Stephen Farrell has entered the following ballot position for
draft-ietf-oauth-amr-values-07: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer
text. This is such a case - so thanks.
>
> I'll add this information, which is necessary to understand the
> intent, and then republish.
Ah good, that explains the disconnect.
Cheers,
S.
>
> -- Mike
>
> -Original Message- From: Stephen Farrell
> [mailto:ste
e useful to RPs. Slicing things more finely than would be used
> in practice actually hurts interop, rather than helping it, because
> it would force all RPs to recognize that several or many different
> values actually mean the same thing to them.
>
>
>
> -- Mike
&g
ions that use some of these
type-names, but the point of RFCs is not to "bless"
such things, but to achieve interop.)
"
Cheers,
S.
>
> Thanks, -- Mike
>
> -----Original Message- From: Mike Jones
> [mailto:michael.jo...@microsoft.com] Sent: Tuesday, February 28, 2017
Stephen Farrell has entered the following ballot position for
draft-ietf-oauth-jwsreq-12: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to
s that some biometrics fit
that latter but I could be wrong. If they do, then one
runs into the problem of having to depend on magic numbers
in the encodings or similar to distinguish which is really
error prone and likely to lead to what our learned
transport chums are calling ossification;-)
Cheers
DISCUSS)
>
> We have interoped between FIDO authenticators vendors and Windows
> Hello
>
> -Original Message- From: Stephen Farrell
> [mailto:stephen.farr...@cs.tcd.ie] Sent: Wednesday, February 1, 2017
> 4:24 PM To: Mike Jones ; Anthony Nadalin
> ; joel jaeggli
said, I can look at also finding appropriate references for
> the remaining values that don't currently have them. (Anyone got a
> good reference for password or PIN to suggest, for instance?)
>
> -- Mike
>
> -Original Message- From: Anthony Nadalin Sent: Wedne
o match the codepoint. If there's not, I don't see why
adding a codepoint is useful. (Esp. if we're at the stage of
testing "various iris devices" that I would guess do not get
us interop.)
Am I missing something?
Cheers,
S.
>
> -Original Message-
fined.
> For all the initial values, that requirement is satisfied, since the
> reference will be to the new RFC. I think that aligns with the point
> that Joel was making.
>
> Your thoughts?
>
> -- Mike
>
> -Original Message- From: OAuth
> [mailto:oauth-boun...@
On 01/02/17 14:58, joel jaeggli wrote:
> On 1/31/17 8:26 AM, Stephen Farrell wrote:
>> Stephen Farrell has entered the following ballot position for
>> draft-ietf-oauth-amr-values-05: Discuss
>>
>> When responding, please keep the subject line intact and reply to all
Stephen Farrell has entered the following ballot position for
draft-ietf-oauth-amr-values-05: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to
Is there any information as to what percentage of browsers have a
vulnerable configuration? That's not clear to me and seems relevant.
My impression was that wpad wasn't that widely enabled in browsers
nowadays, but that may well be wrong.
S.
On 27/07/16 01:15, Dick Hardt wrote:
> http://arstech
Stephen Farrell has entered the following ballot position for
charter-ietf-oauth-04-00: Yes
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
The document, along with
Stephen Farrell has entered the following ballot position for
draft-ietf-oauth-proof-of-possession-10: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however
sufficient to clear the DISCUSS.
>
> Thanks for your thoughtful review!
> — Justin
>
>> On Apr 24, 2015, at 5:32 PM, Stephen Farrell
>> wrote:
>>
>>
>>
>> On 24/04/15 22:27, Justin Richer wrote:
>>> Stephen, I’ve worked on t
ake a more
> informed registration request. The use of any such management or
> discovery system is OPTIONAL and outside the scope of this
> specification.
>
> Does this text work for you?
It does, nicely.
Thanks,
S.
>
> — Justin
>
>> On
On 24/04/15 13:28, Justin Richer wrote:
>>
>
> It can get as bad as the web, which is pretty bad, but I hope we don't
> have to point that out in great detail in every RFC that deals with the
> web. :) I think the drive-by-download malware example is a good one, and
> we could add another concre
On 24/04/15 13:30, Justin Richer wrote:
>>
>
> OK, so are you asking for something like:
>
> "If the server supports an update mechanism such as [Dyn-Reg-Management]
> and a discovery mechanism such as [OIDC-Discovery], then a smart client
> could use these components to renegotiate undesirable
try to re-negotiate, but
> that's a fairly sophisticated behavior.
