Re: [OAUTH-WG] Call for Adoption

Nat Sakimura <sakimura@gmail.com> Wed, 20 January 2016 03:30 UTC

Return-Path: <sakimura@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 769BC1A064C for <oauth@ietfa.amsl.com>; Tue, 19 Jan 2016 19:30:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bHUT2pNBXExa for <oauth@ietfa.amsl.com>; Tue, 19 Jan 2016 19:30:12 -0800 (PST)
Received: from mail-qk0-x233.google.com (mail-qk0-x233.google.com [IPv6:2607:f8b0:400d:c09::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 208221A1A30 for <oauth@ietf.org>; Tue, 19 Jan 2016 19:30:12 -0800 (PST)
Received: by mail-qk0-x233.google.com with SMTP id o6so31727117qkc.2 for <oauth@ietf.org>; Tue, 19 Jan 2016 19:30:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :content-type; bh=/PJPAnVFG2pWmhYEdWg6D79X/691Aq5/2mgHApIECYQ=; b=lqIIcJ3n+vAZugCYtvj/SZ1zk5vxtmx/TId6Eo8GRCJdw796LkPJ/etCaykpRWyo2U NpJJYeXyB0BzQAZKAmxvsgf/mKNKaB/dVU4yZU4DXBrQyE/xX8Gt8Ay058hJCF65oJ7s GYI1v6R9qIGOBrFf99Lf0WAKJGpM6gZCUzUD5K2SMAsL7J5JoSVxJJ59YBnC6ECbc4Ez hFqvuglcbg+Cvw/9/d1Lu4ZMF3TRedR2BEOprrIo7L74s/wglM9h9p7Pjalu1szkisJy YHaTQRpXgXqx1LkoJ2QMaIk3Y8N3YgbJGqhY6CX5DqVbfy+oWuPNXyAlw5tLXq2Uhe8w 6flw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:content-type; bh=/PJPAnVFG2pWmhYEdWg6D79X/691Aq5/2mgHApIECYQ=; b=jZl9Sruf+e5DJqfWRzbbw9fTsPJ6gFIs2b3W30PKs+/71X0gcyv4WqU7wom6lmQK3U LS0h2PjKuP+rOL+BQ+DL3y714X4krortQi/NpUNkRvWCgYRkGJUKaoja/shv89mOdkSe sAboL/JIlAAJNJPfpQIQPREqe5X7q38/J7UPKcFgaZ0vhyi61n9zB7pmo0fSVnkvMWL2 ZIuPBWFapirIzvklHh8Eyr2MSStOLf+Tl9GylWe059JKsmRsZPpJBt3EF2MMOi3lXkyR RlgGA+i59rkTgXy3mbPpWDOnzntxlB40o0FCO1ulTwVbuoRqYz8IiOkqY7PepK9F3WPA 7KVg==
X-Gm-Message-State: ALoCoQnecTNp63cdxJahsr4W5gW7GnwhPv4XYAdo7qGAQB+8iUTqC9BAJvvk2sKxMDKne/nNbT/bKFxtp61FtQU2kuANfHdBNw==
X-Received: by 10.55.20.211 with SMTP id 80mr42207761qku.67.1453260611223; Tue, 19 Jan 2016 19:30:11 -0800 (PST)
MIME-Version: 1.0
References: <569E2076.2090405@gmx.net> <CABzCy2D8BvJkLCc543=pEdE4FZa+p1ekyuMs=TtVSnSCrTrviw@mail.gmail.com>
In-Reply-To: <CABzCy2D8BvJkLCc543=pEdE4FZa+p1ekyuMs=TtVSnSCrTrviw@mail.gmail.com>
From: Nat Sakimura <sakimura@gmail.com>
Date: Wed, 20 Jan 2016 03:30:01 +0000
Message-ID: <CABzCy2D1gca2OR2qp_gakThjkoLGfaZAo=GE85Lz4+3TrPbFVQ@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary=001a114495467f87b60529bb9ab7
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/lSCxUYEwYBVAM7WYR_aIdJlCNV8>
Subject: Re: [OAUTH-WG] Call for Adoption
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jan 2016 03:30:14 -0000

Just to give more context, at IETF 94, I have done a presentation on
discovery.

According to the minutes,

    (f) Discovery (Nat)

             Nat explains his document as an example of the work that
has to be done
             in the area of discovery, which is a topic that has been identified
             as necessary for interoperability since many years but so far there
             was not time to work on it. Mike, John and Nat are working on a new
             document that describes additional discovery-relevant components.

             Poll: 19 for / zero against / 4 persons need more information.


The document discussed there was
https://tools.ietf.org/html/draft-sakimura-oauth-meta-05. This is a simple
(only 1-page!) but a very powerful document that nudges towards HATEOAS
which is at the core of RESTful-ness. It also mitigates the Mix-up attack
without introducing the concept of issuer which is not in RFC6749. It is
also good for selecting different endpoints depending on the user
authentication and authorization results and more privacy sensitive than
pre-announced Discovery document. It also allows you to find to which
protected resource endpoint you can use the access token against.

In the last sentence of the minutes, it talks about "a new document that
describes additional discovery-relevant components". This is
https://tools.ietf.org/html/draft-jones-oauth-discovery-00.  It went for
the call for adoption. However, it is only a half of the story. I believe
https://tools.ietf.org/html/draft-sakimura-oauth-meta-05 that was discussed
at IETF 94 and had support there should be adopted as well.

Nat Sakimura




2016年1月20日(水) 12:05 Nat Sakimura <sakimura@gmail.com>;:

> Thanks Hannes.
>
> I did not find https://tools.ietf.org/html/draft-sakimura-oauth-meta-05, which
> was discussed in Yokohama, and was largely in agreement if my recollection
> is correct. Why is it not in the call for adoption?
>
>
>
> 2016年1月19日(火) 20:39 Hannes Tschofenig <hannes.tschofenig@gmx.net>;:
>
>> Hi all,
>>
>> we have submitted our new charter to the IESG (see
>> http://www.ietf.org/mail-archive/web/oauth/current/msg15379.html) and
>> since some IESG members like to see an updated list of milestones as
>> well. For this reason, based on a suggestion from Barry, we are also
>> starting a call for adoption concurrently with the review of the charter
>> text by the IESG.
>>
>> We will post separate mails on the individual documents. Your feedback
>> is important! Please take the time to look at the documents and provide
>> your feedback.
>>
>> Ciao
>> Hannes & Derek
>>
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>