IETF Logo Mail Archive

Re: [OAUTH-WG] status of bearer token redelegation drafts

"Richer, Justin P." <jricher@mitre.org> Mon, 03 November 2014 22:00 UTC

Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CDBA1A1A12 for <oauth@ietfa.amsl.com>; Mon, 3 Nov 2014 14:00:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.893
X-Spam-Level:
X-Spam-Status: No, score=-1.893 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_12=0.6, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CBv5qVhtFEXE for <oauth@ietfa.amsl.com>; Mon, 3 Nov 2014 14:00:01 -0800 (PST)
Received: from smtpvbsrv1.mitre.org (smtpvbsrv1.mitre.org [198.49.146.234]) by ietfa.amsl.com (Postfix) with ESMTP id 604AF1A19ED for <oauth@ietf.org>; Mon, 3 Nov 2014 14:00:01 -0800 (PST)
Received: from smtpvbsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 882ADB2E05B; Mon, 3 Nov 2014 17:00:00 -0500 (EST)
Received: from IMCCAS03.MITRE.ORG (imccas03.mitre.org [129.83.29.80]) by smtpvbsrv1.mitre.org (Postfix) with ESMTP id 72BC1B2E04F; Mon, 3 Nov 2014 17:00:00 -0500 (EST)
Received: from IMCMBX01.MITRE.ORG ([169.254.1.102]) by IMCCAS03.MITRE.ORG ([129.83.29.80]) with mapi id 14.03.0174.001; Mon, 3 Nov 2014 17:00:00 -0500
From: "Richer, Justin P." <jricher@mitre.org>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] status of bearer token redelegation drafts
Thread-Index: AQHP91W9GUaE9rhEkEWCY3wbtCPVPJxPpTsAgAAjBYA=
Date: Mon, 03 Nov 2014 21:59:59 +0000
Message-ID: <0FBFB9F2-508B-495B-9075-E664351C8D96@mitre.org>
References: <545760D7.3090900@surfnet.nl> <CAOyugYZnEz-uhA9M-1bx1m9cVf0UG8cH7aB+-skHiKmwh0Aikg@mail.gmail.com>
In-Reply-To: <CAOyugYZnEz-uhA9M-1bx1m9cVf0UG8cH7aB+-skHiKmwh0Aikg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.146.15.57]
Content-Type: multipart/alternative; boundary="_000_0FBFB9F2508B495B9075E664351C8D96mitreorg_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/ezAYeo3kSpHMy5O8fwi5f87A7dQ
Cc: Ajanta Adhikari <ajanta.adhikari@gmail.com>
Subject: Re: [OAUTH-WG] status of bearer token redelegation drafts
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Nov 2014 22:00:04 -0000

There's a new working group document where this component *could* be captured (and I would argue it should), and that's:

https://tools.ietf.org/wg/oauth/draft-ietf-oauth-token-exchange/

However, at the moment it's more concerned with the semantically-aware assertion swap instead of an opaque token swap. Personally, I think that the syntax should be general (like in my and in Phil's draft) to allow for any kind of input and output token, and if someone wants to standardize an assertion on top of that, they can. Hopefully we can get that clear in the WG as progress continues on this new document.

 -- Justin



On Nov 3, 2014, at 2:54 PM, Ajanta Adhikari <ajanta.adhikari@gmail.com<mailto:ajanta.adhikari@gmail.com>> wrote:

Note sure if I can reply to the mailing list yet so responding directly.
-----------------------------------------------------------------------------------------

Bas,
We (Akamai) came up with a similar design before I read the draft from Justin and Phil. I talked to Justin at IIW about our design choice and he seems to think its in the right direction.
There is a reference to it from our OAUTH scope design session at IIW http://iiw.idcommons.net/OAuth_2_Scope_Design_Discuss_iom

I would be happy to share additional details if you are interested. We do not publish our implementation to public.

Thanks,
Ajanta


On Mon, Nov 3, 2014 at 3:02 AM, Bas Zoetekouw <bas.zoetekouw@surfnet.nl<mailto:bas.zoetekouw@surfnet.nl>> wrote:
Hi All,

For a client of ours, I am looking into OAuth token redelegation from
one RS to another.  I've found two drafts that more or less describe the
scenario they want to implement:
https://tools.ietf.org/html/draft-richer-oauth-chain-00 and
http://tools.ietf.org/html/draft-hunt-oauth-chain-01
Could anyone comment on the status of those?
In particular I'ld be interested in hearing whether anyone is using
either of those specs in practice, and whether there is any progress on
the drafts.

Best regards,
Bas Zoetekouw.
SURFnet.

--
Bas Zoetekouw
SURFnet Advanced Services
Tel: +31 30 2305362<tel:%2B31%2030%202305362>   Fax: +31 30 2305329<tel:%2B31%2030%202305329>
SURFnet -  POBox 19035 -  NL-3501 DA Utrecht - The Netherlands

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email