IETF Logo Mail Archive

Re: [OAUTH-WG] OAuth 1.0a

William Mills <wmills_92105@yahoo.com> Wed, 15 August 2012 06:10 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0DAAC21F85D7 for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 23:10:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.292
X-Spam-Level:
X-Spam-Status: No, score=-2.292 tagged_above=-999 required=5 tests=[AWL=-0.294, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_31=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aXluFngV5Etk for <oauth@ietfa.amsl.com>; Tue, 14 Aug 2012 23:10:53 -0700 (PDT)
Received: from nm2-vm4.bullet.mail.ne1.yahoo.com (nm2-vm4.bullet.mail.ne1.yahoo.com [98.138.91.162]) by ietfa.amsl.com (Postfix) with SMTP id EA10721F85D6 for <oauth@ietf.org>; Tue, 14 Aug 2012 23:10:52 -0700 (PDT)
Received: from [98.138.90.56] by nm2.bullet.mail.ne1.yahoo.com with NNFMP; 15 Aug 2012 06:10:51 -0000
Received: from [98.138.89.161] by tm9.bullet.mail.ne1.yahoo.com with NNFMP; 15 Aug 2012 06:10:51 -0000
Received: from [127.0.0.1] by omp1017.mail.ne1.yahoo.com with NNFMP; 15 Aug 2012 06:10:51 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 690870.30718.bm@omp1017.mail.ne1.yahoo.com
Received: (qmail 83347 invoked by uid 60001); 15 Aug 2012 06:10:51 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1345011050; bh=aG54Wod4mOfa8/t+S7WrKebk5/EGYn/fTuAlD9ZufUw=; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=j7Bw0hzyFYPcv1RyqveeI2dREPdQqmgG7H3CsoKiveG6JjXCWglYr3D4BQn+nvS9frTyoC9eHeYTBfbVd184YP8Llra80w7l3Zr8WAHuXTjMVud7j6UrVc3D/CftV03OXCRlLCcJejp2QuUIfhwg9rm2ZT59wSP7wt8Mm1kaYdQ=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=S5nFIf96/xH/seh4IugQLWN+ul35BaKSNeL/My/gKV8RPcdyt3Dgs2PbuFXyqwTC81tZ6j1V0opIEsioPTTJI3FqWuzoSmh2WIxE+WMp7kklwUor3L8hm9odzHiElT0SbIxw016hhoAnqNzTB4vbQzho7QR2r9GuZN1bNUpefVI=;
X-YMail-OSG: inX0bgoVM1krHhQKen1cuG6CEamRG4mJbejAl7Nn5zgNsG5 mMaEQLcPrKsbySl5p2Emp7xyeYYhUPi.J8Wr1hYWsRJ7_eR81bkQmW5BOZDZ MqIuPHoMpOozGznx2_M_Rbr.j6DtYou0xt0sHVsTlTw0m8snj0cgkflIWS5k e8kFn5Bpwz0X_AiVyFrt433Z8._08TUepHInus_38zWTruX7hrcCExDTTzzu rC_34dVSJr7CDVT179NavnM2nj2iSteDqN8UMalIxricRzSyhHKJP9uYA83U GarDxLQrByVqRbXFU0Xqe8nz4vIK3AHynNumVXxZ6BeX3hlDjmpCjQ.AVSrz 4_l5f5sUV.fgv9eQZFHQiUbW4Whn9vgh67QzCS.x0m_BmtHwS4jwxdyDjlso rE8Eer_RTfQVtChlH9Ff4w.Eo42VV4Auk0l.Nqc..7o7tDVxL1Pa3dkJBAYG ge.7Om0Jjh7b_OEkzFfWOlYzNBfFOGktMtE.r79SgBxErhkhLzDwQe8o0B0c bltK6D6h2.8qVh2O3Deu.MQ--
Received: from [209.131.62.115] by web31813.mail.mud.yahoo.com via HTTP; Tue, 14 Aug 2012 23:10:50 PDT
X-Mailer: YahooMailWebService/0.8.121.416
References: <1344972117.60342.YahooMailNeo@web31802.mail.mud.yahoo.com> <4E1F6AAD24975D4BA5B168042967394366777A7F@TK5EX14MBXC283.redmond.corp.microsoft.com> <1344973056.51964.YahooMailNeo@web31812.mail.mud.yahoo.com> <EB112C68-DFC5-422B-B491-D67CE456ABB7@gmx.net>
Message-ID: <1345011050.82572.YahooMailNeo@web31813.mail.mud.yahoo.com>
Date: Tue, 14 Aug 2012 23:10:50 -0700
From: William Mills <wmills_92105@yahoo.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
In-Reply-To: <EB112C68-DFC5-422B-B491-D67CE456ABB7@gmx.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="767760015-221394207-1345011050=:82572"
Cc: O Auth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 1.0a
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2012 06:10:54 -0000

