Re: [OAUTH-WG] Basic signature support in the core specification
Mark Mcgloin <mark.mcgloin@ie.ibm.com> Sat, 25 September 2010 08:57 UTC
Return-Path: <mark.mcgloin@ie.ibm.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B040D3A6A49; Sat, 25 Sep 2010 01:57:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kBDgljVEhexf; Sat, 25 Sep 2010 01:57:18 -0700 (PDT)
Received: from mtagate2.uk.ibm.com (mtagate2.uk.ibm.com [194.196.100.162]) by core3.amsl.com (Postfix) with ESMTP id 4E5D73A68CD; Sat, 25 Sep 2010 01:57:17 -0700 (PDT)
Received: from d06nrmr1707.portsmouth.uk.ibm.com (d06nrmr1707.portsmouth.uk.ibm.com [9.149.39.225]) by mtagate2.uk.ibm.com (8.13.1/8.13.1) with ESMTP id o8P8vmxH030087; Sat, 25 Sep 2010 08:57:48 GMT
Received: from d06av05.portsmouth.uk.ibm.com (d06av05.portsmouth.uk.ibm.com [9.149.37.229]) by d06nrmr1707.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id o8P8vgIc3498236; Sat, 25 Sep 2010 09:57:48 +0100
Received: from d06av05.portsmouth.uk.ibm.com (loopback [127.0.0.1]) by d06av05.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id o8P8vfY4007588; Sat, 25 Sep 2010 02:57:42 -0600
Received: from d06ml093.portsmouth.uk.ibm.com (d06ml093.portsmouth.uk.ibm.com [9.149.104.171]) by d06av05.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id o8P8vfBC007585; Sat, 25 Sep 2010 02:57:41 -0600
In-Reply-To: <AANLkTinbdA_SGt_h2J3H25A2unCPe7+1=uxgkaNXrMq8@mail.gmail.com>
References: <C8C15057.3AC64%eran@hueniverse.com> <AANLkTinbdA_SGt_h2J3H25A2unCPe7+1=uxgkaNXrMq8@mail.gmail.com>
X-KeepSent: F61F4B32:78CFFC4B-802577A9:0030F2E4; type=4; name=$KeepSent
To: John Panzer <jpanzer@google.com>
X-Mailer: Lotus Notes Release 8.5.1 September 28, 2009
Message-ID: <OFF61F4B32.78CFFC4B-ON802577A9.0030F2E4-802577A9.003139D2@ie.ibm.com>
From: Mark Mcgloin <mark.mcgloin@ie.ibm.com>
Date: Sat, 25 Sep 2010 09:57:07 +0100
X-MIMETrack: Serialize by Router on D06ML093/06/M/IBM(Release 8.0.2FP6|July 15, 2010) at 25/09/2010 09:57:07
MIME-Version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
Cc: OAuth WG <oauth@ietf.org>, oauth-bounces@ietf.org
Subject: Re: [OAUTH-WG] Basic signature support in the core specification
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 25 Sep 2010 08:57:19 -0000
+1 to having it in the core spec. I don't see how an optional section in the spec will cause any confusion +1 to John's suggestion below of starting with the OAuth 1.0a signature mechanism. Why not put it in the spec and see what breaks or no longer holds true Mark McGloin John Panzer wrote on 25/09/2010 00:26 -1 on requiring it to be part of core OAuth2. Reasoning: It won't be a MUST or even SHOULD requirement for either client or server, so adding it later does not affect interop. The actual schedule to finalize the signature mechanism should not be affected either way -- it's fine for a WG to produce 2 or more RFCs if that's the right thing to do. (If there were consensus today on what exactly the signing mechanism should be I'd think differently, but I don't believe there is.) Caveat: If there were consensus that OAuth 2 should simply adopt the OAuth 1.0a signature mechanism today, I'd be okay with that, just because there is some proven code out there. This is of course a trade-off. My bias: I really want us to stabilize what has been spec'd so far and move forward with that while additional work happens. There are already multiple mutually implementations of "OAuth2" floating around and I'd rather resolve that quickly. -- John Panzer / Google jpanzer@google.com / abstractioneer.org / @jpanzer On Thu, Sep 23, 2010 at 6:43 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote: Since much of this recent debate was done off list, I'd like to ask people to simply express their support or objection to including a basic signature feature in the core spec, in line with the 1.0a signature approach. This is not a vote, just taking the temperature of the group. EHL _______________________________________________ OAuth mailing list OAuth@ietf.org
- [OAUTH-WG] Basic signature support in the core sp… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… William Mills
- Re: [OAUTH-WG] Basic signature support in the cor… Torsten Lodderstedt
- Re: [OAUTH-WG] Basic signature support in the cor… Bastian Hofmann
- Re: [OAUTH-WG] Basic signature support in the cor… George Fletcher
- Re: [OAUTH-WG] Basic signature support in the cor… Justin Richer
- Re: [OAUTH-WG] Basic signature support in the cor… Igor Faynberg
- Re: [OAUTH-WG] Basic signature support in the cor… Eve Maler
- Re: [OAUTH-WG] Basic signature support in the cor… Justin Richer
- Re: [OAUTH-WG] Basic signature support in the cor… Doreswamy, Rangan
- Re: [OAUTH-WG] Basic signature support in the cor… John Panzer
- Re: [OAUTH-WG] Basic signature support in the cor… David Recordon
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Nat
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Mark Mcgloin
- Re: [OAUTH-WG] Basic signature support in the cor… Torsten Lodderstedt
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Eve Maler
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Manger, James H
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… John Panzer
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Mark Mcgloin
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Igor Faynberg
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- [OAUTH-WG] CORRECTION: Re: Basic signature suppor… Igor Faynberg
- Re: [OAUTH-WG] Basic signature support in the cor… William Mills
- Re: [OAUTH-WG] Basic signature support in the cor… Anthony Nadalin
- Re: [OAUTH-WG] CORRECTION: Re: Basic signature su… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Torsten Lodderstedt
- Re: [OAUTH-WG] Basic signature support in the cor… Justin Richer
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Torsten Lodderstedt
- Re: [OAUTH-WG] Basic signature support in the cor… Justin Richer