from:"Nichole Richardson"

Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 9

2012-11-09 Thread Nichole Richardson

help

On November 8, 2012 12:00:32 PM PST, oauth-requ...@ietf.org wrote:
> If you have received this digest without all the individual message
> attachments you will need to update your digest options in your list
> subscription.  To do so, go to 
> 
> https://www.ietf.org/mailman/listinfo/oauth
> 
> Click the 'Unsubscribe or edit options' button, log in, and set "Get
> MIME or Plain Text Digests?" to MIME.  You can set this option
> globally for all the list digests you receive at this point.
> 
> 
> 
> Send OAuth mailing list submissions to
>   oauth@ietf.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>   https://www.ietf.org/mailman/listinfo/oauth
> or, via email, send a message with subject or body 'help' to
>   oauth-requ...@ietf.org
> 
> You can reach the person managing the list at
>   oauth-ow...@ietf.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OAuth digest..."
> 
> 
> Today's Topics:
> 
>1. bag-of-keys metadata UC for the "mac" discussion (Leif Johansson)
>2. Re: [Openid-specs-ab] I-D Action:
>   draft-ietf-oauth-dyn-reg-01.txt (John Bradley)
> 
> 
> --
> 
> Message: 1
> Date: Thu, 08 Nov 2012 17:01:58 +0100
> From: Leif Johansson 
> To: oauth@ietf.org
> Subject: [OAUTH-WG] bag-of-keys metadata UC for the "mac" discussion
> Message-ID: <509bd776.3090...@mnt.se>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> I promised to send a UC to the list as input to the discussion around new
> token formats.
> 
> ---
> 
> Several large-scale deployments of public-key use a "bag-of-keys" model
> for key management: you stick endpoint information together with public
> keys for those endpoints in a signable container which is then signed with
> a private key associated with some "trust provider" an distributed to all
> entities/relying parties.
> 
> Examples include various trust status lists formats and things like SAML
> metadata.
> 
> The latter case (SAML metadata) isn't necessarily tied to the SAML v2
> _protocol_ but it is used for that. Large-scale SAML federations are often
> setup to depend on distribution of signed SAML metadata.
> 
> Consider the case when a large number of relying parties of such a SAML
> federation are also either OAUTH2 resource or authorization servers. Today
> all of those OAUTH2 entities have to be provisioned with separate client
> secrets that have no relationship to the trust infrastructure already in use
> in the federation.
> 
> It is not uncommon for such federations to have 1000s and sometimes
> 1s of entities making client secret management something of a
> scalability issue.
> 
> Even with dynreg the problem of managing all of those client secrets
> would still remain a *huge* (operational) security and scalability issue.
> 
> There is therefore a desire among communities that have such deployments
> to be able to re-use the key-management already in place for OAUTH2.
> 
> Note that this example isn't tied to the SAML protocol at all.
> 
> Leif
> 
> -- next part --
> An HTML attachment was scrubbed...
> URL: 
> 
> 
> --
> 
> Message: 2
> Date: Thu, 8 Nov 2012 12:43:21 -0500
> From: John Bradley 
> To: "Richer, Justin P." 
> Cc: "openid-specs...@lists.openid.net"
>   , "oauth@ietf.org" 
> 
> Subject: Re: [OAUTH-WG] [Openid-specs-ab] I-D Action:
>   draft-ietf-oauth-dyn-reg-01.txt
> Message-ID: <7aa04640-ac9c-4c9e-b1e1-77f92cee2...@ve7jtb.com>
> Content-Type: text/plain; charset="windows-1252"
> 
> Also in openID 2 there was an association endpoint that is similar where the 
> client got its secret.   Mostly the term is a carryover from that.
> 
> I don't have any real objection to changing it to registration to align 
> better with OAuth terminology in the IETF version.
> 
> John B.
> 
> On 2012-11-05, at 5:50 PM, "Richer, Justin P."  wrote:
> 
> > I thought of this during the merge process as well -- "associate" is a 
> > direct import from OIDC. The reasoning behind this verb is that you're 
> > "associating" a set of client metadata to a particular client identifier.
> > 
> > I'd be happy to change this term to "client_register" if there's consensus 
> > for a  move to that terminology.
> > 
> > Also, forgot to mention this before: The latest version of it will always 
> > be on my github:
> > 
> >   https://github.com/jricher/oauth-spec
> > 
> > This has the added benefit of allowing you all to fork the repo, make 
> > edits, file issues, and make pull requests against the document in between 
> > uploads to the IETF datatracker.
> > 
> >  -- Justin
> > 
> > 
> > On Nov 5, 2012, at 5:38 PM, Tim Bray wrote:
> > 
> >> Quick question: Why is it ?association request?, not ?registration 
> >> request??  Nearly everywhere the term ?a

Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 11

2012-11-13 Thread Nichole Richardson

get mime

On November 13, 2012 12:00:08 PM PST, oauth-requ...@ietf.org wrote:
> If you have received this digest without all the individual message
> attachments you will need to update your digest options in your list
> subscription.  To do so, go to 
> 
> https://www.ietf.org/mailman/listinfo/oauth
> 
> Click the 'Unsubscribe or edit options' button, log in, and set "Get
> MIME or Plain Text Digests?" to MIME.  You can set this option
> globally for all the list digests you receive at this point.
> 
> 
> 
> Send OAuth mailing list submissions to
>   oauth@ietf.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>   https://www.ietf.org/mailman/listinfo/oauth
> or, via email, send a message with subject or body 'help' to
>   oauth-requ...@ietf.org
> 
> You can reach the person managing the list at
>   oauth-ow...@ietf.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OAuth digest..."
> 
> 
> Today's Topics:
> 
>1. Re: bag-of-keys metadata UC for the "mac" discussion (Phil Hunt)
>2. Re: bag-of-keys metadata UC for the "mac" discussion
>   (Leif Johansson)
>3. Review Volunteers (Hannes Tschofenig)
>4. Meeting Minutes (Hannes Tschofenig)
> 
> 
> --
> 
> Message: 1
> Date: Mon, 12 Nov 2012 13:09:11 -0800
> From: Phil Hunt 
> To: Leif Johansson 
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] bag-of-keys metadata UC for the "mac"
>   discussion
> Message-ID: <7ef786e1-18e2-4974-a6bc-2c72be9f5...@oracle.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Leif,
> 
> I've read this a couple of times and I think I'm getting lost in partial SAML 
> vs. OAuth terminology. As a result, I thought you were saying:
> 
> 1. It isn't practical to issue client credentials even with Dynamic 
> Registration
> 2. You want to re-use key management already in place with OAuth2.
> 
> These statements seem to be in conflict.  Did you mean to say for number 2 
> that you want to re-use key management already in place for SAML?
> 
> Phil
> 
> @independentid
> www.independentid.com
> phil.h...@oracle.com
> 
> 
> 
> 
> 
> On 2012-11-08, at 8:01 AM, Leif Johansson wrote:
> 
> > I promised to send a UC to the list as input to the discussion around new
> > token formats.
> > 
> > ---
> > 
> > Several large-scale deployments of public-key use a "bag-of-keys" model
> > for key management: you stick endpoint information together with public
> > keys for those endpoints in a signable container which is then signed with
> > a private key associated with some "trust provider" an distributed to all
> > entities/relying parties.
> > 
> > Examples include various trust status lists formats and things like SAML
> > metadata.
> > 
> > The latter case (SAML metadata) isn't necessarily tied to the SAML v2
> > _protocol_ but it is used for that. Large-scale SAML federations are often
> > setup to depend on distribution of signed SAML metadata.
> > 
> > Consider the case when a large number of relying parties of such a SAML
> > federation are also either OAUTH2 resource or authorization servers. Today
> > all of those OAUTH2 entities have to be provisioned with separate client
> > secrets that have no relationship to the trust infrastructure already in use
> > in the federation.
> > 
> > It is not uncommon for such federations to have 1000s and sometimes
> > 1s of entities making client secret management something of a
> > scalability issue.
> > 
> > Even with dynreg the problem of managing all of those client secrets
> > would still remain a *huge* (operational) security and scalability issue.
> > 
> > There is therefore a desire among communities that have such deployments
> > to be able to re-use the key-management already in place for OAUTH2.
> > 
> > Note that this example isn't tied to the SAML protocol at all.
> > 
> > Leif
> > ___
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> 
> -- next part --
> An HTML attachment was scrubbed...
> URL: 
> 
> 
> --
> 
> Message: 2
> Date: Mon, 12 Nov 2012 22:12:40 +0100
> From: Leif Johansson 
> To: Phil Hunt 
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] bag-of-keys metadata UC for the "mac"
>   discussion
> Message-ID: <50a16648.1030...@mnt.se>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> On 11/12/2012 10:09 PM, Phil Hunt wrote:
> > Leif,
> >
> > I've read this a couple of times and I think I'm getting lost in
> > partial SAML vs. OAuth terminology. As a result, I thought you were
> > saying:
> >
> > 1. It isn't practical to issue client credentials even with Dynamic
> > Registration
> > 2. You want to re-use key management already in place with OAuth2.
> >
> > These statements se

Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 14

2012-11-18 Thread Nichole Richardson

help

On November 16, 2012 12:00:14 PM PST, oauth-requ...@ietf.org wrote:
> If you have received this digest without all the individual message
> attachments you will need to update your digest options in your list
> subscription.  To do so, go to 
> 
> https://www.ietf.org/mailman/listinfo/oauth
> 
> Click the 'Unsubscribe or edit options' button, log in, and set "Get
> MIME or Plain Text Digests?" to MIME.  You can set this option
> globally for all the list digests you receive at this point.
> 
> 
> 
> Send OAuth mailing list submissions to
>   oauth@ietf.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>   https://www.ietf.org/mailman/listinfo/oauth
> or, via email, send a message with subject or body 'help' to
>   oauth-requ...@ietf.org
> 
> You can reach the person managing the list at
>   oauth-ow...@ietf.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OAuth digest..."
> 
> 
> Today's Topics:
> 
>1. Question related to OAuth access token (Security Developer)
> 
> 
> --
> 
> Message: 1
> Date: Fri, 16 Nov 2012 01:03:16 +0500
> From: Security Developer 
> To: OAuth@ietf.org
> Subject: [OAUTH-WG] Question related to OAuth access token
> Message-ID:
>   
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi,
> 
> If an access token is either SAML or JWT in OAuth then what would be the
> value in subject either resource owner or client application name?
> 
> Thanks for your time.
> 
> Regards,
> -- next part --
> An HTML attachment was scrubbed...
> URL: 
> 
> 
> --
> 
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 
> 
> End of OAuth Digest, Vol 49, Issue 14
> *
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 12

2012-11-18 Thread Nichole Richardson

help


On November 14, 2012 6:51:40 AM PST, oauth-requ...@ietf.org wrote:
> If you have received this digest without all the individual message
> attachments you will need to update your digest options in your list
> subscription.  To do so, go to 
> 
> https://www.ietf.org/mailman/listinfo/oauth
> 
> Click the 'Unsubscribe or edit options' button, log in, and set "Get
> MIME or Plain Text Digests?" to MIME.  You can set this option
> globally for all the list digests you receive at this point.
> 
> 
> 
> Send OAuth mailing list submissions to
>   oauth@ietf.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>   https://www.ietf.org/mailman/listinfo/oauth
> or, via email, send a message with subject or body 'help' to
>   oauth-requ...@ietf.org
> 
> You can reach the person managing the list at
>   oauth-ow...@ietf.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OAuth digest..."
> 
> 
> Today's Topics:
> 
>1. Re: OAuth Digest, Vol 49, Issue 11 (Nichole Richardson)
>2. Vacationing this week & e-mail address (Michael Jones)
>3. is OAuth protocol based on HTTP? (dgq2011)
> 
> 
> --
> 
> Message: 1
> Date: Tue, 13 Nov 2012 14:31:11 -0800
> From: Nichole Richardson 
> To: ,  
> Subject: Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 11
> Message-ID: 
> Content-Type: text/plain; charset="utf-8"
> 
> get mime
> 
> On November 13, 2012 12:00:08 PM PST, oauth-requ...@ietf.org wrote:
> > If you have received this digest without all the individual message
> > attachments you will need to update your digest options in your list
> > subscription.  To do so, go to 
> > 
> > https://www.ietf.org/mailman/listinfo/oauth
> > 
> > Click the 'Unsubscribe or edit options' button, log in, and set "Get
> > MIME or Plain Text Digests?" to MIME.  You can set this option
> > globally for all the list digests you receive at this point.
> > 
> > 
> > 
> > Send OAuth mailing list submissions to
> > oauth@ietf.org
> > 
> > To subscribe or unsubscribe via the World Wide Web, visit
> > https://www.ietf.org/mailman/listinfo/oauth
> > or, via email, send a message with subject or body 'help' to
> > oauth-requ...@ietf.org
> > 
> > You can reach the person managing the list at
> > oauth-ow...@ietf.org
> > 
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of OAuth digest..."
> > 
> > 
> > Today's Topics:
> > 
> >1. Re: bag-of-keys metadata UC for the "mac" discussion (Phil Hunt)
> >2. Re: bag-of-keys metadata UC for the "mac" discussion
> >   (Leif Johansson)
> >3. Review Volunteers (Hannes Tschofenig)
> >4. Meeting Minutes (Hannes Tschofenig)
> > 
> > 
> > --
> > 
> > Message: 1
> > Date: Mon, 12 Nov 2012 13:09:11 -0800
> > From: Phil Hunt 
> > To: Leif Johansson 
> > Cc: oauth@ietf.org
> > Subject: Re: [OAUTH-WG] bag-of-keys metadata UC for the "mac"
> > discussion
> > Message-ID: <7ef786e1-18e2-4974-a6bc-2c72be9f5...@oracle.com>
> > Content-Type: text/plain; charset="iso-8859-1"
> > 
> > Leif,
> > 
> > I've read this a couple of times and I think I'm getting lost in partial 
> > SAML vs. OAuth terminology. As a result, I thought you were saying:
> > 
> > 1. It isn't practical to issue client credentials even with Dynamic 
> > Registration
> > 2. You want to re-use key management already in place with OAuth2.
> > 
> > These statements seem to be in conflict.  Did you mean to say for number 2 
> > that you want to re-use key management already in place for SAML?
> > 
> > Phil
> > 
> > @independentid
> > www.independentid.com
> > phil.h...@oracle.com
> > 
> > 
> > 
> > 
> > 
> > On 2012-11-08, at 8:01 AM, Leif Johansson wrote:
> > 
> > > I promised to send a UC to the list as input to the discussion around new
> > > token formats.
> > > 
> > > ---
> > > 
> > > Several large-scale deployments of public-key use a "bag-of-keys" model
> > > for key management: you stick endpoint information together with public
> > > keys for those e

Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 15

2012-11-18 Thread Nichole Richardson

help subscribe to oauth digest, Vol 49,Issue 15

On November 18, 2012 5:27:18 AM PST, oauth-requ...@ietf.org wrote:
> If you have received this digest without all the individual message
> attachments you will need to update your digest options in your list
> subscription.  To do so, go to 
> 
> https://www.ietf.org/mailman/listinfo/oauth
> 
> Click the 'Unsubscribe or edit options' button, log in, and set "Get
> MIME or Plain Text Digests?" to MIME.  You can set this option
> globally for all the list digests you receive at this point.
> 
> 
> 
> Send OAuth mailing list submissions to
>   oauth@ietf.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>   https://www.ietf.org/mailman/listinfo/oauth
> or, via email, send a message with subject or body 'help' to
>   oauth-requ...@ietf.org
> 
> You can reach the person managing the list at
>   oauth-ow...@ietf.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OAuth digest..."
> 
> 
> Today's Topics:
> 
>1. Re: OAuth Digest, Vol 49, Issue 14 (Nichole Richardson)
>2. Re: OAuth Digest, Vol 49, Issue 12 (Nichole Richardson)
> 
> 
> --
> 
> Message: 1
> Date: Sun, 18 Nov 2012 05:26:40 -0800
> From: Nichole Richardson 
> To: ,  
> Subject: Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 14
> Message-ID: 
> Content-Type: text/plain; charset="utf-8"
> 
> help
> 
> On November 16, 2012 12:00:14 PM PST, oauth-requ...@ietf.org wrote:
> > If you have received this digest without all the individual message
> > attachments you will need to update your digest options in your list
> > subscription.  To do so, go to 
> > 
> > https://www.ietf.org/mailman/listinfo/oauth
> > 
> > Click the 'Unsubscribe or edit options' button, log in, and set "Get
> > MIME or Plain Text Digests?" to MIME.  You can set this option
> > globally for all the list digests you receive at this point.
> > 
> > 
> > 
> > Send OAuth mailing list submissions to
> > oauth@ietf.org
> > 
> > To subscribe or unsubscribe via the World Wide Web, visit
> > https://www.ietf.org/mailman/listinfo/oauth
> > or, via email, send a message with subject or body 'help' to
> > oauth-requ...@ietf.org
> > 
> > You can reach the person managing the list at
> > oauth-ow...@ietf.org
> > 
> > When replying, please edit your Subject line so it is more specific
> > than "Re: Contents of OAuth digest..."
> > 
> > 
> > Today's Topics:
> > 
> >1. Question related to OAuth access token (Security Developer)
> > 
> > 
> > --
> > 
> > Message: 1
> > Date: Fri, 16 Nov 2012 01:03:16 +0500
> > From: Security Developer 
> > To: OAuth@ietf.org
> > Subject: [OAUTH-WG] Question related to OAuth access token
> > Message-ID:
> > 
> > Content-Type: text/plain; charset="iso-8859-1"
> > 
> > Hi,
> > 
> > If an access token is either SAML or JWT in OAuth then what would be the
> > value in subject either resource owner or client application name?
> > 
> > Thanks for your time.
> > 
> > Regards,
> > -- next part --
> > An HTML attachment was scrubbed...
> > URL: 
> > <http://www.ietf.org/mail-archive/web/oauth/attachments/20121116/258a14c4/attachment.htm>
> > 
> > --
> > 
> > ___
> > OAuth mailing list
> > OAuth@ietf.org
> > https://www.ietf.org/mailman/listinfo/oauth
> > 
> > 
> > End of OAuth Digest, Vol 49, Issue 14
> > *
> -- next part --
> An HTML attachment was scrubbed...
> URL: 
> <http://www.ietf.org/mail-archive/web/oauth/attachments/20121118/cea4d9c7/attachment.htm>
> 
> --
> 
> Message: 2
> Date: Sun, 18 Nov 2012 05:27:15 -0800
> From: Nichole Richardson 
> To: ,  
> Subject: Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 12
> Message-ID: 
> Content-Type: text/plain; charset="utf-8"
> 
> help
> 
> 
> On November 14, 2012 6:51:40 AM PST, oauth-requ...@ietf.org wrote:
> > If you have received this digest without all the individual message
> > attachments you will need to update your digest options in yo

Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 9

Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 11

Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 14

Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 12

Re: [OAUTH-WG] OAuth Digest, Vol 49, Issue 15

5 matches

Site Navigation

Mail list logo

Footer information