Re: [OAUTH-WG] AD review of -22
Justin Richer <jricher@mitre.org> Wed, 02 November 2011 20:27 UTC
Return-Path: <jricher@mitre.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6E681F0CCD for <oauth@ietfa.amsl.com>; Wed, 2 Nov 2011 13:27:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CkbWc0fUQHM9 for <oauth@ietfa.amsl.com>; Wed, 2 Nov 2011 13:27:52 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id C36271F0CCC for <oauth@ietf.org>; Wed, 2 Nov 2011 13:27:52 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 25D1521B0B99; Wed, 2 Nov 2011 16:27:52 -0400 (EDT)
Received: from IMCCAS01.MITRE.ORG (imccas01.mitre.org [129.83.29.78]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 1F33921B012A; Wed, 2 Nov 2011 16:27:52 -0400 (EDT)
Received: from [129.83.50.1] (129.83.31.55) by IMCCAS01.MITRE.ORG (129.83.29.78) with Microsoft SMTP Server (TLS) id 14.1.339.1; Wed, 2 Nov 2011 16:27:51 -0400
Message-ID: <1320265663.15549.13.camel@ground>
From: Justin Richer <jricher@mitre.org>
To: Phil Hunt <phil.hunt@oracle.com>
Date: Wed, 02 Nov 2011 16:27:43 -0400
In-Reply-To: <91476515-F5FF-49B6-B44A-55E5B48D7632@oracle.com>
References: <4E971C36.7050000@cs.tcd.ie> <4EB19DD1.6050904@lodderstedt.net> <5E3E5DFE-C122-4D89-9578-61A6C16EBD76@ve7jtb.com> <91476515-F5FF-49B6-B44A-55E5B48D7632@oracle.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.2.1-
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] AD review of -22
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 20:27:53 -0000
+1 Leave the current text as is, keep this part of OAuth token-type agnostic. -- Justin On Wed, 2011-11-02 at 13:18 -0700, Phil Hunt wrote: > +1 > > > Phil > > > @independentid > www.independentid.com > phil.hunt@oracle.com > > > > > > > > > On 2011-11-02, at 1:06 PM, John Bradley wrote: > > > +1 > > On 2011-11-02, at 4:45 PM, Torsten Lodderstedt wrote: > > > > > Hi Stephen, > > > > > > I'm concerned about your proposal (7) to make support for MAC a > > > MUST for clients and BEARER a MAY only. In my opinion, this does > > > not reflect the group's consensus. Beside this, the security > > > threat analysis justifies usage of BEARER for nearly all use cases > > > as long as HTTPS (incl. server authentication) can be utilized. > > > regards, > > > Torsten. > > > > > > Am 13.10.2011 19:13, schrieb Stephen Farrell: > > > > > > > > Hi all, > > > > > > > > Sorry for having been quite slow with this, but I had a bunch > > > > of travel recently. > > > > > > > > Anyway, my AD comments on -22 are attached. I think that the > > > > first list has the ones that need some change before we push > > > > this out for IETF LC, there might or might not be something > > > > to change as a result of the 2nd list of questions and the > > > > rest are really nits can be handled either now or later. > > > > > > > > Thanks for all your work on this so far - its nearly there > > > > IMO and we should be able to get the IETF LC started once > > > > these few things are dealt with. > > > > > > > > Cheers, > > > > S. > > > > > > > > > > > > > > > > _______________________________________________ > > > > OAuth mailing list > > > > OAuth@ietf.org > > > > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > > > OAuth mailing list > > > OAuth@ietf.org > > > https://www.ietf.org/mailman/listinfo/oauth > > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] AD review of -22 Stephen Farrell
- Re: [OAUTH-WG] AD review of -22 Eran Hammer-Lahav
- Re: [OAUTH-WG] AD review of -22 Torsten Lodderstedt
- Re: [OAUTH-WG] AD review of -22 John Bradley
- Re: [OAUTH-WG] AD review of -22 Eran Hammer-Lahav
- Re: [OAUTH-WG] AD review of -22 Phil Hunt
- Re: [OAUTH-WG] AD review of -22 Justin Richer
- Re: [OAUTH-WG] AD review of -22 Stephen Farrell
- Re: [OAUTH-WG] AD review of -22 Mike Jones
- Re: [OAUTH-WG] AD review of -22 Stephen Farrell
- Re: [OAUTH-WG] AD review of -22 John Bradley
- Re: [OAUTH-WG] AD review of -22 Phillip Hunt
- Re: [OAUTH-WG] AD review of -22 Stephen Farrell
- Re: [OAUTH-WG] AD review of -22 Torsten Lodderstedt
- Re: [OAUTH-WG] AD review of -22 Eran Hammer-Lahav
- Re: [OAUTH-WG] AD review of -22 John Bradley
- Re: [OAUTH-WG] AD review of -22 André DeMarre
- Re: [OAUTH-WG] AD review of -22 William Mills
- Re: [OAUTH-WG] AD review of -22 Justin Richer
- Re: [OAUTH-WG] AD review of -22 Eran Hammer-Lahav
- Re: [OAUTH-WG] AD review of -22 Phil Hunt
- Re: [OAUTH-WG] AD review of -22 Michael Thomas
- Re: [OAUTH-WG] AD review of -22 William Mills