Re: [OAUTH-WG] Call for Adoption
William Denniss <wdenniss@google.com> Thu, 21 January 2016 06:37 UTC
Return-Path: <wdenniss@google.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 38A7F1A0083
for <oauth@ietfa.amsl.com>; Wed, 20 Jan 2016 22:37:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001,
RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id WuV--7zuw5Iq for <oauth@ietfa.amsl.com>;
Wed, 20 Jan 2016 22:37:35 -0800 (PST)
Received: from mail-ob0-x22c.google.com (mail-ob0-x22c.google.com
[IPv6:2607:f8b0:4003:c01::22c])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id EFB691A007E
for <oauth@ietf.org>; Wed, 20 Jan 2016 22:37:34 -0800 (PST)
Received: by mail-ob0-x22c.google.com with SMTP id is5so27469053obc.0
for <oauth@ietf.org>; Wed, 20 Jan 2016 22:37:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc:content-type;
bh=yAAYAlF+/qQKSw/cihC5EAXuAZXPAvia+s5ahG9I7S0=;
b=gYo7va3zmSpC/MhKWKeowdlfrAtMOCL8Cwwj7+btJZ/73reH3ycnX3JmtaOOb+iriZ
4KB/QvGPKElfCz53toX/WGsBJfdRh7+U8uVIwd09bh2mFqOf/IMofLN7FFApzvKhrhkb
uFnBLp+A0M8CTe4yiX8Vh/hfGoCMPGokHFZCq9lkrhcZe6medvxfX3XQfyrl/klvexqh
D26o5ZsO7n9iiXJtIC65mPvjgUPiO3wQJW5nzabjjakVssQXy51x/mi8tz6SgSZwccHd
z9icUrwB6DFrVFryDxTlmTi1rhVWwaTJ+4Upi/CK87gJvg3pbuG070h88lFWk/dBGnvX
fJXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc:content-type;
bh=yAAYAlF+/qQKSw/cihC5EAXuAZXPAvia+s5ahG9I7S0=;
b=RiZe3H4fl2IMznh7yK0zhkamb+m9ABrOWMKJkwbbO+7f6KD+LAqulzdScWUwXfaq0i
pWlQyMIVHi3XvJzF0eJ0131lx4iBfMDUVdFTOdeXcevoy7B4NS3zeJwABpr2MsHpJl0U
mzjQVtKvbmH4fFwt5QYQe9mWEUXAIBCWLKbkelA/DSaW1e48SKtVpKO87XH12hZym/06
9zc1HzXIDdL7seuohkTP5nXcCBdPukXgGIbgv7nBpEtQSGDnvyYRm+3G5gSuI/p8APFY
iaXZGiAfNzV2n5qghPn49r3Mih1BGJVGrjdgKERIEgZ0RSXKYBNqP8+2BEeKYLIPv5RS
r0Lg==
X-Gm-Message-State: ALoCoQnFXlXkedsFeUudpzuZOEHFY3hBcW7L/E3ECrXDDTrp+CFarYtGc881St+Ga3p4UTjPK0i6Qgf9M7YVfIN5kpFrjn18EJK4pRXXPBSsYxhVvK3RLtw=
X-Received: by 10.182.214.40 with SMTP id nx8mr32664488obc.20.1453358254257;
Wed, 20 Jan 2016 22:37:34 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.227.39 with HTTP; Wed, 20 Jan 2016 22:37:14 -0800 (PST)
In-Reply-To: <569F915D.8020806@mit.edu>
References: <569E2076.2090405@gmx.net>
<CABzCy2D8BvJkLCc543=pEdE4FZa+p1ekyuMs=TtVSnSCrTrviw@mail.gmail.com>
<CABzCy2D1gca2OR2qp_gakThjkoLGfaZAo=GE85Lz4+3TrPbFVQ@mail.gmail.com>
<569F915D.8020806@mit.edu>
From: William Denniss <wdenniss@google.com>
Date: Thu, 21 Jan 2016 14:37:14 +0800
Message-ID: <CAAP42hC+L-7irdR7Y2pfNWyhP6cWLn0wNyauA5TQb4jr=4UH4Q@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Content-Type: multipart/alternative; boundary=e89a8ff1c01e7a40bc0529d25671
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/gJ_0cbTP0er0Ztcjas1Sy8gUHHg>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Call for Adoption
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>,
<mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>,
<mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jan 2016 06:37:37 -0000
+1 to adopt this, and I agree with Justin's comments. On Wed, Jan 20, 2016 at 9:53 PM, Justin Richer <jricher@mit.edu> wrote: > +1 > > Inline discovery and pre-configured discovery (ie, .well-known) should at > the very least be compatible and developed together. It's the > pre-configured discovery document that's at the root of the mix-up attack > in the first place. > > -- Justin > > > On 1/19/2016 10:30 PM, Nat Sakimura wrote: > > Just to give more context, at IETF 94, I have done a presentation on > discovery. > > According to the minutes, > > (f) Discovery (Nat) > > Nat explains his document as an example of the work that has to be done > in the area of discovery, which is a topic that has been identified > as necessary for interoperability since many years but so far there > was not time to work on it. Mike, John and Nat are working on a new > document that describes additional discovery-relevant components. > > Poll: 19 for / zero against / 4 persons need more information. > > The document discussed there was > https://tools.ietf.org/html/draft-sakimura-oauth-meta-05. This is a > simple (only 1-page!) but a very powerful document that nudges towards > HATEOAS which is at the core of RESTful-ness. It also mitigates the Mix-up > attack without introducing the concept of issuer which is not in RFC6749. > It is also good for selecting different endpoints depending on the user > authentication and authorization results and more privacy sensitive than > pre-announced Discovery document. It also allows you to find to which > protected resource endpoint you can use the access token against. > > In the last sentence of the minutes, it talks about "a new document that > describes additional discovery-relevant components". This is > https://tools.ietf.org/html/draft-jones-oauth-discovery-00. It went for > the call for adoption. However, it is only a half of the story. I believe > <https://tools.ietf.org/html/draft-sakimura-oauth-meta-05> > https://tools.ietf.org/html/draft-sakimura-oauth-meta-05 that was > discussed at IETF 94 and had support there should be adopted as well. > > Nat Sakimura > > > > > 2016年1月20日(水) 12:05 Nat Sakimura < <sakimura@gmail.com>sakimura@gmail.com > >: > >> Thanks Hannes. >> >> I did not find https://tools.ietf.org/html/draft-sakimura-oauth-meta-05, which >> was discussed in Yokohama, and was largely in agreement if my recollection >> is correct. Why is it not in the call for adoption? >> >> >> >> 2016年1月19日(火) 20:39 Hannes Tschofenig < <hannes.tschofenig@gmx.net> >> hannes.tschofenig@gmx.net>gt;: >> >>> Hi all, >>> >>> we have submitted our new charter to the IESG (see >>> http://www.ietf.org/mail-archive/web/oauth/current/msg15379.html) and >>> since some IESG members like to see an updated list of milestones as >>> well. For this reason, based on a suggestion from Barry, we are also >>> starting a call for adoption concurrently with the review of the charter >>> text by the IESG. >>> >>> We will post separate mails on the individual documents. Your feedback >>> is important! Please take the time to look at the documents and provide >>> your feedback. >>> >>> Ciao >>> Hannes & Derek >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >> > > _______________________________________________ > OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
- [OAUTH-WG] Call for Adoption Hannes Tschofenig
- Re: [OAUTH-WG] Call for Adoption Nat Sakimura
- Re: [OAUTH-WG] Call for Adoption Nat Sakimura
- Re: [OAUTH-WG] Call for Adoption Justin Richer
- Re: [OAUTH-WG] Call for Adoption William Denniss
- Re: [OAUTH-WG] Call for Adoption Mike Jones
- Re: [OAUTH-WG] Call for Adoption Nat Sakimura
- Re: [OAUTH-WG] Call for Adoption Mike Jones
- Re: [OAUTH-WG] Call for Adoption Justin Richer
- Re: [OAUTH-WG] Call for Adoption Nat Sakimura
- Re: [OAUTH-WG] Call for Adoption Mike Jones
- Re: [OAUTH-WG] Call for Adoption Nat Sakimura
- Re: [OAUTH-WG] Call for Adoption William Denniss
- Re: [OAUTH-WG] Call for Adoption Nat Sakimura
- Re: [OAUTH-WG] Call for Adoption Brian Campbell
- Re: [OAUTH-WG] Call for Adoption Mike Jones
- Re: [OAUTH-WG] Call for Adoption Nat Sakimura
- Re: [OAUTH-WG] Call for Adoption Brian Campbell
- Re: [OAUTH-WG] Call for Adoption George Fletcher
- Re: [OAUTH-WG] Call for Adoption Brian Campbell
- Re: [OAUTH-WG] Call for Adoption George Fletcher
- Re: [OAUTH-WG] Call for Adoption Brian Campbell
- Re: [OAUTH-WG] Call for Adoption Nat Sakimura
- Re: [OAUTH-WG] Call for Adoption Hans Zandbelt
- Re: [OAUTH-WG] Call for Adoption sakimura
- Re: [OAUTH-WG] Call for Adoption John Bradley
- Re: [OAUTH-WG] Call for Adoption George Fletcher
- Re: [OAUTH-WG] Call for Adoption Brian Campbell
- Re: [OAUTH-WG] Call for Adoption Antonio Sanso
- Re: [OAUTH-WG] Call for Adoption Nat Sakimura
- Re: [OAUTH-WG] Call for Adoption Justin Richer
- Re: [OAUTH-WG] Call for Adoption Nat Sakimura
- Re: [OAUTH-WG] Call for Adoption Justin Richer
- Re: [OAUTH-WG] Call for Adoption John Bradley
- Re: [OAUTH-WG] Call for Adoption Nat Sakimura