Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
Phil Hunt <phil.hunt@oracle.com> Tue, 01 September 2015 15:13 UTC
Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C78421B2F99 for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 08:13:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UxRfkCFYRNwL for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 08:13:48 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE1121B324B for <oauth@ietf.org>; Tue, 1 Sep 2015 08:13:48 -0700 (PDT)
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t81FDjno013421 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 1 Sep 2015 15:13:46 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0021.oracle.com (8.13.8/8.13.8) with ESMTP id t81FDjPr003020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 1 Sep 2015 15:13:45 GMT
Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id t81FDjmd004820; Tue, 1 Sep 2015 15:13:45 GMT
Received: from [10.0.1.20] (/24.86.216.17) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 01 Sep 2015 08:13:45 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Phil Hunt <phil.hunt@oracle.com>
X-Mailer: iPhone Mail (12H321)
In-Reply-To: <55E544A6.3050203@gmx.net>
Date: Tue, 01 Sep 2015 08:13:44 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <514ABD00-586C-4ABC-A867-698CBC50DA79@oracle.com>
References: <20150901045617.CB44D187A98@rfc-editor.org> <55E544A6.3050203@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Source-IP: aserv0021.oracle.com [141.146.126.233]
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/ltHzjQIiYCCcr8h-tPw__1Kx-uc>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 15:13:50 -0000
+1 ! Phil > On Aug 31, 2015, at 23:24, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote: > > FYI: Thanks to Bill for the hard work! > > -------- Forwarded Message -------- > Subject: RFC 7628 on A Set of Simple Authentication and Security Layer > (SASL) Mechanisms for OAuth > Date: Mon, 31 Aug 2015 21:56:17 -0700 (PDT) > From: rfc-editor@rfc-editor.org > Reply-To: ietf@ietf.org > To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org > CC: kitten@ietf.org, drafts-update-ref@iana.org, rfc-editor@rfc-editor.org > > A new Request for Comments is now available in online RFC libraries. > > > RFC 7628 > > Title: A Set of Simple Authentication > and Security Layer (SASL) Mechanisms > for OAuth > Author: W. Mills, T. Showalter, H. Tschofenig > Status: Standards Track > Stream: IETF > Date: August 2015 > Mailbox: wmills_92105@yahoo.com, > tjs@psaux.com, > Hannes.Tschofenig@gmx.net > Pages: 21 > Characters: 46408 > Updates/Obsoletes/SeeAlso: None > > I-D Tag: draft-ietf-kitten-sasl-oauth-23.txt > > URL: https://www.rfc-editor.org/info/rfc7628 > > DOI: http://dx.doi.org/10.17487/RFC7628 > > OAuth enables a third-party application to obtain limited access to a > protected resource, either on behalf of a resource owner by > orchestrating an approval interaction or by allowing the third-party > application to obtain access on its own behalf. > > This document defines how an application client uses credentials > obtained via OAuth over the Simple Authentication and Security Layer > (SASL) to access a protected resource at a resource server. Thereby, > it enables schemes defined within the OAuth framework for > non-HTTP-based application protocols. > > Clients typically store the user's long-term credential. This does, > however, lead to significant security vulnerabilities, for example, > when such a credential leaks. A significant benefit of OAuth for > usage in those clients is that the password is replaced by a shared > secret with higher entropy, i.e., the token. Tokens typically > provide limited access rights and can be managed and revoked > separately from the user's long-term password. > > This document is a product of the Common Authentication Technology Next > Generation Working Group of the IETF. > > This is now a Proposed Standard. > > STANDARDS TRACK: This document specifies an Internet Standards Track > protocol for the Internet community, and requests discussion and suggestions > for improvements. Please refer to the current edition of the Official > Internet Protocol Standards (https://www.rfc-editor.org/standards) for the > standardization state and status of this protocol. Distribution of this > memo is unlimited. > > This announcement is sent to the IETF-Announce and rfc-dist lists. > To subscribe or unsubscribe, see > https://www.ietf.org/mailman/listinfo/ietf-announce > https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist > > For searching the RFC series, see https://www.rfc-editor.org/search > For downloading RFCs, see https://www.rfc-editor.org/rfc.html > > Requests for special distribution should be addressed to either the > author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless > specifically noted otherwise on the RFC itself, all RFCs are for > unlimited distribution. > > > The RFC Editor Team > Association Management Solutions, LLC > > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authe… Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Phil Hunt
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Mike Jones
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Torsten Lodderstedt
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Bill Mills
- Re: [OAUTH-WG] RFC 7628 on A Set of Simple Authen… Justin Richer
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Bill Mills