Re: [OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized

John Bradley <ve7jtb@ve7jtb.com> Fri, 05 February 2016 16:13 UTC

Return-Path: <ve7jtb@ve7jtb.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC21D1B3ADF for <oauth@ietfa.amsl.com>; Fri, 5 Feb 2016 08:13:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jJEG_-ef91tG for <oauth@ietfa.amsl.com>; Fri, 5 Feb 2016 08:13:43 -0800 (PST)
Received: from mail-qg0-x22d.google.com (mail-qg0-x22d.google.com [IPv6:2607:f8b0:400d:c04::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 223531B3AD8 for <oauth@ietf.org>; Fri, 5 Feb 2016 08:13:42 -0800 (PST)
Received: by mail-qg0-x22d.google.com with SMTP id b35so70801786qge.0 for <oauth@ietf.org>; Fri, 05 Feb 2016 08:13:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ve7jtb-com.20150623.gappssmtp.com; s=20150623; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=hLfP22GllCD1Kuq5/Vnic20v743Tp7WWUgEde54jfkE=; b=PAPjjMULXKwMfxmAGhJoT1o5FUvOM5QEcs12bYsweFb/qlB4ROBSumO7m2iKAXsbpY R7VfGhPrloeb/B5oe3+ZeO6xh/HgcREQBWiKCfimcY50fj7sy1d/zTv0IX34fMij8s8u iJCVV4pviPoH4Nh47Xc9VGoku8bFtsFjW4EJBn0Ju177BiKUmN8Kidzqg3GUIExhRKK1 o6vDNPgAbjQ1zd33+s4z+ktef3oFCjvt0kf3n2U4Su38Rz9q8/b1MmuSnrg0+FQrtanl oxyH6l3IWh/vOCnCDe+Q7pkAqajHB1zZhCjY0YWUWsyY1PNwXH6K7cDjkbYE4wxChQAp NltQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:message-id:references:to; bh=hLfP22GllCD1Kuq5/Vnic20v743Tp7WWUgEde54jfkE=; b=FEBe2SrceaLhM3KmhvSh1RqVOC0z4I5w6Xg6sbxVtkzhprgSU7dwbCB0TOq9wQU2vb CXzz/idbnvM0lSC9ORHh9TjsGxTLtlftYi372lbUAPGtYrVJ65sMZBdEiR5uLyrBog9V IZvrsxmcApPzAW2JT2rTeu4CapthnTAzixNrYjZJLax21GzVFvNADQtbq9A3LWoIZII+ LvmpDkp1IfGUVGXNWMJitMuKXKMEZ6D65meL7v1l8e9aluDAcqc89csRlzbkD2chA2nU vqIeEuCKEHa7YxrbrYPwmrAYmLtMNcUgSqtYAgjs+py+dLCXZ2uigET+3LedjrOPwClb SjWg==
X-Gm-Message-State: AG10YOTOiW2jfyVvLa2qgm340TNSEX79hHpTGACHWjN/UdHd9aJhDXCFW0DyOrIkxkQCZA==
X-Received: by 10.140.93.65 with SMTP id c59mr8430568qge.101.1454688822057; Fri, 05 Feb 2016 08:13:42 -0800 (PST)
Received: from [192.168.8.100] ([181.202.92.39]) by smtp.gmail.com with ESMTPSA id e34sm8103477qga.4.2016.02.05.08.13.40 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 05 Feb 2016 08:13:41 -0800 (PST)
Content-Type: multipart/alternative; boundary="Apple-Mail=_0A44E740-759B-4FDF-9B63-D01178289306"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: John Bradley <ve7jtb@ve7jtb.com>
In-Reply-To: <CAOahYUxSMopc0hoXG8ocMk+p1b__NqapuztuHiWchpYRQqvP2w@mail.gmail.com>
Date: Fri, 5 Feb 2016 13:13:37 -0300
Message-Id: <9DC45CB4-07D8-4F17-8311-02AD60521379@ve7jtb.com>
References: <56B3A400.2080606@gmx.net> <62D1E1DB-17A4-4ABD-81F3-8659F40D7E88@mit.edu> <CAOahYUxSMopc0hoXG8ocMk+p1b__NqapuztuHiWchpYRQqvP2w@mail.gmail.com>
To: Adam Lewis <adam.lewis@motorolasolutions.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/vOGjkg6F7Yy1H6yrrPfGQt6T8co>
Cc: "<oauth@ietf.org>" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 2.0 for Native Apps: Call for Adoption Finalized
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2016 16:13:45 -0000