So could we just point at the relevant specs for that behaviour?
(Not normatively, and I don't care if they're not RFCs.)
S.
>
> Hope this helps,
> -- Justin
>
> On 4/24/2015 8:09 AM, Stephen Farr
So this is to follow up on my discuss point#2, which said:
(2) If the response (defined in 3.2.1) includes metadata that
the server has altered, but that the client doesn't like, then
what does the client do? (It may be that that's ok, but I'm
not following why that is the case.) I'm also not sur
Stephen Farrell has entered the following ballot position for
draft-ietf-oauth-dyn-reg-28: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to http
+0000
From: Stephen Farrell
To: unbeara...@ietf.org
Hi all,
There's about 70+ people on the list now so let's kick off.
Andrei sent Kathleen and I the charter proposal below a while
ago. For myself I don't think its quite right yet but I'd
rather hear what you all think. S
endentid.com
> phil.h...@oracle.com
>
>> On Dec 5, 2014, at 8:43 AM, Stephen Farrell
>> wrote:
>>
>>
>> Hiya,
>>
>> Following up on the presentation at IETF-91 on this topic, [1]
>> we've created a new list [2] for moving that along. The li
gt;>>>
>>>> John B.
>>>>> On Dec 5, 2014, at 10:48 PM, Phil Hunt
>wrote:
>>>>>
>>>>> Doesn't that duplicate our current work?
>>>>>
>>>>> Phil
>>>>>
>>>>>> On Dec
-- Mike
>
> -Original Message-
> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Mike Jones
> Sent: Friday, October 24, 2014 8:33 PM
> To: 'Stephen Farrell'; The IESG
> Cc: oauth-cha...@tools.ietf.org;
> draft-ietf-oauth-json-web-to...@tools.ie
Stephen Farrell has entered the following ballot position for
draft-ietf-oauth-assertions-18: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer
ietf.org] On Behalf Of Mike Jones
>> Sent: Monday, October 06, 2014 7:20 PM
>> To: Stephen Farrell; The IESG
>> Cc: oauth-cha...@tools.ietf.org; draft-ietf-oauth-json-web-
>> to...@tools.ietf.org; oauth@ietf.org
>> Subject: Re: [OAUTH-WG] Stephen Farrell's Discuss on
On 16/10/14 22:39, Brian Campbell wrote:
> Hiya in return and inline below...
>
> On Thu, Oct 16, 2014 at 3:00 PM, Stephen Farrell
> wrote:
>
>>
>> Hmm. So the SAML one only seems to have RSA-SHA1 as the MTI and the
>> JOSE one has only H256 as required.
&g
Hiya,
On 16/10/14 21:06, Brian Campbell wrote:
> Thanks for your review and feedback on this one too, Stephen. Replies are
> inline below...
>
> On Thu, Oct 16, 2014 at 5:22 AM, Stephen Farrell
> wrote:
>
>> Stephen Farrell has entered the following ballot position
Hiya,
Mostly fine just a couple of notes.
On 16/10/14 20:28, Brian Campbell wrote:
> Thanks for your review and feedback, Stephen. Replies are inline below...
>
> On Thu, Oct 16, 2014 at 5:20 AM, Stephen Farrell
> wrote:
>
>> Stephen Farrell has entered the followin
needed.
>
> On Thu, Oct 16, 2014 at 5:22 AM, Stephen Farrell
> wrote:
>
>> Stephen Farrell has entered the following ballot position for
>> draft-ietf-oauth-jwt-bearer-10: No Objection
>>
>> When responding, please keep the subject line intact and reply to all
&g
Stephen Farrell has entered the following ballot position for
draft-ietf-oauth-jwt-bearer-10: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer
Stephen Farrell has entered the following ballot position for
draft-ietf-oauth-assertions-17: Discuss
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to
Stephen Farrell has entered the following ballot position for
draft-ietf-oauth-saml2-bearer-21: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please
Hi Mike,
On 06/10/14 08:54, Mike Jones wrote:
> Thanks for your review, Stephen. I've added the working group to the
> thread so they're aware of your comments.
>
>> -Original Message----- From: Stephen Farrell
>> [mailto:stephen.farr...@cs.tcd.ie] Sent: Thu
On 02/10/14 17:25, Mike Jones wrote:
> OK - I'll start prefixing my text with "Mike> ".
Many thanks.
