Re: [OAUTH-WG] Info on how to implement a server

Aaron Parecki <aaron@parecki.com> Sun, 18 August 2019 21:10 UTC

Return-Path: <aaron@parecki.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 040E212013B for <oauth@ietfa.amsl.com>; Sun, 18 Aug 2019 14:10:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=parecki-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kgBoEVN1fflg for <oauth@ietfa.amsl.com>; Sun, 18 Aug 2019 14:10:04 -0700 (PDT)
Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B9664120047 for <oauth@ietf.org>; Sun, 18 Aug 2019 14:10:04 -0700 (PDT)
Received: by mail-io1-xd32.google.com with SMTP id t3so16545567ioj.12 for <oauth@ietf.org>; Sun, 18 Aug 2019 14:10:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parecki-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=sobe46CW3LKzpsPq/BU/zFtfbeAsZFU3EEy96yRNFGk=; b=r0J7usxOi+V2M6frAkj8dBsoR4Rb6AFxOGo46SP88ZQlX9DLgOyl8RumaIcbMGj9zI UETxJ02d5oah04cvdqUhplincc/Oy6DNQI96+W7kX+ck3WpgN8O3NaKd9zRr2Zd+X52U 6tAgGzZJB6zv7Z97YYX8cReAJhzKorSYmnHgapoSy9NOGZHahh64qGP390h/I4WvqFCW Bh4jXIIpl8eTvfv7zCqkM79Iq1CxNiHMV0J3G5GIJz4otna6SgpLGkvIckyA8e1QSvSt WjKVMmE7g/0+JOfdvEV4ODcq9iQG0w4H5L/vBPm2Zt5eBSosY8X7J2VIfSNuI4MJ1g7K BaEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=sobe46CW3LKzpsPq/BU/zFtfbeAsZFU3EEy96yRNFGk=; b=fgd1VmywhwATbZEo6HkInfxiIcBqsncemLlh1BkEf4KG4MnVCqpChfp8EZXXuqnrlB KRcfEKFyp9WBwWC4AqKrAwuyyM1Zt5jXGUAws6n7p0NEKrXlixabba2bSRKdUfpCezV1 RJXtGLUSMjt1E5sYgrR0Em3o50UE5KwNI12uXKuzfx0WyvG3Gh3IKERwSO7tm/V2BGu4 pyTaMGCkt6s9lhwoGm/YDjzwKqInOO3MIbTK08UzZ9I3QjurMguVOctnUTTw7B3vytD1 Fk+o9sOcDEcPf4wtA264OGuDxbptZYNumdt/uYmUkgsgewxRKw15kELG7Wo7AGds6o7L q26Q==
X-Gm-Message-State: APjAAAXBgIon7+yPRxuPF90C3vz/rH5T85blujlcFC0X5OGPyCpoFYBc t9r0s5FNdN8s+iyc05e60LGMIN7NLJU=
X-Google-Smtp-Source: APXvYqz1BXr2lZ4auIIigQg16qG5FmDWsOFTYjrxcSh2hnTjF9BF8guQMSkAH4sorqjDa6C3g0GENg==
X-Received: by 2002:a6b:915:: with SMTP id t21mr22916984ioi.261.1566162603839; Sun, 18 Aug 2019 14:10:03 -0700 (PDT)
Received: from mail-io1-f41.google.com (mail-io1-f41.google.com. [209.85.166.41]) by smtp.gmail.com with ESMTPSA id a21sm15399932ioe.27.2019.08.18.14.10.03 for <oauth@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 18 Aug 2019 14:10:03 -0700 (PDT)
Received: by mail-io1-f41.google.com with SMTP id s21so16581245ioa.1 for <oauth@ietf.org>; Sun, 18 Aug 2019 14:10:03 -0700 (PDT)
X-Received: by 2002:a6b:fd13:: with SMTP id c19mr12341514ioi.168.1566162603112; Sun, 18 Aug 2019 14:10:03 -0700 (PDT)
MIME-Version: 1.0
References: <D3FB5975-2448-445B-8B48-0A46D43E0A99@akamai.com> <bc37895b-b4c9-af54-dbfc-6aa2cd80b75b@ve7jtb.com> <CA+iA6uifvqv=18ZYLf+BmDYhp6ZyEvwv+9mWoL37ALWuqozj4w@mail.gmail.com> <74BEF7B5-55AC-4BD6-AEF1-D04DEFE9F0EA@akamai.com> <CAD9ie-s+03oHh+1+Y5cVhUoBs1zZs1CM_iSzmf-opnpwNbMyPA@mail.gmail.com> <40AA5F98-4EB1-4ECB-A9A6-AEB2E435F693@akamai.com>
In-Reply-To: <40AA5F98-4EB1-4ECB-A9A6-AEB2E435F693@akamai.com>
From: Aaron Parecki <aaron@parecki.com>
Date: Sun, 18 Aug 2019 14:09:48 -0700
X-Gmail-Original-Message-ID: <CAGBSGjq7iLHk25DMkaFwSEdqYKrqxqetH9Ceqb0FS3gBwEF7Kw@mail.gmail.com>
Message-ID: <CAGBSGjq7iLHk25DMkaFwSEdqYKrqxqetH9Ceqb0FS3gBwEF7Kw@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/ghTv1_1t6d8JGv6Qsohc07CG-48>
Subject: Re: [OAUTH-WG] Info on how to implement a server
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Aug 2019 21:10:07 -0000

