IETF Logo Mail Archive

Re: [OAUTH-WG] Updated Charter to the IESG (this weekend)

Mike Jones <Michael.Jones@microsoft.com> Thu, 12 April 2012 21:22 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 863DC21F853D for <oauth@ietfa.amsl.com>; Thu, 12 Apr 2012 14:22:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.949
X-Spam-Level:
X-Spam-Status: No, score=-3.949 tagged_above=-999 required=5 tests=[AWL=-0.350, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xhlWTCXfTEDh for <oauth@ietfa.amsl.com>; Thu, 12 Apr 2012 14:22:12 -0700 (PDT)
Received: from am1outboundpool.messaging.microsoft.com (am1ehsobe004.messaging.microsoft.com [213.199.154.207]) by ietfa.amsl.com (Postfix) with ESMTP id CAB0621F853B for <oauth@ietf.org>; Thu, 12 Apr 2012 14:22:11 -0700 (PDT)
Received: from mail38-am1-R.bigfish.com (10.3.201.233) by AM1EHSOBE002.bigfish.com (10.3.204.22) with Microsoft SMTP Server id 14.1.225.23; Thu, 12 Apr 2012 21:22:10 +0000
Received: from mail38-am1 (localhost [127.0.0.1]) by mail38-am1-R.bigfish.com (Postfix) with ESMTP id 33EBB4E05C5 for <oauth@ietf.org>; Thu, 12 Apr 2012 21:22:10 +0000 (UTC)
X-SpamScore: -43
X-BigFish: VS-43(z6caMzbb2dI9371I542M1432N98dK11fbI199bIzz1202hzz1033IL8275dhz2fh2a8h668h839h944hd25h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail38-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail38-am1 (localhost.localdomain [127.0.0.1]) by mail38-am1 (MessageSwitch) id 1334265723636403_1215; Thu, 12 Apr 2012 21:22:03 +0000 (UTC)
Received: from AM1EHSMHS002.bigfish.com (unknown [10.3.201.228]) by mail38-am1.bigfish.com (Postfix) with ESMTP id F29B61C0103 for <oauth@ietf.org>; Thu, 12 Apr 2012 21:22:01 +0000 (UTC)
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS002.bigfish.com (10.3.207.102) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 12 Apr 2012 21:22:00 +0000
Received: from TK5EX14MBXC283.redmond.corp.microsoft.com ([169.254.2.13]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0283.004; Thu, 12 Apr 2012 21:21:57 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] Updated Charter to the IESG (this weekend)
Thread-Index: AQHNGJrBAuQglVZ/R0WeZTzlbF/CnpaXaZEAgABJplA=
Date: Thu, 12 Apr 2012 21:21:56 +0000
Message-ID: <4E1F6AAD24975D4BA5B1680429673943664657B6@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <693A5F68-9F51-452C-B684-2A891133F875@gmx.net> <4F87098C.7070408@alcatel-lucent.com>
In-Reply-To: <4F87098C.7070408@alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.71]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Subject: Re: [OAUTH-WG] Updated Charter to the IESG (this weekend)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2012 21:22:13 -0000

I agree that this looks good.  My only suggestion is that we move up the proposed submission dates for JWT and JWT Profile from March 2013 to November 2012, since the JOSE specs that JWT is largely based upon are scheduled for submission in July, per http://datatracker.ietf.org/wg/jose/charter/.

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Igor Faynberg
Sent: Thursday, April 12, 2012 9:58 AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] Updated Charter to the IESG (this weekend)

Hannes,

I took a look (a bit longer than just "quick"), and what I see completely coincides with my understanding of the result of the discussions.

Good job!

