Return-Path: X-Original-To: oauth@ietfa.amsl.com Delivered-To: oauth@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 376A71A8A70 for ; Wed, 18 Feb 2015 08:46:29 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.578 X-Spam-Level: X-Spam-Status: No, score=-3.578 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X-ODYwQ2lkGL for ; Wed, 18 Feb 2015 08:46:24 -0800 (PST) Received: from na3sys009aog116.obsmtp.com (na3sys009aog116.obsmtp.com [74.125.149.240]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11C571A8A71 for ; Wed, 18 Feb 2015 08:46:24 -0800 (PST) Received: from mail-ig0-f180.google.com ([209.85.213.180]) (using TLSv1) by na3sys009aob116.postini.com ([74.125.148.12]) with SMTP ID DSNKVOTB356EwnT4KW+jAyZUHLF4NWPdSlwr@postini.com; Wed, 18 Feb 2015 08:46:24 PST Received: by mail-ig0-f180.google.com with SMTP id b16so3076005igk.1 for ; Wed, 18 Feb 2015 08:46:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=OWNEcSZGLyJ6LiRflqhkgXERcthGah/Wg5+AgjDvsuA=; b=DNVj3isEnj2mAantowoaWAGyeR5PQg+1LPajWNXENHs82cYCwID5ALQSQ1VLyxk+iF cegk5TZBEon3t6xuabIP/VFGOpVDQU46BEnITnCbGpKpOs4Ixv9ZKadI2p5sB7AdCDfB RMfegvxVMyUxtRwnfEpX9+KYY7hGrvCu07LaA+Cwt0kdumIA/g7PLEPffWiBnhG5mNSW 5fGwul5RMtdcJ9szC2pTYO9vudS95ZPx6GQvtSqDqRbNZuCcTg+MuS80iLGUee0YCR8F gX1Mmcu6Yuj1BWxovhf8XwsrrFm6Vyc8WFBO0/duDwPXU9EeICdc/K9cg+Xb7S0gaFMJ dvOA== X-Received: by 10.50.32.33 with SMTP id f1mr1336707igi.9.1424277983454; Wed, 18 Feb 2015 08:46:23 -0800 (PST) X-Gm-Message-State: ALoCoQlUvhsE6APX/yF1gMQU2ejYxs3w0yr+9VZJ8AuUmAmjQcE7Gol8s3fb62/bdLihlD2tBtHmRAOgnM6YzVuGXNshAjegUWMO0ahBs7H0fMCoHfqvU6gtZRyBgFkjLij4v1N8bxU6 X-Received: by 10.50.32.33 with SMTP id f1mr1336684igi.9.1424277983301; Wed, 18 Feb 2015 08:46:23 -0800 (PST) MIME-Version: 1.0 Received: by 10.64.107.105 with HTTP; Wed, 18 Feb 2015 08:45:53 -0800 (PST) In-Reply-To: <54E4B0AD.10801@gmx.net> References: <54C7BBA4.4030702@gmx.net> <2E3D2EE7-8F5F-452D-880A-D62A513AC853@lodderstedt.net> <54E370F9.8060209@gmx.net> <17faabb6e724fb54f3cb8060a3d9cb08@lodderstedt.net> <54E4B0AD.10801@gmx.net> From: Brian Campbell Date: Wed, 18 Feb 2015 09:45:53 -0700 Message-ID: To: Hannes Tschofenig Content-Type: multipart/alternative; boundary=047d7b10ce3d41b9cb050f5f8f20 Archived-At: Cc: oauth , "naa@google.com >> Naveen Agarwal" Subject: Re: [OAUTH-WG] Shepherd Writeup for draft-ietf-oauth-spop-06.txt X-BeenThere: oauth@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: OAUTH WG List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Feb 2015 16:46:29 -0000 --047d7b10ce3d41b9cb050f5f8f20 Content-Type: text/plain; charset=UTF-8 There's a bit of MTI talk tucked into https://tools.ietf.org/html/draft-ietf-oauth-spop-10#section-4.4.1 that perhaps needs to be expanded and/or placed somewhere else. On Wed, Feb 18, 2015 at 8:33 AM, Hannes Tschofenig < hannes.tschofenig@gmx.net> wrote: > Thanks for the info, Torsten. > > Your feedback raises an interesting question, namely what functionality > the parties have to implement to claim conformance to the specification. > > Quickly scanning through the specification didn't tell me whether it is > OK to just implement the plain mode or whether both modes are > mandatory-to-implement. We have to say something about this. > > Ciao > Hannes > > > On 02/18/2015 02:16 PM, torsten@lodderstedt.net wrote: > > Hi Hannes, > > > > our implementation supports the "plain" mode only. We just verified > > compliance of our implementation with the current spec. As the only > > deviation, we do not enforce the minimum length of 43 characters of the > > code verifier. > > > > kind regards, > > Torsten. > > > > Am 17.02.2015 17:48, schrieb Hannes Tschofenig: > >> Hi Torsten, > >> > >> does this mean that your implementation is not compliant with the > >> current version anymore or that you haven't had time to verify whether > >> there are differences to the earlier version? > >> > >> Ciao > >> Hannes > >> > >> > >> On 01/31/2015 05:34 PM, Torsten Lodderstedt wrote: > >>> Deutsche Telekom also implemented an early version of the draft last > >>> year. > >>> > >>> > >>> > >>> Am 30.01.2015 um 18:50 schrieb Brian Campbell > >>> >: > >>> > >>>> > >>>> On Tue, Jan 27, 2015 at 9:24 AM, Hannes Tschofenig > >>>> > wrote: > >>>> > >>>> > >>>> 1) What implementations of the spec are you aware of? > >>>> > >>>> > >>>> We have an AS side implementation of an earlier draft that was > >>>> released in June of last year: > >>>> > http://documentation.pingidentity.com/pages/viewpage.action?pageId=26706844 > >>>> > >>>> _______________________________________________ > >>>> OAuth mailing list > >>>> OAuth@ietf.org > >>>> https://www.ietf.org/mailman/listinfo/oauth > > --047d7b10ce3d41b9cb050f5f8f20 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
There's a bit of MTI talk tucked into https://tool= s.ietf.org/html/draft-ietf-oauth-spop-10#section-4.4.1 that perhaps nee= ds to be expanded and/or placed somewhere else.