The chairs approved this as a working group document.

The initial version I posted is marked as an intended status as a "Best Current Practice”

The advantage of a BCP is that it can be updated to include new information as things change.

The spec has no extensions to OAuth 2 or MUST’s to profile it.  

Like the TLS BCP it provides implementation advice for developers to safely use the “Standards Track” specifications.

If that is the wrong intended Category it can be changed by the WG chairs at any time.

Thanks for supporting the document.  I hope that we can expand it with more specific advice for developers on native platforms
beyond just iOS and Android.   However what we can do will depend on people with experience in other platforms contributing.

Regards
John B.


> On Feb 5, 2016, at 12:10 PM, Adam Lewis <adam.lewis@motorolasolutions.com> wrote:
> 
> +1 that it should be Informational.
> 
> Also, I never got to respond to the original request, but I am heavily in favor of this draft. I talk with a lot of native app developers who are clueless about how to implement OAuth.  The core RFC is very web app oriented.  I look forward to having a more profiled RFC to point them to :-)
> 
> adam
> 
> On Thu, Feb 4, 2016 at 7:13 PM, Justin Richer <jricher@mit.edu <mailto:jricher@mit.edu>> wrote:
> I’d like to note that when Tony brought up it being Experimental on the list, several of us (myself included) pointed out that Informational is the correct designation for this specification.
> 
>  — Justin
> 
> > On Feb 4, 2016, at 2:18 PM, Hannes Tschofenig <hannes.tschofenig@gmx.net <mailto:hannes.tschofenig@gmx.net>> wrote:
> >
> > Hi all,
> >
> > On January 19th I posted a call for adoption of the OAuth 2.0 for Native
> > Apps specification, see
> > http://www.ietf.org/mail-archive/web/oauth/current/msg15400.html <http://www.ietf.org/mail-archive/web/oauth/current/msg15400.html>
> >
> > There was very positive feedback during the Yokohama IETF meeting to
> > work on this document in the OAuth working group. More than 10 persons
> > responded positively to the call on the mailing list as well.
> >
> > Several persons provided additional input for content changes during the
> > call and here are the relevant links:
> > http://www.ietf.org/mail-archive/web/oauth/current/msg15434.html <http://www.ietf.org/mail-archive/web/oauth/current/msg15434.html>
> > http://www.ietf.org/mail-archive/web/oauth/current/msg15435.html <http://www.ietf.org/mail-archive/web/oauth/current/msg15435.html>
> > http://www.ietf.org/mail-archive/web/oauth/current/msg15438.html <http://www.ietf.org/mail-archive/web/oauth/current/msg15438.html>
> >
> > Tony also noted that this document should become an Experimental RFC
> > rather than a Standards Track RFC. The chairs will consult with the
> > Security Area directors on this issue.
> >
> > To conclude, based on the call <draft-wdenniss-oauth-native-apps> will
> > become the starting point for work in OAuth. Please submit the document
> > as draft-ietf-oauth-native-apps-00.txt.
> >
> > Ciao
> > Hannes & Derek
> >
> >
> >
> > _______________________________________________
> > OAuth mailing list
> > OAuth@ietf.org <mailto:OAuth@ietf.org>
> > https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org <mailto:OAuth@ietf.org>
> https://www.ietf.org/mailman/listinfo/oauth <https://www.ietf.org/mailman/listinfo/oauth>
> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth