[OAUTH-WG] Conclusion ... was 2nd Call for Adoption: Authentication Method Reference Values

Hannes Tschofenig <hannes.tschofenig@gmx.net> Thu, 10 March 2016 10:21 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 8398512D641 for <oauth@ietfa.amsl.com>; Thu, 10 Mar 2016 02:21:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id VeGKTnhhjGul for <oauth@ietfa.amsl.com>; Thu, 10 Mar 2016 02:21:35 -0800 (PST)
Received: from mout.gmx.net (mout.gmx.net []) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C9E6312D5C9 for <oauth@ietf.org>; Thu, 10 Mar 2016 02:21:34 -0800 (PST)
Received: from [] ([]) by mail.gmx.com (mrgmx102) with ESMTPSA (Nemesis) id 0MHrk1-1agz3e2pkj-003bEn for <oauth@ietf.org>; Thu, 10 Mar 2016 11:21:31 +0100
To: "oauth@ietf.org" <oauth@ietf.org>
References: <56C5C273.30406@gmx.net>
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Openpgp: id=071A97A9ECBADCA8E31E678554D9CEEF4D776BC9
Message-ID: <56E14AAA.2040203@gmx.net>
Date: Thu, 10 Mar 2016 11:21:30 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <56C5C273.30406@gmx.net>
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="KlSvXPbngCtKBpUUSdJ3fJMnAEB7qKIFO"
X-Provags-ID: V03:K0:3S8NAkX/yqZxD3cHeML75Rbr0EiYcMvS/YktvHlH3TUZT5+5UKD UQ7HlFau60gFFHmrB7UGOpgO6C0D3jWeYR3g4+4YMFWyDM8UpjMG1o6nuAttCw8OxFvaKKH gT2sZjNwPf9HZ/BP+SZanenqR5iYtyN8j/hdbKiPmd+bwBTvG2sOg60lu1YJLe7A1eSALez 1E/7r3dBoa0m9p5ZyqFAw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:rZT/PTzuKRo=:TxyZ9YP669TFtC31kfw4fU Z/bMww/7ymf+GIKHG5UdkMQhG5LVzBkPkFafmZ7HFItD7ydMRNdDxm5PkzdP9ew7M1Y442cWP JUgWqr4IxNChnWCSNEd5CuhQ1iiUXS46TKIAtcDKPtMiL8+qWmiJD+1UIV1lqAeN3vVaQE3TW HO6June8BPbJrh6ZBygM65Lp9QM5/qohktv2R4DPA92E/o1eBMhOV2WP/x0QTKBa4Y1VOH0bI FU0ekKA1p/n6IzzIRXQjTRyJ7MJ//dAgORGAoQnaOOtxnM+/bmEOxnSw7kooTZQXpCGpW9ns8 Fr9STk2dxbu2+mwUmEUgmq9+S6ycc3Je5akQAoiROeeRNuH6rSHm4CjLqk6KAlH4a7FQn6MlC usqDrTESFsXHkW1kh6Awipp0qAZnydrnZW9Styn2oYgA+z94tniN1Rnbnic/ZmriCgWCc/yB9 fz/ZtXMTQHm3nE5SlO9jrIEkwQvBAaBTzuxi8GLXFbenXfk5xbugo6MCp6roLeK4bSCiwQNSo HPGDRxM2TssCvOs0Z9R16BR43//4+Y8w11e8Kox3yniwguNThSpiWqV8zUgr6bLP9F+EoBbgW HHl2rZX3WKEIgTNq2k2kFsQEwOqoTvy9RhjoD1yjDATON8JgF1QwprhviWy1ur7f7ALx0ZAI0 KVAcLGXhwAwC4nEJvKs8E7DjCa6nC4qr+BgVUDIp8+UV01MCiSKfLxhMbDSi1Tu1pZ0KrzF8W AZ69A8GBWFfdyhR8AEjmfIDCMA7q0yBuxzj+4fJTz4SPcUM6jROruvDcPkE=
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/qWzKMLx5fN_WcRF5FpzTx9jul6g>
Subject: [OAUTH-WG] Conclusion ... was 2nd Call for Adoption: Authentication Method Reference Values
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 10:21:37 -0000

Hi all,

we would like to conclude this call for adoption.

Based on the feedback we would believe that this document should become
a working group document and thereby a starting point for further work.

We do, however, take the feedback from Mike Schwartz serious. He raises
a good point regarding the reliability of the conveyed values when
different algorithms, and different processes are used by those making
the assertions. This needs to be addressed as part of operational
considerations in a future version of the document.

We also believe that the introduction needs to be extended to explain
the envisioned use case/scenarios (or call them architecture) for those
who had not been involved in this work from the beginning.

Hannes & Derek

On 02/18/2016 02:09 PM, Hannes Tschofenig wrote:
> In response to my message to the list regarding the initial call for
> adoption of the Authentication Method Reference Values draft, see
> https://www.ietf.org/mail-archive/web/oauth/current/msg15694.html, Mike
> submitted an updated version of the document to take raised concerns
> into account. Several working group participants responded positively to
> the new version.
> We would therefore like to issue a 2nd call for adoption of the recently
> submitted version -05:
> https://tools.ietf.org/html/draft-jones-oauth-amr-values-05
> Please let us know by March 3rd whether you accept / object to the
> adoption of this document as a starting point for work in the OAuth
> working group.
> Ciao
> Hannes & Derek
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth