Re: [OAUTH-WG] Transaction Authorization
Dick Hardt <dick.hardt@gmail.com> Sun, 21 July 2019 21:28 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 954D612014B for <oauth@ietfa.amsl.com>; Sun, 21 Jul 2019 14:28:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j21shpFuTY0A for <oauth@ietfa.amsl.com>; Sun, 21 Jul 2019 14:27:59 -0700 (PDT)
Received: from mail-lj1-x230.google.com (mail-lj1-x230.google.com [IPv6:2a00:1450:4864:20::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D373120098 for <oauth@ietf.org>; Sun, 21 Jul 2019 14:27:59 -0700 (PDT)
Received: by mail-lj1-x230.google.com with SMTP id v18so35504216ljh.6 for <oauth@ietf.org>; Sun, 21 Jul 2019 14:27:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5gXj49UyR+xWgB++1xgsgoWyKzYSakEGGSMFl7Y4R28=; b=DtLE6tEUiZyENReRxahl+Zr16KulBGR8mw3rGpol5apmOrVCCkr26ykaEztTTHSHNa i5xW5krav3buv47V4CGlaN9Aq5fNJmoe7jbY5VqdspUav09OugP1tRxWhRp8QGKP0HaO D5PgINieqadu+VttBSwAgy+JVi8BekXk5t8S0RlRN8LKh5sp95MOSc2fdOPkHKpT9ZTA 6SFBzYGnwLH+DMB81IjqhFQwcRU5+IVAIGsut5JYX8oQsQxc+BHd79wXh1cM5j6UC2Ka 8r7+Io+OzRoYYsmY7Hbi9zl7GU7FYrWE2+u3V0jGgc/QkjOXEzTQT9zTbPlV5uzrYdaw JXKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5gXj49UyR+xWgB++1xgsgoWyKzYSakEGGSMFl7Y4R28=; b=dgfhVNlBLfj/qIr/XKZY+N4X9nLq0VWDSBHxEkmtc8/Cq5d9tub5GnHLCPPZ7SMkNe bNGeugeQE8m2wFsf5MO/ORqDm2Ozyjd1y4O1VZnQBxYk3LsqkQFhaEPjxfWelWkLJgB7 1UOr/Ve7+OYfRb1gNCcz6UERTi71i44q7AdveFs4V5H0kTWT1hyIq066wjXl+Bxwh/tQ jCDVyYD5Fuv7aTV1XqwpIr6MOvaoTTJuzZGUFb95SEI/wbUjQlLFvhndI13CC4GrUW+n gubSVlBpJiVq0CRDk02NS7nvpd2idrKgoBUNh27ne/LkPcvbsfrrPduJcRbB7EHYE6PQ yGPw==
X-Gm-Message-State: APjAAAWeWkeuCjDxnxVAm2/fq/N4wEBtx2eCFlGoyXdUVYRYFbYdglm7 DuGNuAZ+w9GXNrWWRqXG/BvwjrPkLPK1tyZdlTU=
X-Google-Smtp-Source: APXvYqymftpSuzHAeFx1hi/vjQJb4SsAinecf8E5xgfG0MoT6+8MBxMUnwscrR49fVBGpANHghbBmoN+MOM/8XnNk1Y=
X-Received: by 2002:a2e:8195:: with SMTP id e21mr32765063ljg.62.1563744477388; Sun, 21 Jul 2019 14:27:57 -0700 (PDT)
MIME-Version: 1.0
References: <BD2D90C8-B629-4955-A22C-6E80E6390EEE@mit.edu>
In-Reply-To: <BD2D90C8-B629-4955-A22C-6E80E6390EEE@mit.edu>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Sun, 21 Jul 2019 14:27:46 -0700
Message-ID: <CAD9ie-uReSZ8Ds5O20ERHJ__+VrOKVPy3Simi+gKLvqzpC61gQ@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001824d3058e37a298"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/iTCzrKKjfl_IKFGIwafOVXZzyEU>
Subject: Re: [OAUTH-WG] Transaction Authorization
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Jul 2019 21:28:02 -0000
Hey Justin A few use cases that highlight how the world is different now than it was when OAuth 2.0 was developed would help participants understand why changes are needed, and also provide a reference for comparing and contrasting different approaches. One of my first comments is why the client is starting off making calls to the AS. There are times when the AS is not known for a given resource. Why not allow starting at resource? On Tue, Jul 9, 2019 at 12:48 PM Justin Richer <jricher@mit.edu> wrote: > I have requested time to present Transactional Authorization (the XYZ > project) at the Montreal meeting in a couple weeks. Ahead of that, I’ve > uploaded a new version of the spec: > > https://tools.ietf.org/html/draft-richer-transactional-authz-02 > > Additionally, I’ve updated the writeup and examples on https://oauth.xyz/ > > I plan to be in Montreal for the whole week, and I’ve requested from the > chairs that I present during the Tuesday session due to limited > availability of some key WG members on Friday. > > — Justin > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Transaction Authorization Justin Richer
- Re: [OAUTH-WG] Transaction Authorization Aaron Parecki
- Re: [OAUTH-WG] Transaction Authorization Neil Madden
- Re: [OAUTH-WG] Transaction Authorization Dick Hardt
- Re: [OAUTH-WG] Transaction Authorization Dick Hardt
- Re: [OAUTH-WG] Transaction Authorization Neil Madden
- Re: [OAUTH-WG] Transaction Authorization Nat Sakimura
- Re: [OAUTH-WG] Transaction Authorization Dick Hardt
- Re: [OAUTH-WG] Transaction Authorization Neil Madden
- Re: [OAUTH-WG] Transaction Authorization Justin Richer
- Re: [OAUTH-WG] Transaction Authorization Justin Richer
- Re: [OAUTH-WG] Transaction Authorization Justin Richer