S
>
> -Original Message-----
> From: Stephen Farrell [mailto:stephen.farr...@cs.tcd.ie]
> Sent: Thursday, October 02, 2014 8:49 AM
> To: Mike Jones;
Mike,
I cannot tell which is your text and which not.
Can you please use a better quoting style? These docs are
going to be a total PITA to handle otherwise.
Thanks,
S.
On 02/10/14 16:14, Mike Jones wrote:
> Responding to the DISCUSS below…
>
>
>
> -Original Message-
> From: Alissa
See below. I think (not quite sure) that this is better
discussed on the kitten list.
Ta,
S.
Original Message
Subject: [kitten] [IANA #731918] SASL mechanism not listed
Date: Mon, 24 Mar 2014 19:33:06 +
From: Stephen Farrell
To: kit...@ietf.org
CC: iana-questi
Hiya,
This draft has a couple of minor changes needed as a result
of IESG review (see [1]) but one question came up that I
wanted to bring back to the WG to see what you think. Any
good answer should be fine btw, this isn't a case of the
insisting on stuff.
The question is whether the WG think t
the list, and in case of IETF,
> it should do so.
>
> One feedback on the experience we had at OIDF is that XML Editing tools
> changes all sort of formatting making the diff at bitbucket useless. So, we
> had to resort to emacs/vim/ etc.
>
> my 2c.
>
> Nat Sakim
Hiya,
On 05/13/2013 09:04 AM, Hannes Tschofenig wrote:
> Hi all,
> the OpenID Connect had gained some experience with using version control
> systems
> for editing specifications (and the use of issue trackers), see
> http://openid.bitbucket.org/. Based on a recent discussion in the IETF (amon
13 09:09 PM, Torsten Lodderstedt wrote:
> Hi Stephen,
>
> I just posted a new revision of the draft
> (http://tools.ietf.org/html/draft-ietf-oauth-revocation-07). I tried to
> address all the issues you raised (see below).
>
> Am 09.04.2013 19:27, schrieb Stephen Farrell:
>> Hi
Hiya,
On 04/12/2013 10:03 PM, Justin Richer wrote:
> Hi Stephen,
>
> I didn't respond as I didn't have anything to add to your comments, but
> what little details I have are inline.
Thanks:-)
> On 04/12/2013 04:53 PM, Stephen Farrell wrote:
>> Hi,
>&
Hi,
I'm surprised there've been no responses. I thought
there was more interest in this one.
Ta,
S.
On 04/09/2013 06:27 PM, Stephen Farrell wrote:
>
> Hi,
>
> I've done my AD review of this draft. I have two quick questions
> I'd like to get answered befor
Hi,
I've done my AD review of this draft. I have two quick questions
I'd like to get answered before I start IETF LC. Depending on the
answers maybe we should re-spin or just fire ahead, let's see...
(1) 2.1: "upon the return of the request" isn't right is it? I
think you mean the response at l
Group Summary:
>
> The document experienced no particular problems in the working group.
>
> Document Quality:
>
> The document has been deployed by four companies, namely by Salesforce,
> Google, Deutsche Telekom, and MITRE.
> The working group reviewed and discus
This looks right to me (and I'm in a boring meeting processing
errata:-) so I'm gonna mark it as verified. Please let me know
if that's wrong.
S
On 02/26/2013 05:07 PM, RFC Errata System wrote:
> The following errata report has been submitted for RFC6749,
> "The OAuth 2.0 Authorization Framework
ohn B.
>
> On 2013-02-19, at 4:22 AM, SM wrote:
>
>> Hi John,
>> At 12:54 18-02-2013, John Bradley wrote:
>>> That is where we get into the area Stephen Farrell has been raising about
>>> MTI not being required to deploy.
>>
>> The topic of man
Hi Barry,
I agree with you generally, but just on one point...
On 02/18/2013 05:38 AM, Barry Leiba wrote:
> That's why I say that as I see it, it's not an issue of MTI.
I do think there is an issue related to MTI that's affecting
the discussion. Clearing up that issue won't by itself solve
th
In some off-list mail between Mike and I, he said:
>> Was TCP a bad idea because it didn't have MTI port numbers? Would
>> it have improved TCP to add an MTI port or two?
To which I responded:
> Ports are MTI for TCP. [1] They are 16 bit values
> with a well-defined test for equality and a lit
sion.
Email discussion on this list is where this should mostly happen
I think now that the draft is back with the WG.
Cheers,
S.
