[OAUTH-WG] OAuth & Authentication: What can go wrong?
Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 11 September 2014 22:30 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20E761A015F for <oauth@ietfa.amsl.com>; Thu, 11 Sep 2014 15:30:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.552
X-Spam-Level:
X-Spam-Status: No, score=-3.552 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bYtib3J_rn8l for <oauth@ietfa.amsl.com>; Thu, 11 Sep 2014 15:30:33 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2AB851A00C3 for <oauth@ietf.org>; Thu, 11 Sep 2014 15:30:33 -0700 (PDT)
Received: from [192.168.10.163] ([167.220.25.81]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0Lbi2Z-1YCEt52e4Z-00lGb2; Fri, 12 Sep 2014 00:30:29 +0200
Message-ID: <54122280.1030609@gmx.net>
Date: Fri, 12 Sep 2014 00:30:24 +0200
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: "oauth@ietf.org" <oauth@ietf.org>
OpenPGP: id=4D776BC9
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="3A4AwKTPLOphfB6jnlM7ieKusaB9CBsr2"
X-Provags-ID: V03:K0:tKQ0qwmVeLLJIaV90yGay5bKurgSf69U9eV3KRGBunDEgiUxwH4 uoFUIKqLouhb8o0abXIo2/oxj3yKut/I+79/quxsUjYacm9J1RYyg7UR7QLfcD8o/1OCv+T dHbY53BdGVYiV+DVuoPj8UuUR5FYinnHDEY0oPB6un4ZS0c726mmgk4LffTWOgpq2lEYgG+ 52MnNwUdIjOKnDieWR2pA==
X-UI-Out-Filterresults: notjunk:1;
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/fVhzT8VBwYq-CQkcGhUmEdetA9o
Cc: Derek Atkins <derek@ihtfp.com>
Subject: [OAUTH-WG] OAuth & Authentication: What can go wrong?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2014 22:30:35 -0000
Hi all, at the last IETF meeting Mike gave a presentation about the draft-hunt-oauth-v2-user-a4c and the conclusion following the discussion was to discuss the problems that happen when OAuth gets used for authentication. The goal of this effort is to document the problems in an informational document. Conference calls could start in about 2 weeks and we would like to know who would be interested to participate in such a discussion. Please drop us a private mail so that we can find suitable dates/times. Ciao Hannes & Derek
- [OAUTH-WG] OAuth & Authentication: What can go wr… Hannes Tschofenig
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Anthony Nadalin
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Nat Sakimura
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Phil Hunt
- Re: [OAUTH-WG] OAuth & Authentication: What can g… John Bradley
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Gil Kirkpatrick
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Antonio Sanso
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Tirumaleswar Reddy (tireddy)
- Re: [OAUTH-WG] OAuth & Authentication: What can g… Torsten Lodderstedt