[saag] OAUTH Report for IETF-83

Derek Atkins <derek@ihtfp.com> Thu, 29 March 2012 15:27 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9846A21E8209; Thu, 29 Mar 2012 08:27:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.988
X-Spam-Level:
X-Spam-Status: No, score=-101.988 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nmo4hIrIT4Hc; Thu, 29 Mar 2012 08:27:13 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) by ietfa.amsl.com (Postfix) with ESMTP id D7EEA21E8204; Thu, 29 Mar 2012 08:27:12 -0700 (PDT)
Received: from mocana.ihtfp.org (dhcp-5279.meeting.ietf.org [130.129.82.121]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (not verified)) by mail2.ihtfp.org (Postfix) with ESMTPS id C1638260268; Thu, 29 Mar 2012 11:27:11 -0400 (EDT)
Received: (from warlord@localhost) by mocana.ihtfp.org (8.14.5/8.14.5/Submit) id q2TFR6tE012061; Thu, 29 Mar 2012 11:27:06 -0400
From: Derek Atkins <derek@ihtfp.com>
To: saag@ietf.org, oauth@ietf.org
Date: Thu, 29 Mar 2012 11:27:03 -0400
Message-ID: <sjmk423bf7c.fsf@mocana.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Subject: [saag] OAUTH Report for IETF-83
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Mar 2012 15:27:13 -0000

Hi,

OAUTH met earlier this afternoon in Afternoon Session I at 13h00 for a
two hour session.  After introducing ourselves and welcoming me to the
working group we thanked Barry and Blaine for their service.

Torsten spoke about draft-ietf-oauth-v2-threatmodel.  This document has
completed WG Last Call.  Torsten has applied changes based on the Last
Call Comments and has published a new revision.  Barry promised to
finish his PROTO Shepard review next week so we can send this document
to the IESG.  He promises to take Mike Thomas' issues from the list into
account and make sure that everyone is happy.

[ I'd like to extend a personal thank you to Barry for continuing his role
  as document shephard for this draft.  -- derek ]

Next, Mike Jones spoke about the Assertions, SAML2 Bearer, and
URN-Sub-NS drafts.  Except for one outstanding issue Mike believes these
documents are ready for WGLC.  Consensus in the room was to take these
three docs to WGLC, which the chairs will do by the end of next week.

The MAC Token draft has languished while time was spent working on the
core document.  Eran was not here, nor was he online, to talk about the
status of the MAC Token draft.  There were only a few people in the room
interested in reviewing the draft, which was not a clear consensus of
interest, even though this document does solve a problem that the bearer
tokens cannot.  The chairs will take it to the list to evaluate if there
is enough interest to continue with this document.

In a related note, this document (as well as the v2-bearer document) is
not available off the tools page even though it has not expired.  I have
taken the action item to get that sorted out.

Finally, we spent the majority of our time talking about rechartering
based on the proposed charter sent to the list by Hannes a week or two
ago.  Consensus of the room was that there was enough interest to
recharter based roughly on the proposed charter.  There was also
consensus to include Simple Web Discovery (in addition to, and separate
from, Dynamic Client Registration), although we will need to work with
the ADs to make sure it gets handled in the appropriate WG and Area.
Moreover, it's important to make sure the appropriate applications area
participants get involved in the SWD work.

Hannes and I will revise the proposed charter and send it out to the WG
for additional comments and feedback.  Our goal is to send it to the
IESG for approval on their April 26th telechat.  This would hopefully
result in approval on the May 10th chat, after public comment.

We finished the meeting at 14h30.

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant