Re: [OAUTH-WG] Assertion flow and token bootstrapping
Dick Hardt <dick.hardt@gmail.com> Mon, 07 June 2010 17:36 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D514B3A6B63 for <oauth@core3.amsl.com>; Mon, 7 Jun 2010 10:36:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.3
X-Spam-Level:
X-Spam-Status: No, score=-1.3 tagged_above=-999 required=5 tests=[AWL=1.300, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RUU7dXAdu3BW for <oauth@core3.amsl.com>; Mon, 7 Jun 2010 10:35:56 -0700 (PDT)
Received: from mail-pv0-f172.google.com (mail-pv0-f172.google.com [74.125.83.172]) by core3.amsl.com (Postfix) with ESMTP id 097913A6B80 for <oauth@ietf.org>; Mon, 7 Jun 2010 09:41:18 -0700 (PDT)
Received: by pvf33 with SMTP id 33so1788556pvf.31 for <oauth@ietf.org>; Mon, 07 Jun 2010 09:41:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to:x-mailer; bh=zOlkHmTpWVMC515V+Qk8VYMfAN9nYwP6wZmHLXyQmvc=; b=uKjDmLqz655wlXYwXnhQ8XnEQ7tMILlMy1quufNaDSb63QYmsb5QuZ1DimlCRVwq8J 8mbnEQ4jKBZ647vtYRXHsg9YterQR4Zd+XNaHdKOf/sgtVzEpT+4sO66t3CYCPcjaSf1 kKXloOczKaUxu+qYfbdklqVV9RJwdJLzWTvHY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer; b=YVBoz9Ent2b3ZU/OshrHF0uXRcguEzf86P4kX0J4+ZCvNcjB3cAYxxSwzCBH2qZAzM T/M/LIlT6QWvp5Rg08Bo5d8JgTZR7Mk1xPBPgD2FBhHe7LzS/WVHKfsgef1/Ep8u9253 l1C9BlcQE9jRYYlo0HiRTt5M+2wE0DPukeDas=
Received: by 10.141.15.8 with SMTP id s8mr12102356rvi.126.1275928875523; Mon, 07 Jun 2010 09:41:15 -0700 (PDT)
Received: from [10.0.1.18] ([24.130.32.55]) by mx.google.com with ESMTPS id b2sm4873422rvn.7.2010.06.07.09.41.13 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 07 Jun 2010 09:41:13 -0700 (PDT)
Mime-Version: 1.0 (Apple Message framework v1078)
Content-Type: text/plain; charset="us-ascii"
From: Dick Hardt <dick.hardt@gmail.com>
In-Reply-To: <DADD7EAD88AB484D8CCC328D40214CCD0179258E2E@EXPO10.exchange.mit.edu>
Date: Mon, 07 Jun 2010 09:41:11 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <D89CC49A-A0D2-40C9-A789-696D0FBE511B@gmail.com>
References: <AANLkTilYX46pz5qI67nrgYxB_Lf1tx8DZM9YYs-QuT9T@mail.gmail.com> <DADD7EAD88AB484D8CCC328D40214CCD0179258AC0@EXPO10.exchange.mit.edu> <AANLkTimc8tUKxMmm6yCk2Nd_sRQpd8nJbBUgOhUi9EIh@mail.gmail.com> <AANLkTilkKlU71vA5Gm5kwmbgsTsDmtw8xQfq_HrtgyrV@mail.gmail.com> <DADD7EAD88AB484D8CCC328D40214CCD0179258BA5@EXPO10.exchange.mit.edu> <4C07C84C.9070705@stpeter.im> <AANLkTimsii6OMCXzyeQczM-Yq9CB3klJweTQ_TL9P9qp@mail.gmail.com> <700AC043-9E28-491D-B3CD-789245E30EA9@pingidentity.com> <57FA7F56-ADC2-404A-950E-5D43FBDE75D9@facebook.com> <4C2E55D5-072B-4F08-A341-7405F2F1C944@gmail.com> <DADD7EAD88AB484D8CCC328D40214CCD0179258DC5@EXPO10.exchange.mit.edu> <77E0A4F9-9211-4E2A-B6A1-4E812192BA82@gmail.com> <DADD7EAD88AB484D8CCC328D40214CCD0179258E2E@EXPO10.exchange.mit.edu>
To: Thomas Hardjono <hardjono@MIT.EDU>
X-Mailer: Apple Mail (2.1078)
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Assertion flow and token bootstrapping
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2010 17:36:05 -0000
I would prefer to see it in the core spec. On 2010-06-07, at 7:32 AM, Thomas Hardjono wrote: > Thanks Dick. I was just kinda confused: if the Assertion Flow was already in the WRAP draft and now in the core spec (OAuth2.0-draft-05), what do we gain from separating it off again. > > /thomas/ > > __________________________________________ > > >> -----Original Message----- >> From: Dick Hardt [mailto:dick.hardt@gmail.com] >> Sent: Sunday, June 06, 2010 8:10 PM >> To: Thomas Hardjono >> Cc: oauth@ietf.org >> Subject: Re: [OAUTH-WG] Assertion flow and token bootstrapping >> >> I hope so. >> >> On 2010-06-06, at 3:22 PM, Thomas Hardjono wrote: >> >>> Apologies for another newbie question: is the design-intention underlying >> the Assertion Flow in OAuth2.0-draft-05 the same as that in the WRAP draft >> (draft-hardt-oauth-01)? >>> >>> /thomas/ >>> >>> __________________________________________ >>> >>>> -----Original Message----- >>>> From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of >>>> Dick Hardt >>>> Sent: Friday, June 04, 2010 9:59 PM >>>> To: Luke Shepard >>>> Cc: oauth@ietf.org >>>> Subject: Re: [OAUTH-WG] Assertion flow and token bootstrapping >>>> >>>> because we use it >>>> >>>> On 2010-06-04, at 6:40 PM, Luke Shepard wrote: >>>> >>>>> Why? >>>>> >>>>> On Jun 4, 2010, at 4:41 PM, Patrick Harding wrote: >>>>> >>>>>> +1 >>>>>> >>>>>> Sent from my iPhone >>>>>> >>>>>> On Jun 4, 2010, at 5:38 PM, Brian Campbell >>>>>> <bcampbell@pingidentity.com> wrote: >>>>>> >>>>>>> On Thu, Jun 3, 2010 at 9:20 AM, Peter Saint-Andre >>>>>>> <stpeter@stpeter.im> wrote: >>>>>>>> >>>>>>>> At least for the assertion flow, that's definitely true. At the >>>>>>>> interim >>>>>>>> meeting we had some discussion about perhaps pulling the assertion >>>>>>>> flow >>>>>>>> out of the base spec and into a separate document. Perhaps that's the >>>>>>>> best way to proceed. >>>>>>> >>>>>>> >>>>>>> I'd like to see the assertion flow remain in the base spec. >>>>>>> _______________________________________________ >>>>>>> OAuth mailing list >>>>>>> OAuth@ietf.org >>>>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>>> _______________________________________________ >>>>>> OAuth mailing list >>>>>> OAuth@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/oauth >>>>> >>>>> _______________________________________________ >>>>> OAuth mailing list >>>>> OAuth@ietf.org >>>>> https://www.ietf.org/mailman/listinfo/oauth >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Assertion flow and token bootstrapping Lisa Dusseault
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Thomas Hardjono
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Brian Campbell
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Dick Hardt
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Torsten Lodderstedt
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Thomas Hardjono
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Peter Saint-Andre
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Paul Madsen
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Dick Hardt
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Dick Hardt
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Brian Campbell
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Torsten Lodderstedt
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Patrick Harding
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Luke Shepard
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Dick Hardt
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Thomas Hardjono
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Dick Hardt
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Thomas Hardjono
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Dick Hardt
- Re: [OAUTH-WG] Assertion flow and token bootstrap… Eran Hammer-Lahav