Re: [OAUTH-WG] XYZ and Transactional OAuth
Justin Richer <jricher@mit.edu> Wed, 15 May 2019 21:08 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BFBA1200A2 for <oauth@ietfa.amsl.com>; Wed, 15 May 2019 14:08:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U0lSpV9nhuug for <oauth@ietfa.amsl.com>; Wed, 15 May 2019 14:08:28 -0700 (PDT)
Received: from outgoing-exchange-7.mit.edu (outgoing-exchange-7.mit.edu [18.9.28.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16B29120074 for <oauth@ietf.org>; Wed, 15 May 2019 14:08:27 -0700 (PDT)
Received: from w92exedge3.exchange.mit.edu (W92EXEDGE3.EXCHANGE.MIT.EDU [18.7.73.15]) by outgoing-exchange-7.mit.edu (8.14.7/8.12.4) with ESMTP id x4FL8OFL011238 for <oauth@ietf.org>; Wed, 15 May 2019 17:08:26 -0400
Received: from oc11expo18.exchange.mit.edu (18.9.4.49) by w92exedge3.exchange.mit.edu (18.7.73.15) with Microsoft SMTP Server (TLS) id 15.0.1293.2; Wed, 15 May 2019 17:08:22 -0400
Received: from oc11expo18.exchange.mit.edu (18.9.4.49) by oc11expo18.exchange.mit.edu (18.9.4.49) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Wed, 15 May 2019 17:08:24 -0400
Received: from oc11expo18.exchange.mit.edu ([18.9.4.49]) by oc11expo18.exchange.mit.edu ([18.9.4.49]) with mapi id 15.00.1365.000; Wed, 15 May 2019 17:08:24 -0400
From: Justin Richer <jricher@mit.edu>
To: oauth <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] XYZ and Transactional OAuth
Thread-Index: AQHVBEP7W/TPKVA82ke/Vd+HgyQ+VKZs/y4A
Date: Wed, 15 May 2019 21:08:24 +0000
Message-ID: <3C145BC0-E740-413A-84F1-ECD62DFB096A@mit.edu>
References: <5C245C9E-DB46-4D4C-8788-821F5C11C8FD@mit.edu>
In-Reply-To: <5C245C9E-DB46-4D4C-8788-821F5C11C8FD@mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [71.174.62.56]
Content-Type: multipart/alternative; boundary="_000_3C145BC0E740413A84F1ECD62DFB096Amitedu_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/jMmbE48KlsySRfZYIZUpIOb5TJg>
Subject: Re: [OAUTH-WG] XYZ and Transactional OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 May 2019 21:08:30 -0000
I’ve submitted my draft of XYZ as an ID: https://tools.ietf.org/html/draft-richer-transactional-authz-00 — Justin On May 6, 2019, at 3:43 PM, Justin Richer <jricher@mit.edu<mailto:jricher@mit.edu>> wrote: In a vein related to Torsten’s recent thread and blog post, I’ve also been working on a proposal around Transactional OAuth. As many of you know, I wrote a blog post about the basic idea last fall, and now I’ve got something a bit more concrete online that people can poke around with. I’m calling it “XYZ” just to give it a name, and it’s online here: https://oauth.xyz/ I need to be very clear: This is not wire-compatible with OAuth2, but is instead a transactional (intent-pattern) protocol that implements a lot of the core concepts and a few new ones in a different framework. There have been a lot of attempts to extend and adapt OAuth in the last few years, and in my opinion that’s gotten us painted into a bit of a corner as we keep trying to solve new problems. By breaking away from backwards compatibility, I found that was able to both simplify a lot of the concepts, make different actions more consistent, and make it more widely flexible. Also to note, I’ve read through Torsten’s draft, and I think that his ideas of what’s in a “Structured Scope” could be a replacement for the hand-waving idea I have in the “resources” section of XYZ. I’m continuing development of this protocol, including a couple toy implementations, all of them open source. I have started a writeup in spec-language, and I plan to have it cleaned up and submitted prior to Montreal — where I’ll be attending in person and hope to discuss this as a potential WG item. — Justin _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] XYZ and Transactional OAuth Justin Richer
- Re: [OAUTH-WG] XYZ and Transactional OAuth Hans Zandbelt
- Re: [OAUTH-WG] XYZ and Transactional OAuth Justin Richer
- Re: [OAUTH-WG] XYZ and Transactional OAuth Justin Richer