Re: [oauth] OAUTH Charter Proposal
Krishna Sankar <ksankar@gte.net> Sat, 31 January 2009 04:43 UTC
Return-Path: <oauth-bounces@ietf.org>
X-Original-To: oauth-archive@ietf.org
Delivered-To: ietfarch-oauth-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3FB893A68A1; Fri, 30 Jan 2009 20:43:32 -0800 (PST)
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6D16D3A685F for <oauth@core3.amsl.com>; Fri, 30 Jan 2009 20:43:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bSNk+2K3kvhx for <oauth@core3.amsl.com>; Fri, 30 Jan 2009 20:43:30 -0800 (PST)
Received: from vms173019pub.verizon.net (vms173019pub.verizon.net [206.46.173.19]) by core3.amsl.com (Postfix) with ESMTP id 456F03A679C for <oauth@ietf.org>; Fri, 30 Jan 2009 20:43:30 -0800 (PST)
Received: from [192.168.1.66] ([71.146.5.160]) by vms173019.mailsrvcs.net (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008; 32bit)) with ESMTPA id <0KEB00382JRBPLG2@vms173019.mailsrvcs.net> for oauth@ietf.org; Fri, 30 Jan 2009 22:42:48 -0600 (CST)
Message-id: <4983D6C7.8070201@gte.net>
Date: Fri, 30 Jan 2009 20:42:47 -0800
From: Krishna Sankar <ksankar@gte.net>
User-Agent: Thunderbird 2.0.0.19 (Macintosh/20081209)
MIME-version: 1.0
To: Eran Hammer-Lahav <eran@hueniverse.com>
References: <C5A8C0A3.11CC5%eran@hueniverse.com>
In-reply-to: <C5A8C0A3.11CC5%eran@hueniverse.com>
Cc: Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [oauth] OAUTH Charter Proposal
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Oauth bof discussion <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Sender: oauth-bounces@ietf.org
Errors-To: oauth-bounces@ietf.org
+1. We bounded with enough flexibility. Should we mention anything about extensions or any extensibility framework ? Cheers <k/> Eran Hammer-Lahav wrote: > I like the proposed charter. I think it offers enough flexibility for > changes while maintaining the spirit and framework of the OAuth Core > 1.0 spec. > > EHL > > > On 1/30/09 2:32 PM, "Hannes Tschofenig" <Hannes.Tschofenig@gmx.net> wrote: > > We need a couple of folks agreeing the charter proposals. > > Next, there is the question whether a meeting slot at the next > IETF meeting > (in San Francisco) should be requested (e.g., in the form of a > BOF). This > would give some discussion time for the details of the BOF or if > everyone > likes the charter till then already one could disuss the technical > details > instead. > > The Area Directors are then requested to charter a working group. They > discuss it within the IESG and get feedback from the IAB. They > also need to > find chairs for the group. > > Ciao > Hannes > > >-----Original Message----- > >From: Blaine Cook [mailto:romeda@gmail.com] > >Sent: 30 January, 2009 21:04 > >To: Hannes Tschofenig > >Cc: oauth@ietf.org > >Subject: Re: [oauth] OAUTH Charter Proposal > > > >+1. This looks awesome, thanks Hannes. What are the next steps? My > >understanding is that first we need some kind of consensus on > >this charter, and then ?? > > > >b. > > > >On Fri, Jan 30, 2009 at 5:55 PM, Hannes Tschofenig > ><Hannes.Tschofenig@gmx.net> wrote: > >> Hi all, > >> > >> After a chat with Lisa I got in touch with Eran to slightly > >revise the > >> charter text that Sam and Mark put together for the last > >IETF meeting. > >> > >> It should addresses some of the comments provided during the > >BOF. Your > >> feedback is welcome. > >> > >> Ciao > >> Hannes > >> > >> ------------------------------------- > >> > >> Open Authentication Protocol (oauth) > >> > >> Last Modified: 2009-01-30 > >> > >> Chair(s): > >> > >> TBD > >> > >> Applications Area Director(s): > >> > >> Chris Newman <chris.newman@sun.com> > >> Lisa Dusseault <lisa@osafoundation.org> > >> > >> Applications Area Advisor: > >> > >> TBD > >> > >> Mailing Lists: > >> > >> https://www.ietf.org/mailman/listinfo/oauth > >> > >> Description of Working Group: > >> > >> OAuth allows a user to grant a third-party Web site or application > >> access to their resources, without revealing their credentials, or > >> even their identity. For example, a photo-sharing site that supports > >> OAuth would allow its users to use a third-party printing > >Web site to > >> access their private pictures, without gaining full control > >of the user account. > >> > >> OAuth consist of: > >> * A mechanism for exchanging a user's credentials for a > >token-secret > >> pair which can be used by a third party to access resources on their > >> behalf > >> * A mechanism for signing HTTP requests with the token-secret pair > >> > >> The Working Group will produce one or more documents suitable for > >> consideration as Proposed Standard, based