2ae-6fcec5108d1d@fastmail.com>
Content-Language: en-US
From: Clinton Bunch <cdbunch@emeraldgroupware.org>
In-Reply-To: <2ab36529-0ae6-411f-b2ae-6fcec5108d1d@fastmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: YSHGO6SSNW474LTD7XNS7OINPTC4WVIZ
X-Message-ID-Hash: YSHGO6SSNW474LTD7XNS7OINPTC4WVIZ
X-MailFrom: cdbunch@emeraldgroupware.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Re: [mailmaint] Standardized OAuth 2.0 Scopes for Mail, Calendar, and Contact Access
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/dyTuyhGa3jWeYkkYhDTvkOuz0hw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>

In passing, but a quick look this morning seemed to indicate that my 
draft was exactly what it didn't specify.

On 7/20/2025 09:27, Kenneth Murchison wrote:
> Hi Clinton,
>
> I haven't had a chance to read your draft yet, but are you familiar with
> https://datatracker.ietf.org/doc/draft-ietf-mailmaint-oauth-public/
>
>
> On 7/20/25 12:27 AM, Clinton Bunch wrote:
>> I submitted 
>> https://datatracker.ietf.org/doc/draft-bunch-groupware-scopes/
>>
>> This is a proposal of standard OAUTH2 scopes to support the loosely 
>> coupled world of mail, calendaring, and contacts servers and clients.
>>
>> The current state is that every Authorization Server defines their 
>> own scopes for these groupware services, leading client developers to 
>> hard code these scopes, which, in practicality, limits them to 
>> supporting OAUTH2 authentication for only a dozen or so providers big 
>> enough to strong arm them into it.
>>
>> This is the remaining barrier to wide spread deployment of OAUTH2 
>> authentication for groupware services.  The other half of the 
>> problem, Client Registration, is solved by RFC 7591, OAuth 2.0 
>> Dynamic Client Registration Protocol.
>>
>> With these two pieces in place, Authorization Servers and clients can 
>> begin to implement this advanced authorization process.
>>

v2.46.0 | Report a Bug | By Email | System Status