Re: [OAUTH-WG] Notes from 2nd "OAuth & Authentication" Conference Call

Thu, 16 Oct 2014 10:15:18 -0700 

About the write-up: at the end of the metaphor section it says:
"These recipes each add a number of items, such as a common profile API, to OAuth to create an authorization protocol." 

whereas I believe that should read "to create an authentication protocol"

Hans.

On 10/16/14, 6:54 PM, Hannes Tschofenig wrote:

Participants:

  * Brian Campbell
  * John Bradley
  * Derek Atkins
  * Phil Hunt
  * William Kim
  * Josh Mandel
  * Hannes Tschofenig


Notes:

Justin distributed a draft writeup and explained the reasoning behind
it. The intended purpose is to put the write-up (after enough review) on
oauth.net. See attachments. Justin solicited feedback from the
conference call participants and from the working group.

One discussion item was specifically related to the concept of audience
restrictions, which comes in two flavours: (a) restriction of the access
token regarding the resource server and (b) restriction of the id token
regarding the client. Obviously, it is necessary to have both of these
audience restrictions in place and to actually check them.

The group then went into a discussion about the use of pseudonyms in
authentication and the problems deployments ran into when they used
pseudonyms together with a wide range of attributes that identified
users nevertheless. Phil suggested to produce a write-up about this topic.

Finally, the group started a discussion about potential actions for the
OAuth working groups. Two activities were mentioned, namely to produce
an IETF draft of the write-up Justin has prepared as a "formal" response
to the problems with authentication using OAuth and, as a second topic,
potential re-chartering of the OAuth working group to work on some
solutions in this area. Hannes suggested to postpone these discussions
and to first finish the write-up Justin had distributed.

Ciao
Hannes & Derek



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



--
Hans Zandbelt              | Sr. Technical Architect
hzandb...@pingidentity.com | Ping Identity

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth






















					Reply via email to