Re: [OAUTH-WG] Call for agenda items
Dick Hardt <dick.hardt@gmail.com> Wed, 18 April 2018 14:15 UTC
Return-Path: <dick.hardt@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6480212D80F for <oauth@ietfa.amsl.com>; Wed, 18 Apr 2018 07:15:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.999
X-Spam-Level:
X-Spam-Status: No, score=-0.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhEh-vKaCw2e for <oauth@ietfa.amsl.com>; Wed, 18 Apr 2018 07:15:30 -0700 (PDT)
Received: from mail-pl0-x230.google.com (mail-pl0-x230.google.com [IPv6:2607:f8b0:400e:c01::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0921112D80E for <oauth@ietf.org>; Wed, 18 Apr 2018 07:15:30 -0700 (PDT)
Received: by mail-pl0-x230.google.com with SMTP id t22-v6so1204603plo.7 for <oauth@ietf.org>; Wed, 18 Apr 2018 07:15:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TqdeOH2K2f9No9wDpufqGcJPWHgV0XXwV60ylkpFcyI=; b=PZvmR7ehDXxLVxrpmph8OC4Q0X8Q0t7S26vz71E2mIw6TfEarksX+hi1Udx9KamudG UdEKtXbP0tIwKQCHMtwzDBpZKI5EG7IrCpzLaoI45NwmgucY4qcOfva6bCXi+s/8ukEo Y40keSMIATQz5l2Piyq8CF3hHh3C3MQn64bLW6iahZdHuV25TC3HMAoksh35bugALhDc x7dD+gntlUBcVQ4jkoCaeB8HjZD9tKW8Unxg8GCovibbnlYLZA6WhZ+RBIg7gr71685u vmuYAsPY3IbxaZ8kzmkDjAXUqlBfA67ueCLRlpfTjq9L1zTv4uLOan4Cd33qqeQQljp7 s9ow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TqdeOH2K2f9No9wDpufqGcJPWHgV0XXwV60ylkpFcyI=; b=NYkg/ZN9WquSE5IvU9fzR+ZHqIyd2jJPHqDPIlI4spfygBaGbB+e3UYx18g6Q0123P yOUnl+OBFIPi5xIG49ckMqzAiykhLgMUwOOUVj02clQ8cDx5PKxZYOBmeKLoWZIV12ni jROUXgpKlDYGC8wtfHLiydi5J4QblzMZ7Zm3j6ApUiKDUO3xdNeRNeE7V7hxHgzOwXoP R0oLqgMNUDAGQcpqnf2IcYAq8bcBZMt0b+q/DKrURdXbNDcO4sRlodmg5hTPVIy8OwmZ 4E1OtTye92F9Txr7hoxBXRy+QlrHFei5XQMj7GggeVzhATnCRhDnbFsvQXetrfimZ/fc hbOA==
X-Gm-Message-State: ALQs6tAkDjWmmfqhpvOZ7RMnaPoT8vMrNofmxbi2D66sUHHdd/nxfawt vErjOoq9zs3pBCZP+nJaF/uDBFfK/4KC4GTz67Q=
X-Google-Smtp-Source: AIpwx482WRLBVUCquSiMXcwU9oURCbzI5eIqMIxo8TamuF64cF62tbPlZMG7T+zwPunuB0XOT1+OGHOUvLWjLBGJw+U=
X-Received: by 2002:a17:902:bd41:: with SMTP id b1-v6mr2218339plx.302.1524060929338; Wed, 18 Apr 2018 07:15:29 -0700 (PDT)
MIME-Version: 1.0
References: <AM4PR0801MB270614990E501071CDB3A2F9FAE40@AM4PR0801MB2706.eurprd08.prod.outlook.com> <CAAP42hAy8iFHDa9hQxNMxytiWjf=MyrCDRzZ4MjvRq8xi0+Baw@mail.gmail.com> <CABzCy2DzJUL86MVTA9xL4Cpv4=ooZyZJ3N1QNS0QKvgr8DJHgA@mail.gmail.com> <CAGL6epLa0J0-JH8-cZX_WZ5Ztficz0_n+C9dOP80Gkbp_jvPFQ@mail.gmail.com> <CA+k3eCSVdUWu2Cz1N6tF_V1wVJS_+v8UudvWyosc9W6DLt9HkA@mail.gmail.com> <TY1PR01MB1054A105034F55F6B810D7C3F9D80@TY1PR01MB1054.jpnprd01.prod.outlook.com> <CAGL6epKe5rWdqCio9-feoMoNa11_H7s7HfHAM8GZ2r3gUhv02A@mail.gmail.com> <TY1PR01MB1054C1D6EBB6B6180E31F610F9DF0@TY1PR01MB1054.jpnprd01.prod.outlook.com> <CAD9ie-t+SH2Pc6iUCqJyzJeyMp2gjk1fm4kRRh2sOVjtUSsFBA@mail.gmail.com> <TY2PR01MB2297C4899D098F0B9341D84BF9B60@TY2PR01MB2297.jpnprd01.prod.outlook.com> <VI1PR0801MB2112BC38B8A4ADF9A8ABFC89FAB60@VI1PR0801MB2112.eurprd08.prod.outlook.com>
In-Reply-To: <VI1PR0801MB2112BC38B8A4ADF9A8ABFC89FAB60@VI1PR0801MB2112.eurprd08.prod.outlook.com>
From: Dick Hardt <dick.hardt@gmail.com>
Date: Wed, 18 Apr 2018 14:15:16 +0000
Message-ID: <CAD9ie-tfxcFLY16bKwyiGVN0_GJgNe6Qq-eVi5_Un9+3w31a4g@mail.gmail.com>
To: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: n-sakimura <n-sakimura@nri.co.jp>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004f3319056a2016aa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/w3NSJVwebHPQesakIe9YjfxjAxg>
Subject: Re: [OAUTH-WG] Call for agenda items
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2018 14:15:33 -0000
F2F side/author meeting at Montreal Ad hock author meeting call prior Unclear to me the value of a WG intern meeting On Wed, Apr 18, 2018 at 3:59 AM Hannes Tschofenig <Hannes.Tschofenig@arm.com> wrote: > Hey guys, > > > > I am trying to find out what you are planning here. > > > > Are you talking about scheduling a side meeting at the next IETF meeting > or a f2f meeting somewhere else? > > > > Rifaat and I had promised to schedule a conference call (virtual interim > meeting) about distributed OAuth and we are targeting May. While holding a > f2f interim meeting for OAuth is possible we have not discussed this so > far. > > > > Ciao > Hannes > > > > *From:* OAuth [mailto:oauth-bounces@ietf.org] *On Behalf Of *n-sakimura > *Sent:* 18 April 2018 07:34 > *To:* Dick Hardt; n-sakimura > *Cc:* oauth > > > *Subject:* Re: [OAUTH-WG] Call for agenda items > > > > I support the idea. Adding to it, perhaps we can do an ad-hoc before > Montreal so that we can come up with a combined draft. > > > > Nat Sakimura > > -- > > PLEASE READ: This e-mail is confidential and intended for the named > recipient only. If you are not an intended recipient, please notify the > sender and delete this e-mail. > > > > > > > > > ------------------------------ > > *差出人**:* Dick Hardt <dick.hardt@gmail.com> > *送信日時**:* 2018年4月18日 0:40:20 > *宛先**:* n-sakimura > *CC:* Rifaat Shekh-Yusef; oauth > *件名**:* Re: [OAUTH-WG] Call for agenda items > > > > ****************************************************************** > 本メールはフリーメールから届いています。標的型攻撃メールはフリーメ > ールから届くことがありますのでご注意ください。身に覚えのないメール > であれば添付ファイルやURLを開かず、以下に掲載されている手順に従っ > て対応をお願いします。 > > 共有情報>情報セキュリティトピックス>怪しいメールが届いたら > または、 > NRI Group Security Portal>情報セキュリティトピックス > >怪しいメールが届いたら > ****************************************************************** > > I'd like to coordinate a side meeting with Nat, Brian, myself and other > interested parties in Montreal to discuss Distributed OAuth. > > > > If we have two meetings, I'd like a timeslot in the second to summarize > the side meeting and discuss next steps (if any). > > > > Separately, I'd like a time slot for an update on Reciprocal OAuth. > > > > On Wed, Mar 7, 2018 at 5:52 PM, n-sakimura <n-sakimura@nri.co.jp> wrote: > > No, not really. I was thinking of more informal thing. The session is > supposed to be Wednesday afternoon, so I was thinking that it might be a > good idea to do a bit of recap among contributors to draw up a battle plan > towards IETF 102. > > > > Nat > > > > *From:* Rifaat Shekh-Yusef [mailto:rifaat.ietf@gmail.com] > *Sent:* Wednesday, March 07, 2018 9:22 PM > *To:* n-sakimura <n-sakimura@nri.co.jp> > *Cc:* Brian Campbell <bcampbell@pingidentity.com>; oauth <oauth@ietf.org> > > > *Subject:* Re: [OAUTH-WG] Call for agenda items > > > > Nat, > > > > Are you asking for an interim meeting? > > We could schedule the Distributed OAuth discussion for the Wednesday > meeting; that will give you guys sometime to discuss these face-to-face in > London. > > > > Regards, > > Rifaat > > > > > > > > On Wed, Mar 7, 2018 at 2:00 AM, n-sakimura <n-sakimura@nri.co.jp> wrote: > > Then let us do it. We need to put all the proposals on the table and > strategize the design. > > Perhaps we need a side meeting as well. > > > > nat > > > > *From:* OAuth [mailto:oauth-bounces@ietf.org] *On Behalf Of *Brian > Campbell > *Sent:* Wednesday, March 07, 2018 1:31 AM > *To:* Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> > *Cc:* oauth <oauth@ietf.org> > *Subject:* Re: [OAUTH-WG] Call for agenda items > > > > I hadn't previously been planning on it but am happy to do so. > > > > On Tue, Mar 6, 2018 at 8:22 AM, Rifaat Shekh-Yusef <rifaat.ietf@gmail.com> > wrote: > > Nat, > > > > During the interim meeting, 3 drafts mentioned in the context of *Distributed > OAuth*: > > > > https://tools.ietf.org/html/draft-sakimura-oauth-meta-08 > <https://tools.ietf..org/html/draft-sakimura-oauth-meta-08> > > https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02 > <https://tools.ietf..org/html/draft-campbell-oauth-resource-indicators-02> > > https://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 > <https://tools.ietf..org/html/draft-tschofenig-oauth-audience-00> > > > > > > *Brian, Hannes,* > > > > Are you planning on presenting your documents? > > > > Regards, > > Rifaat > > > > > > > > > > > > > > On Mon, Mar 5, 2018 at 8:09 PM, Nat Sakimura <sakimura@gmail.com> wrote: > > I would be interested in hearing that. > > > > Also, as part of "Distributed OAuth", can we do a bit of re-cap on some of > the previous drafts on the similar topic as we discussed in the interim? > i.e., Brian's draft (where is the link now?) and my draft ( > draft-sakimura-oauth-meta > <https://tools.ietf.org/id/draft-sakimura-oauth-meta-08.txt>)? > > > > Best, > > > > Nat > > > > On Tue, Mar 6, 2018 at 3:30 AM William Denniss <wdenniss@google.com> > wrote: > > Hannes & Rifaat, > > > I would like the opportunity to present on OAuth 2.0 Incremental > Authorization (draft-wdenniss-oauth-incremental-auth) [an update for which > will be posted today] and "OAuth 2.0 Device Posture Signals" > (draft-wdenniss-oauth-device-posture). > > > > I can also give an update on the status of Device Flow > (draft-ietf-oauth-device-flow). I expect that to be short now that WGLC has > concluded and the document has advanced. > > > > Little late to this thread and I see we already have 2 sessions in the > draft agenda, but I'd like to add my support to keeping both sessions, > there's always a lot to discuss and in the past we've been able to use any > spare time to discuss the security topics of the day. > > > > Regards, > > William > > > > > > > > On Tue, Jan 30, 2018 at 4:40 AM Hannes Tschofenig < > Hannes.Tschofenig@arm.com> wrote: > > Hi all, > > > > It is time already to think about the agenda for the next IETF meeting. > Rifaat and I were wondering whether we need one or two sessions. We would > like to make the decision based on the topics we will discuss. Below you > can find a first version of the agenda with a few remarks. Let us know if > you have comments or suggestions for additional agenda items. > > > > Ciao > Hannes & Rifaat > > > > OAuth Agenda > > ------------ > > > > - Welcome and Status Update (Chairs) > > > > * OAuth Security Workshop Report > > > > * Documents in IESG processing > > # draft-ietf-oauth-device-flow-07 > > # draft-ietf-oauth-discovery-08 > > # draft-ietf-oauth-jwsreq-15 > > # draft-ietf-oauth-token-exchange-11 > > > > Remark: Status updates only if needed. > > > > - JSON Web Token Best Current Practices > > # draft-ietf-oauth-jwt-bcp-00 > > > > Remark: We are lacking reviews on this document. > > Most likely we will not get them during the f2f meeting > > but rather by reaching out to individuals ahead of time. > > > > - OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access > Tokens > > # draft-ietf-oauth-mtls-06 > > > > Remark: Could be completed by the time of the IETF meeting. > > > > - OAuth Security Topics > > # draft-ietf-oauth-security-topics-04 > > > > Remark: We could do a consensus call on parts of the document soon. > > > > - OAuth 2.0 Token Binding > > # draft-ietf-oauth-token-binding-05 > > > > Remark: Document is moving along but we are lacking implementations. > > > > - OAuth 2.0 Device Posture Signals > > # draft-wdenniss-oauth-device-posture-01 > > > > Remark: Interest in the work but we are lacking content (maybe even > > expertise in the group) > > > > - Reciprocal OAuth > > # draft-hardt-oauth-mutual-02 > > > > Remark: We had a virtual interim meeting on this topic and there is > > interest in this work and apparently no competing solutions. The plan > > is to run a call for adoption once we are allowed to add a new milestone > > to our charter. > > > > - Distributed OAuth > > # draft-hardt-oauth-distributed-00 > > > > Remark: We had a virtual interim meeting on this topic and there is > > interest in this work. Further work on the scope is needed. > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > -- > > Nat Sakimura > > Chairman of the Board, OpenID Foundation > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > > > *CONFIDENTIALITY NOTICE: This email may contain confidential and > privileged material for the sole use of the intended recipient(s). Any > review, use, distribution or disclosure by others is strictly prohibited. > If you have received this communication in error, please notify the sender > immediately by e-mail and delete the message and any file attachments from > your computer. Thank you.* > > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. >
- [OAUTH-WG] Call for agenda items Hannes Tschofenig
- Re: [OAUTH-WG] Call for agenda items William Denniss
- Re: [OAUTH-WG] Call for agenda items Mike Jones
- Re: [OAUTH-WG] Call for agenda items Nat Sakimura
- Re: [OAUTH-WG] Call for agenda items Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Call for agenda items Hannes Tschofenig
- Re: [OAUTH-WG] Call for agenda items Brian Campbell
- Re: [OAUTH-WG] Call for agenda items n-sakimura
- Re: [OAUTH-WG] Call for agenda items Rifaat Shekh-Yusef
- Re: [OAUTH-WG] Call for agenda items n-sakimura
- Re: [OAUTH-WG] Call for agenda items Dick Hardt
- Re: [OAUTH-WG] Call for agenda items n-sakimura
- Re: [OAUTH-WG] Call for agenda items Dick Hardt
- Re: [OAUTH-WG] Call for agenda items Hannes Tschofenig
- Re: [OAUTH-WG] Call for agenda items Dick Hardt
- Re: [OAUTH-WG] Call for agenda items Hannes Tschofenig
- Re: [OAUTH-WG] Call for agenda items Dick Hardt
- Re: [OAUTH-WG] Call for agenda items Hannes Tschofenig
- Re: [OAUTH-WG] Call for agenda items Dick Hardt