[OAUTH-WG] Distributed OAuth interim meeting summary

Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> Tue, 16 January 2018 16:07 UTC

Return-Path: <rifaat.ietf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4CB512D7E2 for <oauth@ietfa.amsl.com>; Tue, 16 Jan 2018 08:07:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.689
X-Spam-Level:
X-Spam-Status: No, score=-2.689 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_FREEMAIL_DOC_PDF=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 21TbjWl1G2dZ for <oauth@ietfa.amsl.com>; Tue, 16 Jan 2018 08:07:53 -0800 (PST)
Received: from mail-vk0-x231.google.com (mail-vk0-x231.google.com [IPv6:2607:f8b0:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7FE1D1204DA for <oauth@ietf.org>; Tue, 16 Jan 2018 08:07:52 -0800 (PST)
Received: by mail-vk0-x231.google.com with SMTP id w75so9670813vkd.7 for <oauth@ietf.org>; Tue, 16 Jan 2018 08:07:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=WEQLcvMOVwE3izHP/eFiRwx4eOuv5C6ohKYlLGfCx/0=; b=tex9cm+yG42IDSV/ddq7YjJL0vWC1InJ1GLkVfP9RwUujNbJExzY+WlM/kB7ffjOX6 Yy1TGaF3bPqBuSYngIAKF7F/LEksWrPuJjRJc+E1bo4QngOTLNIBywEbhKisUMRGmhCY MlYv/fpMvPz2OFjXzp2Vje811/AfufuX+MZSRp8D1eCB1Ve05GQyNjSV0E/qGzBJs2YS 0LWgBDrL2B1m4EC/7ATCRarQeWSfYzrtMYzsbd9zfuieEgSo5FNeH7dkIWThaiCX3QWZ 0s5EOb+WsS70BeWKvYFFWTRItePyE2A6HMH1AWYIGcgEKwC5sXewd8JMnuyK16/M7HkF 9J0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=WEQLcvMOVwE3izHP/eFiRwx4eOuv5C6ohKYlLGfCx/0=; b=V/lkDSiOwii/JRVOjTUXoXBRIHT794tcXhCmi7Em/D9JO3TuvUyDJTt4Xlhe5UDGME qgIPGVoCZttQrZdyu5AutWjB+YzMANegLwJn5+c06DW/GMJO1PX0DCmujx71PD/LVLY9 McP2zbj6iUtb69/9q36/6yZi4LKkyz5f1UFK68eK49gERlbtql8ALI2pGwvMzLDt2B0/ zqqAoTQTnqigSbgGrWHCa5ptPCx+2809A9fbNdmxpqfaVwOwzLDpZ/qASEhDRrruUW2C njUVuNSBtLQ3A06x/MbCNRGwTHGyOFZYgKBUhj4vwz9aNJuKLbbdn2J1RNKIOWJJikD8 2ucg==
X-Gm-Message-State: AKwxyte4sJ+G2f8abqDxwAS0fWH2NZ8fD2yqjybAan3zJnGGkxBPLhZ1 cgdSsLWxWalZdWLfVFFf9WmDgEmxe2/uN99esVqFdQ==
X-Google-Smtp-Source: ACJfBotJ6xHgdpvAPEX0MJSeiu77wannvNxYSLboNO3eOIqOw91OYlkwMOXkYOCInQq/YjvDp3U4Brb6FX/iOIL/koI=
X-Received: by 10.31.184.139 with SMTP id i133mr19625816vkf.6.1516118871044; Tue, 16 Jan 2018 08:07:51 -0800 (PST)
MIME-Version: 1.0
Received: by 10.176.32.70 with HTTP; Tue, 16 Jan 2018 08:07:49 -0800 (PST)
From: Rifaat Shekh-Yusef <rifaat.ietf@gmail.com>
Date: Tue, 16 Jan 2018 11:07:49 -0500
Message-ID: <CAGL6epKk1a_4POp2rBmDuC5uWq6nLKeorzbd5E990iULbaUwcQ@mail.gmail.com>
To: oauth <oauth@ietf.org>
Content-Type: multipart/mixed; boundary="001a11441be6bfe7020562e6ee56"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/uLgIruL0F0lG_ULwVSea32MoPuM>
Subject: [OAUTH-WG] Distributed OAuth interim meeting summary
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jan 2018 16:07:57 -0000

Dick presented the attached Distributed OAuth slides, which is the same
slides he presented
during the IETF meeting in Singapore.

Eve presented the attached UMA slides, which seems to have a wider scope
that covers
Federation of AS servers, but shares some of what is in the Distributed
OAuth draft.


The team then discussed the scope of the authorization: *host level* vs
*granular*.

It seems that there is a disagreement on the proper authorization scope,
and that
there are few other documents that discuss this same idea that need to be
taken
into considerations:

* OAuth Response Metadata
https://tools.ietf.org/html/draft-sakimura-oauth-meta-08
* Resource Indicators for OAuth 2.0
https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02
* OAuth 2.0: Audience Information
https://tools.ietf.org/html/draft-tschofenig-oauth-audience-00


The decision is to continue the discussion on the mailing list, and take
into considerations the
UMA solution and the above drafts.

We might schedule another interim meeting to continue that discussion to
try to come to a decision on the way forward before London.

Regards,
 Rifaat