upon the OAuth > >I-D, that will: > >> * Align OAuth with the Internet and Web architectures, best > >practices > >> and terminology > >> * Assure good security practice, or document gaps in its > >capabilities > >> * Promote interoperability > >> > >> This specifically means that as a starting point for the > >working group > >> the OAuth 1.0 specification is used and the available > >extension points > >> are going to be utilized. It seems desireable to profile > >OAuth 1.0 in > >> a way that produces a specification that is a backwards compatible > >> profile, i.e. any OAUTH 1.0 and the specification produced by this > >> group must support a basic set of features to guarantee > >> interoperability. > >> > >> Furthermore, Oauth 1.0 defines three signature methods used > >to protect > >> requests, namely PLAINTEXT, HMAC-SHA1, and RSA-SHA1. The group will > >> work on new signature methods in case the existing mechanisms do not > >> fulfill the security requirements. Existing signature > >methods will not > >> be modified but may be dropped as part of the backwards > >compatible profiling activity. > >> > >> In doing so, it should consider: > >> * Implementer experience > >> * Existing uses of OAuth > >> * Ability to achieve broad impementation > >> * Ability to address broader use cases than may be contemplated by > >> the original authors > >> * Impact on the Internet and Web > >> > >> The Working Group is not tasked with defining a generally applicable > >> HTTP Authentication mechanism (i.e., browser-based "2-leg" > >scenerio), > >> and should consider this work out of scope in its discussions. > >> However, if the deliverables are able to be factored in such a way > >> that this is a byproduct, or such a scenario could be addressed by > >> additional future work, the Working Group may choose to do so. > >> > >> After delivering OAuth, the Working Group MAY consider defining > >> additional functions and/or extensions, for example (but not limited > >> to): > >> * Discovery of authentication configuration > >> * Message integrity > >> * Recommendations regarding the structure of the token > >> > >> Goals and Milestones: > >> > >> 12/2009 Submit document(s) suitable for publication as > >standards-track > >> RFCs. > >> > >> _______________________________________________ > >> oauth mailing list > >> oauth@ietf.org > >> https://www.ietf.org/mailman/listinfo/oauth > >> > > > > _______________________________________________ > oauth mailing list > oauth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > ------------------------------------------------------------------------ > > _______________________________________________ > oauth mailing list > oauth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > _______________________________________________ oauth mailing list oauth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- Re: [oauth] OAUTH Charter Proposal James Aylett
- [oauth] OAUTH Charter Proposal Hannes Tschofenig
- Re: [oauth] OAUTH Charter Proposal Blaine Cook
- Re: [oauth] OAUTH Charter Proposal Hannes Tschofenig
- Re: [oauth] OAUTH Charter Proposal Eran Hammer-Lahav
- Re: [oauth] OAUTH Charter Proposal Krishna Sankar
- Re: [oauth] OAUTH Charter Proposal Hannes Tschofenig
- Re: [oauth] OAUTH Charter Proposal Krishna Sankar
- Re: [oauth] OAUTH Charter Proposal Hannes Tschofenig
- Re: [oauth] OAUTH Charter Proposal Krishna Sankar
- Re: [oauth] OAUTH Charter Proposal Chris Messina
- Re: [oauth] OAUTH Charter Proposal Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [oauth] OAUTH Charter Proposal Chris Messina
- Re: [oauth] OAUTH Charter Proposal Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [oauth] OAUTH Charter Proposal George Fletcher
- Re: [oauth] OAUTH Charter Proposal Hubert Le Van Gong
- Re: [oauth] OAUTH Charter Proposal Hannes Tschofenig
- Re: [oauth] OAUTH Charter Proposal Hannes Tschofenig
- Re: [oauth] OAUTH Charter Proposal Hubert Le Van Gong
- Re: [oauth] OAUTH Charter Proposal Eran Hammer-Lahav
- Re: [oauth] OAUTH Charter Proposal Blaine Cook
- Re: [oauth] OAUTH Charter Proposal Eran Hammer-Lahav
- Re: [oauth] OAUTH Charter Proposal kellan
- Re: [oauth] OAUTH Charter Proposal John Kemp
- Re: [oauth] OAUTH Charter Proposal Blaine Cook
- Re: [oauth] OAUTH Charter Proposal George Fletcher
- Re: [oauth] OAUTH Charter Proposal Lisa Dusseault
- Re: [oauth] OAUTH Charter Proposal Eran Hammer-Lahav
- Re: [oauth] OAUTH Charter Proposal Hallam-Baker, Phillip
- Re: [oauth] OAUTH Charter Proposal Bill de hOra
- Re: [oauth] OAUTH Charter Proposal Joseph A Holsten
- Re: [oauth] OAUTH Charter Proposal Hannes Tschofenig