Igor

On 4/12/2012 6:55 AM, Hannes Tschofenig wrote:
> Hey guys
>
> based on the discussion before, during, and after the Paris IETF meeting I am going to send the following updated charter / milestones to the IESG.
> Please have a quick look (till the end of the week) to double-check the content (particularly the suggested milestone dates):
>
> ----------
>
>
> Web Authorization Protocol (oauth)
>
> Description of Working Group
>
> The Web Authorization (OAuth) protocol allows a user to grant a 
> third-party Web site or application access to the user's protected 
> resources, without necessarily revealing their long-term credentials, 
> or even their identity. For example, a photo-sharing site that 
> supports OAuth could allow its users to use a third-party printing Web 
> site to print their private pictures, without allowing the printing 
> site to gain full control of the user's account and without having the 
> user sharing his or her photo-sharing sites' long-term credential with 
> the printing site.
>
> The OAuth protocol suite encompasses
> * a procedure for allowing a client to discover a resource server,
> * a protocol for obtaining authorization tokens from an authorization 
> server with the resource owner's consent,
> * protocols for presenting these authorization tokens to protected 
> resources for access to a resource, and
> * consequently for sharing data in a security and privacy respective way.
>
> In April 2010 the OAuth 1.0 specification, documenting pre-IETF work, 
> was published as an informational document (RFC 5849). With the 
> completion of OAuth 1.0 the working group started their work on OAuth 
> 2.0 to incorporate implementation experience with version 1.0, 
> additional use cases, and various other security, readability, and 
> interoperability improvements. An extensive security analysis was 
> conducted and the result is available as a stand-alone document 
> offering guidance for audiences beyond the community of protocol implementers.
>
> The working group also developed security schemes for presenting 
> authorization tokens to access a protected resource. This led to the 
> publication of the bearer token as well as the message authentication 
> code (MAC) access authentication specification.
>
> OAuth 2.0 added the ability to trade a SAML assertion against an OAUTH 
> token with the SAML 2.0 bearer assertion profile.  This offers 
> interworking with existing identity management solutions, in particular SAML based deployments.
>
> OAuth has enjoyed widespread adoption by the Internet application 
> service provider community. To build on this success we aim for 
> nothing more than to make OAuth the authorization framework of choice 
> for any Internet protocol. Consequently, the ongoing standardization 
> effort within the OAuth working group is focused on enhancing 
> interoperability of OAuth deployments. While the core OAuth 
> specification truly is an important building block it relies on other 
> specifications in order to claim completeness. Luckily, these 
> components already exist and have been deployed on the Internet. Through the IETF standards process they will be improved in quality and will undergo a rigorous review process.
>
> Goals and Milestones
>
> [Editor's Note: Here are the completed items.]
>
> Done  Submit 'OAuth 2.0 Threat Model and Security Considerations' as a 
> working group item Done  Submit 'HTTP Authentication: MAC 
> Authentication' as a working group item Done  Submit 'The OAuth 2.0 
> Protocol: Bearer Tokens' to the IESG for consideration as a Proposed 
> Standard Done  Submit 'The OAuth 2.0 Authorization Protocol' to the 
> IESG for consideration as a Proposed Standard
>
> [Editor's Note: Finishing existing work. Double-check the proposed 
> dates - are they realistic?]
>
> May  2012  Submit 'SAML 2.0 Bearer Assertion Profiles for OAuth 2.0' 
> to the IESG for consideration as a Proposed Standard May  2012  Submit 
> 'OAuth 2.0 Assertion Profile' to the IESG for consideration as a 
> Proposed Standard May  2012  Submit 'An IETF URN Sub-Namespace for 
> OAuth' to the IESG for consideration as a Proposed Standard May  2012  
> Submit 'OAuth 2.0 Threat Model and Security Considerations' to the 
> IESG for consideration as an Informational RFC Dec. 2012  Submit 'HTTP 
> Authentication: MAC Authentication' to the IESG for consideration as a 
> Proposed Standard
>
> [Editor's Note: New work for the group]
>
> Nov. 2012  Submit 'Token Revocation' to the IESG for consideration as 
> a Proposed Standard
>
> [Starting point for the work will be 
> http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/]
>
> Dec. 2012  Submit 'OAuth Use Cases' to the IESG for consideration as 
> an Informational RFC
>
> [Starting point for the work will be 
> http://tools.ietf.org/html/draft-zeltsan-oauth-use-cases]
>
> Jan. 2013  Submit 'Simple Web Discovery' to the IESG for consideration 
> as a Proposed Standard
>
> [Starting point for the work will be 
> http://tools.ietf.org/html/draft-jones-simple-web-discovery]
>
> Mar. 2013  Submit 'JSON Web Token (JWT)' to the IESG for consideration 
> as a Proposed Standard
>
> [Starting point for the work will be 
> http://tools.ietf.org/html/draft-jones-json-web-token]
>
> Mar. 2013  Submit 'JSON Web Token (JWT) Bearer Token Profiles for 
> OAuth 2.0' to the IESG for consideration as a Proposed Standard
>
> [Starting point for the work will be 
> http://tools.ietf.org/html/draft-jones-oauth-jwt-bearer]
>
> Jul. 2013  Submit 'OAuth Dynamic Client Registration Protocol' to the 
> IESG for consideration as a Proposed Standard
>
> [Starting point for the work will be 
> http://tools.ietf.org/html/draft-hardjono-oauth-dynreg]
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email