[OAUTH-WG] Assertion Draft: Text about Interoperability -- Today
"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Fri, 18 January 2013 12:04 UTC
Return-Path: <hannes.tschofenig@nsn.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5578E21F88B2 for <oauth@ietfa.amsl.com>; Fri, 18 Jan 2013 04:04:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EN9YkJ7DmB1V for <oauth@ietfa.amsl.com>; Fri, 18 Jan 2013 04:04:39 -0800 (PST)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net [93.183.12.31]) by ietfa.amsl.com (Postfix) with ESMTP id 13AF721F84D8 for <oauth@ietf.org>; Fri, 18 Jan 2013 04:04:38 -0800 (PST)
Received: from demuprx017.emea.nsn-intra.net ([10.150.129.56]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id r0IC4Tld000881 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <oauth@ietf.org>; Fri, 18 Jan 2013 13:04:29 +0100
Received: from demuexc022.nsn-intra.net (demuexc022.nsn-intra.net [10.150.128.35]) by demuprx017.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id r0IC4TSl030253 for <oauth@ietf.org>; Fri, 18 Jan 2013 13:04:29 +0100
Received: from FIESEXC035.nsn-intra.net ([10.159.0.25]) by demuexc022.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.4675); Fri, 18 Jan 2013 13:04:28 +0100
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 18 Jan 2013 14:04:28 +0200
Message-ID: <999913AB42CC9341B05A99BBF358718D02513229@FIESEXC035.nsn-intra.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Assertion Draft: Text about Interoperability -- Today
Thread-Index: Ac31c/ey/0oPxcEZTU2GjVm1VBYpaA==
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
To: oauth@ietf.org
X-OriginalArrivalTime: 18 Jan 2013 12:04:28.0923 (UTC) FILETIME=[F7B104B0:01CDF573]
X-purgate-type: clean
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for further information)
X-purgate-size: 2894
X-purgate-ID: 151667::1358510669-00003C02-1667706C/0-0/0-0
X-Mailman-Approved-At: Fri, 18 Jan 2013 04:06:16 -0800
Subject: [OAUTH-WG] Assertion Draft: Text about Interoperability -- Today
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2013 12:04:40 -0000
Hi all, As you have seen on the list (see http://www.ietf.org/mail-archive/web/oauth/current/msg10526.html) I had a chat with Mike about how to address my comment for the assertion draft and Mike kindly provided his text proposal (see http://www.ietf.org/mail-archive/web/oauth/current/msg10529.html). I have used his text as input and extended it a bit. Here is the updated text. ---- Operational Considerations and Interoperability Expectations This specification defines a framework for using assertions with OAuth 2.0. However, as an abstract framework on its own, this specification is not sufficient to produce interoperable implementations. Two other specifications that instantiate this framework have been developed, one uses SAML 2.0-based assertions and is described in [I-D.ietf-oauth-saml2-bearer] and the second builds on JSON Web Tokens (JWTs) and can be found in [I-D.ietf-oauth-jwt-bearer]. These two instantiations provide additional details about the assertion encoding and processing rules for those interested to implement and deploy assertions with OAuth 2.0. However, even with these instance documents an interoperable implementation is not possible since for a specific deployment environment (within a trust framework or circle of trust, as it is sometimes called) agreements about acceptable values for various fields in the specification have to be agreed upon. For example, the audience field needs to be populated by the entity that generates the assertion with a specific value and that value may hold identifiers of different types (for example, a URL, an IP address, an FQDN) and the entity receiving and verifying the assertion must compare the value in the audience field with other information it may obtain from the request and/or with locally available information. Since the abstract framework nor the instance documents provide sufficient information about the syntax, the semantic and the comparison operation of the audience field additional profiling in further specifications is needed for an interoperable implementation. This additional profiling is not only needed for the audience field but also for other fields as well. This framework was designed with the expectation that additional specifications will fill this gap for deployment-specific environments. ---- You have the choice: 1. take this as-is if you want the assertion draft (draft-ietf-oauth-assertions ) on the Jan 24 IESG telechat. There is no normative text in the writeup; it is rather a clarification. 2. discuss it if need be, and draft-ietf-oauth-assertions will be on the Feb 7 telechat (if the discussion is done by Feb 1) 1 or 2 needs to be chosen today. Ciao Hannes PS: FYI - draft-ietf-oauth-saml2-bearer and draft-ietf-oauth-jwt-bearer are not yet on the telechat agenda.
- [OAUTH-WG] Assertion Draft: Text about Interopera… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [OAUTH-WG] Assertion Draft: Text about Intero… Stephen Farrell
- Re: [OAUTH-WG] Assertion Draft: Text about Intero… Mike Jones
- Re: [OAUTH-WG] Assertion Draft: Text about Intero… Mike Jones
- Re: [OAUTH-WG] Assertion Draft: Text about Intero… Brian Campbell
- Re: [OAUTH-WG] Assertion Draft: Text about Intero… Chuck Mortimore
- Re: [OAUTH-WG] Assertion Draft: Text about Intero… John Bradley
- Re: [OAUTH-WG] Assertion Draft: Text about Intero… Hannes Tschofenig
- Re: [OAUTH-WG] Assertion Draft: Text about Intero… Stephen Farrell
- Re: [OAUTH-WG] Assertion Draft: Text about Intero… Mike Jones