Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-http-mac-01.txt
Eran Hammer <eran@hueniverse.com> Wed, 08 February 2012 18:00 UTC
Return-Path: <eran@hueniverse.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1B5521F85B9 for <oauth@ietfa.amsl.com>; Wed, 8 Feb 2012 10:00:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.498
X-Spam-Level:
X-Spam-Status: No, score=-2.498 tagged_above=-999 required=5 tests=[AWL=0.101, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YDx2XuIyAwMK for <oauth@ietfa.amsl.com>; Wed, 8 Feb 2012 10:00:39 -0800 (PST)
Received: from p3plex1out02.prod.phx3.secureserver.net (p3plex1out02.prod.phx3.secureserver.net [72.167.180.18]) by ietfa.amsl.com (Postfix) with SMTP id 6D4F221F859E for <oauth@ietf.org>; Wed, 8 Feb 2012 10:00:39 -0800 (PST)
Received: (qmail 24432 invoked from network); 8 Feb 2012 17:55:09 -0000
Received: from unknown (HELO smtp.ex1.secureserver.net) (72.167.180.20) by p3plex1out02.prod.phx3.secureserver.net with SMTP; 8 Feb 2012 17:55:09 -0000
Received: from P3PW5EX1MB01.EX1.SECURESERVER.NET ([10.6.135.20]) by P3PW5EX1HT002.EX1.SECURESERVER.NET ([72.167.180.20]) with mapi; Wed, 8 Feb 2012 10:54:55 -0700
From: Eran Hammer <eran@hueniverse.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Date: Wed, 08 Feb 2012 10:54:40 -0700
Thread-Topic: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-http-mac-01.txt
Thread-Index: Aczmin72I/oJpkoTSO+o8M4FxeCnXQAAACOQ
Message-ID: <90C41DD21FB7C64BB94121FBBC2E723453AADDD3F6@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <20120208175209.30915.17732.idtracker@ietfa.amsl.com>
In-Reply-To: <20120208175209.30915.17732.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-http-mac-01.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Feb 2012 18:00:40 -0000
Main changes: Removed cookies support Removed body hash Clarified timestamp verification I still have more comments to process but wanted to get a new draft out first as the current one expired. Please review the new timestamp prose and let me know what you think. I'm trying to allow the client to use any timestamp it can easily produce, and move the verification logic to the server as much as possible. EH > -----Original Message----- > From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf > Of internet-drafts@ietf.org > Sent: Wednesday, February 08, 2012 9:52 AM > To: i-d-announce@ietf.org > Cc: oauth@ietf.org > Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-http-mac-01.txt > > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Web Authorization Protocol Working Group of > the IETF. > > Title : HTTP Authentication: MAC Access Authentication > Author(s) : Eran Hammer-Lahav > Filename : draft-ietf-oauth-v2-http-mac-01.txt > Pages : 20 > Date : 2012-02-08 > > This document specifies the HTTP MAC access authentication scheme, an > HTTP authentication method using a message authentication code (MAC) > algorithm to provide cryptographic verification of portions of HTTP > requests. The document also defines an OAuth 2.0 binding for use as > an access-token type. > > > A URL for this Internet-Draft is: > http://www.ietf.org/internet-drafts/draft-ietf-oauth-v2-http-mac-01.txt > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > This Internet-Draft can be retrieved at: > ftp://ftp.ietf.org/internet-drafts/draft-ietf-oauth-v2-http-mac-01.txt > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-http-m… internet-drafts
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Eran Hammer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… William Mills
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Manger, James H
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Erlend Hamnaberg
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Eran Hammer
- Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-ht… Julian Reschke