On Wed, Feb 18, 2015 at 8:33 AM, Hannes = Tschofenig <hannes.tschofenig@gmx.net> wrote:
Thanks for the info, Torsten= .

Your feedback raises an interesting question, namely what functionality
the parties have to implement to claim conformance to the specification.
Quickly scanning through the specification didn't tell me whether it is=
OK to just implement the plain mode or whether both modes are
mandatory-to-implement. We have to say something about this.

Ciao
Hannes


On 02/18/2015 02:16 PM, torsten@= lodderstedt.net wrote:
> Hi Hannes,
>
> our implementation supports the "plain" mode only. We just v= erified
> compliance of our implementation with the current spec. As the only > deviation, we do not enforce the minimum length of 43 characters of th= e
> code verifier.
>
> kind regards,
> Torsten.
>
> Am 17.02.2015 17:48, schrieb Hannes Tschofenig:
>> Hi Torsten,
>>
>> does this mean that your implementation is not compliant with the<= br> >> current version anymore or that you haven't had time to verify= whether
>> there are differences to the earlier version?
>>
>> Ciao
>> Hannes
>>
>>
>> On 01/31/2015 05:34 PM, Torsten Lodderstedt wrote:
>>> Deutsche Telekom also implemented an early version of the draf= t last
>>> year.
>>>
>>>
>>>
>>> Am 30.01.2015 um 18:50 schrieb Brian Campbell
>>> <bcampbell@pi= ngidentity.com <mailto:bcampbell@pingidentity.com>>:
>>>
>>>>
>>>> On Tue, Jan 27, 2015 at 9:24 AM, Hannes Tschofenig
>>>> <hannes.ts= chofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>> wrote:
>>>>
>>>>
>>>>=C2=A0 =C2=A0 =C2=A01) What implementations of the spec are= you aware of?
>>>>
>>>>
>>>> We have an AS side implementation of an earlier draft that= was
>>>> released in June of last year:
>>>> http://documentation.ping= identity.com/pages/viewpage.action?pageId=3D26706844
>>>>
>>>> _______________________________________________
>>>> OAuth mailing list
>>>> OAuth@ietf.org <m= ailto:OAuth@ietf.org>
>>>> https://www.ietf.org/mailman/listinfo/oauth


--047d7b10ce3d41b9cb050f5f8f20--