IETF Logo Mail Archive

Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth

Phil Hunt <phil.hunt@oracle.com> Tue, 01 September 2015 15:13 UTC

Return-Path: <phil.hunt@oracle.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C78421B2F99 for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 08:13:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UxRfkCFYRNwL for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 08:13:48 -0700 (PDT)
Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE1121B324B for <oauth@ietf.org>; Tue, 1 Sep 2015 08:13:48 -0700 (PDT)
Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id t81FDjno013421 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 1 Sep 2015 15:13:46 GMT
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0021.oracle.com (8.13.8/8.13.8) with ESMTP id t81FDjPr003020 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 1 Sep 2015 15:13:45 GMT
Received: from abhmp0015.oracle.com (abhmp0015.oracle.com [141.146.116.21]) by aserv0121.oracle.com (8.13.8/8.13.8) with ESMTP id t81FDjmd004820; Tue, 1 Sep 2015 15:13:45 GMT
Received: from [10.0.1.20] (/24.86.216.17) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 01 Sep 2015 08:13:45 -0700
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Phil Hunt <phil.hunt@oracle.com>
X-Mailer: iPhone Mail (12H321)
In-Reply-To: <55E544A6.3050203@gmx.net>
Date: Tue, 01 Sep 2015 08:13:44 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <514ABD00-586C-4ABC-A867-698CBC50DA79@oracle.com>
References: <20150901045617.CB44D187A98@rfc-editor.org> <55E544A6.3050203@gmx.net>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
X-Source-IP: aserv0021.oracle.com [141.146.126.233]
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/ltHzjQIiYCCcr8h-tPw__1Kx-uc>
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 15:13:50 -0000

+1 !

Phil

> On Aug 31, 2015, at 23:24, Hannes Tschofenig <hannes.tschofenig@gmx.net> wrote:
> 
> FYI: Thanks to Bill for the hard work!
> 
> -------- Forwarded Message --------
> Subject: RFC 7628 on A Set of Simple Authentication and Security Layer
> (SASL) Mechanisms for OAuth
> Date: Mon, 31 Aug 2015 21:56:17 -0700 (PDT)
> From: rfc-editor@rfc-editor.org
> Reply-To: ietf@ietf.org
> To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
> CC: kitten@ietf.org, drafts-update-ref@iana.org, rfc-editor@rfc-editor.org
> 
> A new Request for Comments is now available in online RFC libraries.
> 
> 
>        RFC 7628
> 
>        Title:      A Set of Simple Authentication
>                    and Security Layer (SASL) Mechanisms
>                    for OAuth
>        Author:     W. Mills, T. Showalter, H. Tschofenig
>        Status:     Standards Track
>        Stream:     IETF
>        Date:       August 2015
>        Mailbox:    wmills_92105@yahoo.com,
>                    tjs@psaux.com,
>                    Hannes.Tschofenig@gmx.net
>        Pages:      21
>        Characters: 46408
>        Updates/Obsoletes/SeeAlso:   None
> 
>        I-D Tag:    draft-ietf-kitten-sasl-oauth-23.txt
> 
>        URL:        https://www.rfc-editor.org/info/rfc7628
> 
>        DOI:        http://dx.doi.org/10.17487/RFC7628
> 
> OAuth enables a third-party application to obtain limited access to a
> protected resource, either on behalf of a resource owner by
> orchestrating an approval interaction or by allowing the third-party
> application to obtain access on its own behalf.
> 
> This document defines how an application client uses credentials
> obtained via OAuth over the Simple Authentication and Security Layer
> (SASL) to access a protected resource at a resource server.  Thereby,
> it enables schemes defined within the OAuth framework for
> non-HTTP-based application protocols.
> 
> Clients typically store the user's long-term credential.  This does,
> however, lead to significant security vulnerabilities, for example,
> when such a credential leaks.  A significant benefit of OAuth for
> usage in those clients is that the password is replaced by a shared
> secret with higher entropy, i.e., the token.  Tokens typically
> provide limited access rights and can be managed and revoked
> separately from the user's long-term password.
> 
> This document is a product of the Common Authentication Technology Next
> Generation Working Group of the IETF.
> 
> This is now a Proposed Standard.
> 
> STANDARDS TRACK: This document specifies an Internet Standards Track
> protocol for the Internet community, and requests discussion and suggestions
> for improvements.  Please refer to the current edition of the Official
> Internet Protocol Standards (https://www.rfc-editor.org/standards) for the
> standardization state and status of this protocol.  Distribution of this
> memo is unlimited.
> 
> This announcement is sent to the IETF-Announce and rfc-dist lists.
> To subscribe or unsubscribe, see
>  https://www.ietf.org/mailman/listinfo/ietf-announce
>  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist
> 
> For searching the RFC series, see https://www.rfc-editor.org/search
> For downloading RFCs, see https://www.rfc-editor.org/rfc.html
> 
> Requests for special distribution should be addressed to either the
> author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
> specifically noted otherwise on the RFC itself, all RFCs are for
> unlimited distribution.
> 
> 
> The RFC Editor Team
> Association Management Solutions, LLC
> 
> 
> 
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email