Not to be pedantic, but adding OAuth support is a mechanism in support
of a goal. What's the end goal?

* Letting third party apps use the datatracker API?
* Letting people sign in to other apps with a datatracker account?

----
Aaron Parecki
aaronparecki.com


On Sun, Aug 18, 2019 at 2:05 PM Salz, Rich <rsalz@akamai.com>; wrote:
>
> As I said at the start of the thread: I want to add OAUTH support to the datatracker.
>
>
>
> From: Dick Hardt <dick.hardt@gmail.com>;
> Date: Sunday, August 18, 2019 at 4:47 PM
> To: Rich Salz <rsalz@akamai.com>;
> Cc: Hans Zandbelt <hans.zandbelt@zmartzone.eu>;, John Bradley <ve7jtb@ve7jtb.com>;, "oauth@ietf.org"; <oauth@ietf.org>;
> Subject: Re: [OAUTH-WG] Info on how to implement a server
>
>
>
> What is the goal?
>
>
>
> On Sun, Aug 18, 2019 at 12:41 PM Salz, Rich <rsalz@akamai.com>; wrote:
>
> Thanks for the links, folks.  I’m aware, and sorry for my sloppy terminology.
>
>
>
> Imagine a service where anyone with a valid identity is authorized. There are many of these on the net. Collapsing authentication to authorization (“everyone authenticated is authorized”) seems not unreasonable.
>
>
>
> But I don’t want to get distracted from my main goal.  Thanks.
>
>
>
> From: Hans Zandbelt <hans.zandbelt@zmartzone.eu>;
> Date: Saturday, August 17, 2019 at 2:34 PM
> To: John Bradley <ve7jtb@ve7jtb.com>;
> Cc: "oauth@ietf.org"; <oauth@ietf.org>;
> Subject: Re: [OAUTH-WG] Info on how to implement a server
>
>
>
> indeed OAuth != identity see https://oauth.net/articles/authentication/
>
>
>
> Hans.
>
>
>
> On Sat, Aug 17, 2019 at 8:31 PM John Bradley <ve7jtb@ve7jtb.com>; wrote:
>
> The openID Connect kind of OAuth server.
>
> OAuth on its own is not designed to be secure for identity federation.
>
> John B.
>
> On 8/17/2019 1:23 PM, Salz, Rich wrote:
>
> What’s the WG consensus (heh) on the best guide to adding OAUTH support to an existing server so that it can act as an identity provider?  Which version of oauth is most widely deployed by relying parties these days?
>
>
>
> I want to add OAUTH support to the IETF datatracker.
>
>
>
> Thanks for any pointers.  Replies to me will be summarized for the list.
>
>
>
>                 /r$
>
>
>
>
>
> _______________________________________________
>
> OAuth mailing list
>
> OAuth@ietf.org
>
> https://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
>
>
> --
>
> hans.zandbelt@zmartzone.eu
>
> ZmartZone IAM - www.zmartzone.eu
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth