IETF Logo Mail Archive

Re: [OAUTH-WG] December 27, 2012 OAuth Release

William Mills <wmills_92105@yahoo.com> Sat, 29 December 2012 02:06 UTC

Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9B6F21F8D3F for <oauth@ietfa.amsl.com>; Fri, 28 Dec 2012 18:06:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.996
X-Spam-Level:
X-Spam-Status: No, score=-0.996 tagged_above=-999 required=5 tests=[AWL=-0.998, BAYES_50=0.001, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r8cXpa5R-8vY for <oauth@ietfa.amsl.com>; Fri, 28 Dec 2012 18:06:37 -0800 (PST)
Received: from nm30-vm0.bullet.mail.bf1.yahoo.com (nm30-vm0.bullet.mail.bf1.yahoo.com [98.139.213.126]) by ietfa.amsl.com (Postfix) with ESMTP id 8D60F21F8D32 for <oauth@ietf.org>; Fri, 28 Dec 2012 18:06:36 -0800 (PST)
Received: from [98.139.212.152] by nm30.bullet.mail.bf1.yahoo.com with NNFMP; 29 Dec 2012 02:06:35 -0000
Received: from [98.139.212.235] by tm9.bullet.mail.bf1.yahoo.com with NNFMP; 29 Dec 2012 02:06:35 -0000
Received: from [127.0.0.1] by omp1044.mail.bf1.yahoo.com with NNFMP; 29 Dec 2012 02:06:35 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 760317.77400.bm@omp1044.mail.bf1.yahoo.com
Received: (qmail 68544 invoked by uid 60001); 29 Dec 2012 02:06:35 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1356746795; bh=Lau5GAGnChRNiBSh3hGDMRJc2a3E4IvpR21PfLJkY7Y=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=IMMf1Z9gb/T98bEFTKucvbNwRALAvyIa2nfz8iuJQVs7xG5Tmt/bYOBWu7AeGHAueVxoTfOZ/2wSbbbj5BtXqeZfZ2AmOKDldDC2mBAlMPWqC0IK0vNCxSbJtzQE4fhdQr1ksA1ww3fhEtMddNc2e+Vv48h3AwjWlonAUbAbXVU=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=ZotbYO/2+KInj6ihQ6zdaY8u6eWMTQ0HTtOl9X5OwzQYAbUQ92VFVQaDsZ+nHZVQJJfv0moBBaRbVpLQOYxz/oeJSysAoX+BRfT34PMGWu/As/lbjYEmDoUxWcclyz5ig6h59YyHZMMp0nNpQCDSy2zd7k2JRy/i9Y0FUwKP32U=;
X-YMail-OSG: TQHNOoYVM1n1hJ3z5.R68qkGtJgn9MI4iuCgQMV_AEUHrex HGxXSgg5CiRJpgA8f9uLK9UI36A2M1ZZg68idLsf_qz3UHcJZ5Z60eSxQ2KT oOH5h8pnomK7Jt1dpy94mEEpdOF9aAY5LIBuDWKLBUZwbBrMhzwtJoolsiXl T6SC.sC6w9OA3zuPTOt2Vw4PVxMZYlpnrET4DTs_Mgxpm2aViOGkefBWT_B0 JH8gfRkRuD7RkIvFBL52YFFoLK6v62PN5gEYs8FkgtPWj6vPpBoZTn6wnyK6 HaJp8WzFQ1BGRLgtJa4764cFH.wDhNp1nQp9asvUREJuUzeKcFpQ8DRWXt7e zmKYeuTctBHhiAvu2pFlk8sZxhHafO5Iv2qWlx9xbSfScGCp_AGQWHQBTTFC BbgDOaSkkjDRm3cbiL_55mQk8447GDuMxGlCyfjubZ_Mt5XXXo2LI6zoSXAa QMrGQVyJRp82WGP6jmZCrM7xUnkkowjDYxbaJ3Vchplvcqe7LVe4PrgyyVVa LSQdYOV2dF3f8d24ote4-
Received: from [99.31.212.42] by web31807.mail.mud.yahoo.com via HTTP; Fri, 28 Dec 2012 18:06:34 PST
X-Rocket-MIMEInfo: 001.001, TWlrZSwKCkkndmUgcmVhZCB0aHJvdWdoIHRoZSBKV1Qgc3BlYyBhbmQgSSdtIGN1cmlvdXMgYWJvdXQgc29tZXRoaW5nLiDCoEhvdyBkbyBJIHNwZWNpZnkgYSBzaWduYXR1cmUgcmVxdWlyZW1lbnQgYXMgdGhlIHNlcnZlcj8gwqBJIGRpZG4ndCBzZWUgaXQgYnV0IEkgcHJvYmFibHkganVzdCBtaXNzZWQgaXQuIMKgSSdtIHRoaW5raW5nIHRoYXQgd2l0aCB2ZXJ5IGxpdHRsZSB3b3JrIGEgSldUIGNhbiBkbyBldmVyeXRoaW5nIHRoYXQgTUFDIGRvZXMgd2l0aCBncmVhdGVyIGZsZXhpYmlsaXR5LCAqQlVUKiABMAEBAQE-
X-Mailer: YahooMailWebService/0.8.129.483
References: <4E1F6AAD24975D4BA5B1680429673943669B0A1E@TK5EX14MBXC283.redmond.corp.microsoft.com>
Message-ID: <1356746794.51868.YahooMailNeo@web31807.mail.mud.yahoo.com>
Date: Fri, 28 Dec 2012 18:06:34 -0800
From: William Mills <wmills_92105@yahoo.com>
To: Mike Jones <Michael.Jones@microsoft.com>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <4E1F6AAD24975D4BA5B1680429673943669B0A1E@TK5EX14MBXC283.redmond.corp.microsoft.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-125733401-346383595-1356746794=:51868"
Subject: Re: [OAUTH-WG] December 27, 2012 OAuth Release
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Dec 2012 02:06:38 -0000

Mike,

I've read through the JWT spec and I'm curious about something.  How do I specify a signature requirement as the server?  I didn't see it but I probably just missed it.  I'm thinking that with very little work a JWT can do everything that MAC does with greater flexibility, *BUT* the server needs to be able to require a signed usage.  Something I never liked about OAuth 1.0 is that the server must support all valid signature types, even PLAINTEXT, so I want to be able to avoid that.

It would require the client to be able to include client generated stuff in the JWT.

Thanks,

-bill

v2.23.0 | Report a Bug | By Email