IETF Logo Mail Archive

Re: [OAUTH-WG] Next steps on the OAuth Assertion Drafts

Mike Jones <Michael.Jones@microsoft.com> Thu, 19 September 2013 14:49 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF21021F9371 for <oauth@ietfa.amsl.com>; Thu, 19 Sep 2013 07:49:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.001, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aXiroIQEMYAk for <oauth@ietfa.amsl.com>; Thu, 19 Sep 2013 07:49:51 -0700 (PDT)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2lp0207.outbound.protection.outlook.com [207.46.163.207]) by ietfa.amsl.com (Postfix) with ESMTP id 825B321F938E for <oauth@ietf.org>; Thu, 19 Sep 2013 07:49:51 -0700 (PDT)
Received: from BLUPR03CA032.namprd03.prod.outlook.com (10.141.30.25) by BLUPR03MB034.namprd03.prod.outlook.com (10.255.209.146) with Microsoft SMTP Server (TLS) id 15.0.775.9; Thu, 19 Sep 2013 14:49:49 +0000
Received: from BY2FFO11FD003.protection.gbl (2a01:111:f400:7c0c::198) by BLUPR03CA032.outlook.office365.com (2a01:111:e400:879::25) with Microsoft SMTP Server (TLS) id 15.0.775.9 via Frontend Transport; Thu, 19 Sep 2013 14:49:49 +0000
Received: from mail.microsoft.com (131.107.125.37) by BY2FFO11FD003.mail.protection.outlook.com (10.1.14.125) with Microsoft SMTP Server (TLS) id 15.0.775.5 via Frontend Transport; Thu, 19 Sep 2013 14:49:48 +0000
Received: from TK5EX14MBXC290.redmond.corp.microsoft.com ([169.254.1.39]) by TK5EX14HUBC101.redmond.corp.microsoft.com ([157.54.7.153]) with mapi id 14.03.0136.001; Thu, 19 Sep 2013 14:48:39 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Brian Campbell <bcampbell@pingidentity.com>, "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
Thread-Topic: [OAUTH-WG] Next steps on the OAuth Assertion Drafts
Thread-Index: Ac6uKyKB5V+iuMO1SeCJM7UwusBI5AAKcJUAAbuZleA=
Date: Thu, 19 Sep 2013 14:48:39 +0000
Message-ID: <4E1F6AAD24975D4BA5B168042967394371FEB121@TK5EX14MBXC290.redmond.corp.microsoft.com>
References: <1373E8CE237FCC43BCA36C6558612D2AA33964@USCHMBX001.nsn-intra.net> <CA+k3eCTGK3iyboVbVWFYcNUMVcKTHJCXoOvY6UoHyjD8JLb8FQ@mail.gmail.com>
In-Reply-To: <CA+k3eCTGK3iyboVbVWFYcNUMVcKTHJCXoOvY6UoHyjD8JLb8FQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.54.51.32]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Forefront-Antispam-Report: CIP:131.107.125.37; CTRY:US; IPV:CAL; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(51704005)(377454003)(53754006)(164054003)(24454002)(13464003)(199002)(189002)(74662001)(69226001)(47446002)(81342001)(31966008)(79102001)(74502001)(53806001)(76482001)(50986001)(66066001)(6806004)(80022001)(51856001)(4396001)(44976005)(33656001)(77982001)(49866001)(46102001)(47976001)(47776003)(47736001)(19580395003)(56816003)(83072001)(83322001)(54316002)(74366001)(74876001)(74706001)(80976001)(59766001)(20776003)(15975445006)(56776001)(55846006)(63696002)(76786001)(81542001)(76796001)(50466002)(19580405001)(23756003)(77096001)(65816001)(81816001)(81686001)(54356001); DIR:OUT; SFP:; SCL:1; SRVR:BLUPR03MB034; H:mail.microsoft.com; CLIP:131.107.125.37; FPR:; RD:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 09749A275C
X-OriginatorOrg: DuplicateDomain-a84fc36a-4ed7-4e57-ab1c-3e967bcbad48.microsoft.com
Cc: "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Next steps on the OAuth Assertion Drafts
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2013 14:49:56 -0000

I also think that the text is already there and these specs are ready to progress as-is.  If anyone disagrees, please let us know what text needs to be changed or added.

				-- Mike

-----Original Message-----
From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Brian Campbell
Sent: Tuesday, September 10, 2013 11:38 AM
To: Tschofenig, Hannes (NSN - FI/Espoo)
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Next steps on the OAuth Assertion Drafts

Regarding the second item about additional SAML related text - such text already exists in the document in §5 [quoted and linked below].
It's unclear to me what else is being asked for here?

I'd like to request that some specific and concrete text be proposed, if anyone believes the current wording is insufficient.


from tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-17#section-5
"5.  Interoperability Considerations

   Agreement between system entities regarding identifiers, keys, and
   endpoints is required in order to achieve interoperable deployments
   of this profile.  Specific items that require agreement are as
   follows: values for the issuer and audience identifiers, the location
   of the token endpoint, and the key used to apply and verify the
   digital signature over the assertion.  The exchange of such
   information is explicitly out of scope for this specification and
   typical deployment of it will be done alongside existing SAML Web SSO
   deployments that have already established a means of exchanging such
   information.  Metadata for the OASIS Security Assertion Markup
   Language (SAML) V2.0 [OASIS.saml-metadata-2.0-os] is one common
   method of exchanging SAML related information about system entities."

Thanks,
Brian

On Tue, Sep 10, 2013 at 8:26 AM, Tschofenig, Hannes (NSN - FI/Espoo) <hannes.tschofenig@nsn.com> wrote:
> Hi all,
>
> I am trying to wrap up the assertion documents and I took a look at the meeting minutes from the Berlin IETF meeting and the actions are as follows:
>
> ** John & Torsten: Please post your document review to the list.
>
> ** Authors of draft-ietf-oauth-saml2-bearer: Please provide the additional SAML related text (as discussed during the meeting) and submit an updated document.
>
> Ciao
> Hannes
>
> ------- copy from the minutes --------
>
> * Assertions (BC)
>  https://datatracker.ietf.org/doc/draft-ietf-oauth-assertions/
>  https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/
>  https://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/
>
>     - WGLC ends by 8/8
>     - BL on WGLC comments: talked to MJ about how to achieve interop.
>     - BL: describe how you could combine specifications to make at least one interoperable specification
>     - MJ: profiles exists for both SAML and OpenIDC. those are not IETF specifications though
>     - BL: ok to point to external doc from either of the I-Ds in question
>     - MJ: very achievable
>     - BL: all should go to the IESG at the same time to establish context
>     - PHO: is this for the IESG benefit or for future developers
>     - BL: the latter
>     - PHO: talk to Heather Flanagan or the IANA - they have talked about having long-term access to external documents
>     - BL: ok will consider that - or we can copy text into WG wiki
>     - BC: interop does not require external profiles actually
>     - TL: same experience at DT with the JSON-based assertion format - no addl profiles are needed
>     - MJ: a SAML deployment needs agreement on certain SAML-specific conventions - this is what BL is referring to
>     - BC: right
>     - TN: so just refer to the SAML specs
>     - BL: maybe enough
>     - JB and TL volunteered to make a review.
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email