Re: [OAUTH-WG] Basic signature support in the core specification
John Panzer <jpanzer@google.com> Fri, 24 September 2010 23:26 UTC
Return-Path: <jpanzer@google.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8B22E3A6B31 for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 16:26:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.647
X-Spam-Level:
X-Spam-Status: No, score=-104.647 tagged_above=-999 required=5 tests=[AWL=1.329, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rrR+ToAMeSFe for <oauth@core3.amsl.com>; Fri, 24 Sep 2010 16:26:31 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.35]) by core3.amsl.com (Postfix) with ESMTP id C40EA3A69A8 for <oauth@ietf.org>; Fri, 24 Sep 2010 16:26:30 -0700 (PDT)
Received: from hpaq2.eem.corp.google.com (hpaq2.eem.corp.google.com [172.25.149.2]) by smtp-out.google.com with ESMTP id o8ONR2l8009355 for <oauth@ietf.org>; Fri, 24 Sep 2010 16:27:02 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1285370822; bh=lecRSPQG9J4yUXG5xr7hF5Zao+8=; h=MIME-Version:In-Reply-To:References:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=Q40rYepZV0ALCVhzpPjYR+VgqcPC1aFTqoQhNFGeYFLvqnCGBhqrMMFRPEVKooSVe lGOd3lABjFOtC2IHu1nAQ==
Received: from pva18 (pva18.prod.google.com [10.241.209.18]) by hpaq2.eem.corp.google.com with ESMTP id o8ONR0x8017507 for <oauth@ietf.org>; Fri, 24 Sep 2010 16:27:01 -0700
Received: by pva18 with SMTP id 18so2354082pva.2 for <oauth@ietf.org>; Fri, 24 Sep 2010 16:27:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:cc:content-type; bh=KMUpVtla/0cdPueZUlGPQ9F6xMCw8oFt+2rWfTdGdq0=; b=ZzfUHt52/f8FvCCMKjIIe1GwpVPfQR+BAre3TUZmyam+Fz+x3fogUWpUVk1f8rhLIw 5Jbxu/2XbkixcHB/CmZQ==
DomainKey-Signature: a=rsa-sha1; c=nofws; d=google.com; s=beta; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=xlRW2++UMDvc4UN//OjixPRRYERXUcmJkuy4vbNXY413YEnIUNh+canyVZaeMMH8sM DmwRXdXqw2B/A7RwbAow==
Received: by 10.142.7.29 with SMTP id 29mr2618532wfg.82.1285370820013; Fri, 24 Sep 2010 16:27:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.142.233.7 with HTTP; Fri, 24 Sep 2010 16:26:39 -0700 (PDT)
In-Reply-To: <C8C15057.3AC64%eran@hueniverse.com>
References: <C8C15057.3AC64%eran@hueniverse.com>
From: John Panzer <jpanzer@google.com>
Date: Fri, 24 Sep 2010 16:26:39 -0700
Message-ID: <AANLkTinbdA_SGt_h2J3H25A2unCPe7+1=uxgkaNXrMq8@mail.gmail.com>
To: Eran Hammer-Lahav <eran@hueniverse.com>
Content-Type: multipart/alternative; boundary="00504502aca821ba3c049109b773"
X-System-Of-Record: true
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Basic signature support in the core specification
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Sep 2010 23:26:32 -0000
-1 on requiring it to be part of core OAuth2. Reasoning: It won't be a MUST or even SHOULD requirement for either client or server, so adding it later does not affect interop. The actual schedule to finalize the signature mechanism should not be affected either way -- it's fine for a WG to produce 2 or more RFCs if that's the right thing to do. (If there were consensus today on what exactly the signing mechanism should be I'd think differently, but I don't believe there is.) Caveat: If there were consensus that OAuth 2 should simply adopt the OAuth 1.0a signature mechanism today, I'd be okay with that, just because there is some proven code out there. This is of course a trade-off. My bias: I really want us to stabilize what has been spec'd so far and move forward with that while additional work happens. There are already multiple mutually implementations of "OAuth2" floating around and I'd rather resolve that quickly. -- John Panzer / Google jpanzer@google.com / abstractioneer.org <http://www.abstractioneer.org/> / @jpanzer On Thu, Sep 23, 2010 at 6:43 PM, Eran Hammer-Lahav <eran@hueniverse.com>wrote: > Since much of this recent debate was done off list, I'd like to ask people > to simply express their support or objection to including a basic signature > feature in the core spec, in line with the 1.0a signature approach. > > This is not a vote, just taking the temperature of the group. > > EHL > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Basic signature support in the core sp… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… William Mills
- Re: [OAUTH-WG] Basic signature support in the cor… Torsten Lodderstedt
- Re: [OAUTH-WG] Basic signature support in the cor… Bastian Hofmann
- Re: [OAUTH-WG] Basic signature support in the cor… George Fletcher
- Re: [OAUTH-WG] Basic signature support in the cor… Justin Richer
- Re: [OAUTH-WG] Basic signature support in the cor… Igor Faynberg
- Re: [OAUTH-WG] Basic signature support in the cor… Eve Maler
- Re: [OAUTH-WG] Basic signature support in the cor… Justin Richer
- Re: [OAUTH-WG] Basic signature support in the cor… Doreswamy, Rangan
- Re: [OAUTH-WG] Basic signature support in the cor… John Panzer
- Re: [OAUTH-WG] Basic signature support in the cor… David Recordon
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Nat
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Mark Mcgloin
- Re: [OAUTH-WG] Basic signature support in the cor… Torsten Lodderstedt
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Eve Maler
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Manger, James H
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… John Panzer
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Mark Mcgloin
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Igor Faynberg
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- [OAUTH-WG] CORRECTION: Re: Basic signature suppor… Igor Faynberg
- Re: [OAUTH-WG] Basic signature support in the cor… William Mills
- Re: [OAUTH-WG] Basic signature support in the cor… Anthony Nadalin
- Re: [OAUTH-WG] CORRECTION: Re: Basic signature su… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Torsten Lodderstedt
- Re: [OAUTH-WG] Basic signature support in the cor… Justin Richer
- Re: [OAUTH-WG] Basic signature support in the cor… Dick Hardt
- Re: [OAUTH-WG] Basic signature support in the cor… Eran Hammer-Lahav
- Re: [OAUTH-WG] Basic signature support in the cor… Torsten Lodderstedt
- Re: [OAUTH-WG] Basic signature support in the cor… Justin Richer