You are mistaken, I cite MAC directly right now, but now that it is up in the air I would much rather rely on 3 specs (Oauth 2 core, Bearer, and 1.0a) than refer to MAC when I think I can do without MAC and use 1.0a instead.  MAC is now in flux again, the other 3 are stable or already standards.

I think you also mistaken that we can't support 1.0a and OAuth 2 tokens in the same SASL mechanism.  Why do you think this is true?


________________________________
 From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
To: William Mills <wmills_92105@yahoo.com> 
Cc: Hannes Tschofenig <hannes.tschofenig@gmx.net>; Mike Jones <Michael.Jones@microsoft.com>; O Auth WG <oauth@ietf.org> 
Sent: Tuesday, August 14, 2012 10:48 PM
Subject: Re: [OAUTH-WG] OAuth 1.0a
 
FYI: just to repeat my note here as well that I sent to Bill on the KITTEN list:

I see three possible ways forward for the OAuth SASL work, namely:

>     • Focus on Oauth 1.0 only (since it has a MAC specification in there). Then, you ignore all the Oauth 2.0 deployment that is out there, of which there is a lot. That would be pretty bad IMHO.
>     • Copy relevant parts from http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 (of which there is almost no deployment).
>     • Wait for the Oauth group to settle on a mechanism. May take time. 


I doubt that the question about the views of the WG about OAuth 1.0a can answer any of the above questions. 

Bill does not want to wait. He also does not want to copy parts from draft-ietf-oauth-v2-http-mac-01 into the SASL OAuth spec. Focusing on OAuth 1.0 for now would require the specification to be extended later on to fit to OAuth 2.0 deployments (and whatever new security mechanism we will come up with). As a consequence, the specification will then suffer from additional complexity. 

Ciao
Hannes

On Aug 14, 2012, at 10:37 PM, William Mills wrote:

> It's for the OAUTH SASL spec.  I've been writing it with the idea that OAuth 1.0a would work (since I think we'll have extant 1.0a typ[e tokens we want to allow for IMAP), but several folks were saying when this all started that 1.0a was dead and I should not refer to it.
> 
> I want to make sure the SASL mechanism is build to properly handle signed auth schemes and not just bearer (cookie) type.  
> 
> -bill
> 
> From: Mike Jones <Michael.Jones@microsoft.com>
> To: William Mills <wmills_92105@yahoo.com>; O Auth WG <oauth@ietf.org> 
> Sent: Tuesday, August 14, 2012 12:28 PM
> Subject: RE: [OAUTH-WG] OAuth 1.0a
> 
> What problem are you trying to solve?
>  
> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of William Mills
> Sent: Tuesday, August 14, 2012 12:22 PM
> To: O Auth WG
> Subject: [OAUTH-WG] OAuth 1.0a
>  
> What's the general opinion on 1.0a?  Am I stepping in something if I refer to it in another draft?  I want to reference an auth scheme that uses signing and now MAC is apparently going back to the drawing board, so I'm thinking about using 1.0a.
>  
> Thanks,
>  
> -bill
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email