IETF Logo Mail Archive

Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard

Mike Jones <Michael.Jones@microsoft.com> Tue, 24 January 2012 23:43 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3A3311E809D; Tue, 24 Jan 2012 15:43:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.803
X-Spam-Level:
X-Spam-Status: No, score=-3.803 tagged_above=-999 required=5 tests=[AWL=-0.204, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xRn8S77AzaBC; Tue, 24 Jan 2012 15:43:50 -0800 (PST)
Received: from AM1EHSOBE002.bigfish.com (am1ehsobe002.messaging.microsoft.com [213.199.154.205]) by ietfa.amsl.com (Postfix) with ESMTP id 3F17E11E809A; Tue, 24 Jan 2012 15:43:50 -0800 (PST)
Received: from mail106-am1-R.bigfish.com (10.3.201.253) by AM1EHSOBE002.bigfish.com (10.3.204.22) with Microsoft SMTP Server id 14.1.225.23; Tue, 24 Jan 2012 23:43:49 +0000
Received: from mail106-am1 (localhost [127.0.0.1]) by mail106-am1-R.bigfish.com (Postfix) with ESMTP id 3E03C260170; Tue, 24 Jan 2012 23:43:49 +0000 (UTC)
X-SpamScore: -29
X-BigFish: VS-29(zz9371I542M1432N9a6kzz1202hzz8275ch1033IL8275dhz2fhc1bhc31hc1ah2a8h668h839h944h)
X-Forefront-Antispam-Report: CIP:131.107.125.8; KIP:(null); UIP:(null); IPV:NLI; H:TK5EX14HUBC107.redmond.corp.microsoft.com; RD:none; EFVD:NLI
Received-SPF: pass (mail106-am1: domain of microsoft.com designates 131.107.125.8 as permitted sender) client-ip=131.107.125.8; envelope-from=Michael.Jones@microsoft.com; helo=TK5EX14HUBC107.redmond.corp.microsoft.com ; icrosoft.com ;
Received: from mail106-am1 (localhost.localdomain [127.0.0.1]) by mail106-am1 (MessageSwitch) id 132744862714790_3183; Tue, 24 Jan 2012 23:43:47 +0000 (UTC)
Received: from AM1EHSMHS005.bigfish.com (unknown [10.3.201.254]) by mail106-am1.bigfish.com (Postfix) with ESMTP id F3533180045; Tue, 24 Jan 2012 23:43:46 +0000 (UTC)
Received: from TK5EX14HUBC107.redmond.corp.microsoft.com (131.107.125.8) by AM1EHSMHS005.bigfish.com (10.3.207.105) with Microsoft SMTP Server (TLS) id 14.1.225.23; Tue, 24 Jan 2012 23:43:46 +0000
Received: from TK5EX14MBXC284.redmond.corp.microsoft.com ([169.254.1.12]) by TK5EX14HUBC107.redmond.corp.microsoft.com ([157.54.80.67]) with mapi id 14.02.0247.005; Tue, 24 Jan 2012 15:43:29 -0800
From: Mike Jones <Michael.Jones@microsoft.com>
To: Mark Nottingham <mnot@mnot.net>, IETF Discussion <ietf@ietf.org>
Thread-Topic: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard
Thread-Index: Acza8M46CiZXQaFIS8+eLGD1eeXM3QAARP1w
Date: Tue, 24 Jan 2012 23:43:29 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394366380009@TK5EX14MBXC284.redmond.corp.microsoft.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.33]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jan 2012 23:43:51 -0000

(Resending now that I'm a member of the ietf@ietf.org list so that my response will be sent.)

-----Original Message-----
From: Mike Jones 
Sent: Tuesday, January 24, 2012 3:35 PM
To: 'Mark Nottingham'; IETF Discussion
Cc: OAuth WG
Subject: RE: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard

For those on the ietf@ietf.org list, you can find my responses as editor to Mark's useful apps area feedback at these locations:

http://www.ietf.org/mail-archive/web/oauth/current/msg08040.html
http://www.ietf.org/mail-archive/web/oauth/current/msg08075.html

As editor, I attempted to apply all of Mark's recommendations, other than those that were contrary to working group consensus positions that had already been established via discussions on the working group mailing list.  Where his recommendations were not adopted, reasons were given in my responses on behalf of the working group cited above.

				Best wishes,
				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Mark Nottingham
Sent: Tuesday, January 24, 2012 3:19 PM
To: IETF Discussion
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard

My comments were made in:
  http://www.ietf.org/mail-archive/web/apps-discuss/current/msg03805.html

Most of them (excepting the nits) haven't been addressed in the drafts.

Regards,



Begin forwarded message:

> Subject: [OAUTH-WG] Last Call: <draft-ietf-oauth-v2-bearer-15.txt> (The OAuth 2.0	Authorization Protocol: Bearer Tokens) to Proposed Standard
> Date: Mon, 23 Jan 2012 07:46:43 -0800
> From: The IESG <iesg-secretary@ietf.org>
> Reply-To: ietf@ietf.org
> To: IETF-Announce <ietf-announce@ietf.org>
> CC: oauth@ietf.org
> 
> 
> The IESG has received a request from the Web Authorization Protocol WG
> (oauth) to consider the following document:
> - 'The OAuth 2.0 Authorization Protocol: Bearer Tokens'
>  <draft-ietf-oauth-v2-bearer-15.txt> as a Proposed Standard
> 
> The IESG plans to make a decision in the next few weeks, and solicits 
> final comments on this action. Please send substantive comments to the 
> ietf@ietf.org mailing lists by 2012-02-06. Exceptionally, comments may 
> be sent to iesg@ietf.org instead. In either case, please retain the 
> beginning of the Subject line to allow automated sorting.
> 
> Abstract
> 
> 
>   This specification describes how to use bearer tokens in HTTP
>   requests to access OAuth 2.0 protected resources.  Any party in
>   possession of a bearer token (a "bearer") can use it to get access to
>   the associated resources (without demonstrating possession of a
>   cryptographic key).  To prevent misuse, bearer tokens need to be
>   protected from disclosure in storage and in transport.
> 
> 
> 
> 
> The file can be obtained via
> http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-bearer/
> 
> IESG discussion can be tracked via
> http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-bearer/
> 
> 
> No IPR declarations have been submitted directly on this I-D.
> 

--
Mark Nottingham   http://www.mnot.net/



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email