[OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
Hannes Tschofenig <hannes.tschofenig@gmx.net> Tue, 01 September 2015 07:51 UTC
Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE0361B883A for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 00:51:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dFu85bvjTX4R for <oauth@ietfa.amsl.com>; Tue, 1 Sep 2015 00:51:06 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A723D1B883C for <oauth@ietf.org>; Tue, 1 Sep 2015 00:51:06 -0700 (PDT)
Received: from [192.168.10.154] ([101.53.7.10]) by mail.gmx.com (mrgmx003) with ESMTPSA (Nemesis) id 0Ljqgb-1YzXSA3OcD-00buzS for <oauth@ietf.org>; Tue, 01 Sep 2015 09:51:04 +0200
References: <20150901045617.CB44D187A98@rfc-editor.org>
To: "oauth@ietf.org" <oauth@ietf.org>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
X-Forwarded-Message-Id: <20150901045617.CB44D187A98@rfc-editor.org>
Message-ID: <55E544A6.3050203@gmx.net>
Date: Tue, 01 Sep 2015 08:24:38 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <20150901045617.CB44D187A98@rfc-editor.org>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="3DiXM1rhQ9EveDxATvTTS7nnFMsTxBUj2"
X-Provags-ID: V03:K0:bCVZXHL4RJJQ+osZKjOIir9aTahsFwAGgFzvP3X/5AKXPujK2yf riPQ3hkIbSLpKEzjde1Jp08+lsqTfZ9ZW2jxuuJy1G6A+h/vSn2oNDX5ET236BvzZVjLuAV Qs9PhB01ZrR+oxlCduMsa0jdOyq/NG9Uryc/b/x8f47Dm2vFIKbou0hRHi0/qtw3CBMRUDC AGvCWbKZ+KPIK8dVPKPvw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:a+MKL4NuY2Y=:tZriwHFRJAhqw7vvcfULsU YaVvNeeq49YWCwMF0rYjOX8VebHFUsII+UkVLiCaogajXPERr+3Hq1I7edK0wu2jo9BUOUnEu 4kr27rHS/z6tUypYr4U9QjbBouc4/B9mYMYi1i3B1y/Ah2msgadGVOLxqsoxu8SzFAv4mvF0r 1cxcYuczTkXo3HYGKX/yxerZLpjVilQvia86lXBQ/qOyiJ2u85X4NhO9Cwsbtgn7Mddphs5s6 ZUfutGGZISrugs27oh3opgQXfg7VFD85BNpI4oG4cHfKjRa8eXStri1jjmuCeTQuAj89HUObN Qt9rWVgMoQ35k3WylGo5pyb9XT9DI6iYjqNBZbsGyV91G2LuAotmvaKOBS5GqJ6EhTggR5nUs uh9cpnIYWaeCa7NEb/9Z8efSL6OU7+0E0r+5zV4m38Gr/d3ZLYW4WadXU2/ZnWQ/tkbZWbE8f p6eKivjsWF5y9Dsoi2zXxj/W28QbDuBAVv1G5Y2Ksjf18Urb1rN8vh409X4IwtGXtYnspg6WB icPeHjjanrqQl8hO1GSRfaYZezF3G4AYu2bUkssh73bFoNi6GkI0aSiSyaSkMpEjZKas/LxJz yyszzH9FsUqZQ+y3FzqEEA3eMLJZP0+OnCcvfy9kX5QQY6IF4LFnB2KWVHPi8z0MxoYCuIL3U fagB1Io2tiFEPuuY3vvC91onn6Fa1N9dglX2HSk039YArLppZOEWQ49OhBkSq481ES0Mu253V cc6LJkchNv271JyAae+DO3CTLC0IVYAVHqQ4cw==
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/mtKxfPSBMV5fHJ2VLMlPaAl-xT8>
Subject: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2015 07:51:08 -0000
FYI: Thanks to Bill for the hard work! -------- Forwarded Message -------- Subject: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth Date: Mon, 31 Aug 2015 21:56:17 -0700 (PDT) From: rfc-editor@rfc-editor.org Reply-To: ietf@ietf.org To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org CC: kitten@ietf.org, drafts-update-ref@iana.org, rfc-editor@rfc-editor.org A new Request for Comments is now available in online RFC libraries. RFC 7628 Title: A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth Author: W. Mills, T. Showalter, H. Tschofenig Status: Standards Track Stream: IETF Date: August 2015 Mailbox: wmills_92105@yahoo.com, tjs@psaux.com, Hannes.Tschofenig@gmx.net Pages: 21 Characters: 46408 Updates/Obsoletes/SeeAlso: None I-D Tag: draft-ietf-kitten-sasl-oauth-23.txt URL: https://www.rfc-editor.org/info/rfc7628 DOI: http://dx.doi.org/10.17487/RFC7628 OAuth enables a third-party application to obtain limited access to a protected resource, either on behalf of a resource owner by orchestrating an approval interaction or by allowing the third-party application to obtain access on its own behalf. This document defines how an application client uses credentials obtained via OAuth over the Simple Authentication and Security Layer (SASL) to access a protected resource at a resource server. Thereby, it enables schemes defined within the OAuth framework for non-HTTP-based application protocols. Clients typically store the user's long-term credential. This does, however, lead to significant security vulnerabilities, for example, when such a credential leaks. A significant benefit of OAuth for usage in those clients is that the password is replaced by a shared secret with higher entropy, i.e., the token. Tokens typically provide limited access rights and can be managed and revoked separately from the user's long-term password. This document is a product of the Common Authentication Technology Next Generation Working Group of the IETF. This is now a Proposed Standard. STANDARDS TRACK: This document specifies an Internet Standards Track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the Official Internet Protocol Standards (https://www.rfc-editor.org/standards) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/rfc.html Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC
- [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authe… Hannes Tschofenig
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Phil Hunt
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Mike Jones
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Torsten Lodderstedt
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Bill Mills
- Re: [OAUTH-WG] RFC 7628 on A Set of Simple Authen… Justin Richer
- Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple A… Bill Mills