> Cheers,
> -- Mike
>
> P.S. RFC 768 is amazingly short! Have a look at it again, if you haven't
Hi all,
The OAuth assertion document has received DISCUSSes as you can
see from the data tracker at [1]. I've been chatting with
the chairs and the ADs with those DISCUSSes in the last few
days.
The main concern is that these documents do not sufficiently
specify the functionality that is neede
Hi Hannes,
On 01/19/2013 04:19 PM, Hannes Tschofenig wrote:
>
> Thanks for the feedback. I see that a couple of you have decided to go with
> option 2.
Yep, looks like it. I've moved this back to Feb 7 so the
discussion doesn't need to be rushed.
S.
__
Hiya,
So I'll take the lack of further discussion about this an meaning
that the wg want this to shoot ahead. I'll put this in as an RFC
editor note for the draft.
Cheers,
S.
On 01/18/2013 12:04 PM, Tschofenig, Hannes (NSN - FI/Espoo) wrote:
> Hi all,
>
> As you have seen on the list (see
> h
Hi,
Since we thought we were done with it, I put this document
on the IESG telechat agenda for Jan 24. Hannes' question
however looks like its a real one that needs an answer.
I'd appreciate it if the WG could figure out if there's any
change needed and either make that change in the next week,
On 01/09/2013 11:02 PM, Derek Atkins wrote:
> Barry Leiba writes:
>
>>> Corrected Text
>>> --
>>> Resource owners cannot revoke access to an individual third party without
>>> revoking access
>>> to all third parties, and must do so by changing their password.
>>>
>>> Notes
>>> ---
Hi Hannes, all,
Sorry to have been slow with the AD review here. I've only
a few comments (below) that can be handled as IETF LC
comments. Any changes as a result of the recent thread on
the definition of Issuer can also be done then.
Unless someone tells me to hold off for a new version, I'll
r
Thanks,
Since this is on the Aug 30 telechat let's not have any further changes
without a chair/AD asking.
Ta,
S
On 16 Aug 2012, at 18:19, Torsten Lodderstedt wrote:
> Hi all,
>
> the new revision covers token substitution, which has been added to the core
> spec lately. Additionally, it d
On 08/09/2012 07:26 PM, John Bradley wrote:
> In Vancouver the question was asked about the future of the MAC spec due to
> it no linger having a editor.
>
> The Chair and AD indicated a desire to have a document on the use-cases we
> are trying to address before deciding on progressing MAC or
Hunt wrote:
> Stephen
>
> One more threat has come up in the core spec that is being looked at. As
> Torsten is heading out on vacation I have agreed to augment if needed with
> any supplementary text to the threat model.
>
> Will keep you informed.
>
> Phil
>
&g
Hiya,
On 07/23/2012 08:56 AM, Julian Reschke wrote:
> On 2012-07-23 00:33, Stephen Farrell wrote:
>>
>> Hi all,
>>
>> I'd like to check that some recent minor changes to this
>> document [1] don't cause technical or process-grief.
>>
>> T
Hi all,
I'd like to check that some recent minor changes to this
document [1] don't cause technical or process-grief.
The version [2] of the oauth bearer draft that underwent
IETF LC and IESG evaluation had a normative dependency
on the httpbis wg's authentication framework. [3]
After resolving
Hi,
This draft was approved on yesterday's IESG telechat.
Before sending it off to the RFC editor would you take
a look at the comments [1] and let me know if there are
any changes worth making.
If they're tiny but worth doing, (which they probably are)
I can put them in as an RFC editor note,
Folks. Please don't develop any new revisions for these
documents right now. I know you can't officially post
'em anyway, but I don't want us to get tempted to roll
new versions handling unrelated comments. (Alexey's
comments are not unrelated.)
I'd like to handle any tweaks needed as RFC editor
Hi Hannes,
That's great thanks. And thanks all for the good work.
Since there've been a good few changes and a bit of time
has elapsed I'll give the other IESG members who previously
commented on these a few days to check if the changes are
ok, and then I can shoot 'em along.
Cheers,
S.
PS: A
orporating
> your review comments.
>
> Please find answers to your comments below.
>
> Thank you again for your detailed review. You helped us to significantly
> improve the document's quality.
>
> best regards,
> Torsten.
>
> Am 28.05.2012 20:34, schrieb
I'll wait until the chairs tell me what you want
but I'm fine with doing the IETF LC on -03 now, or
with waiting if the chairs reckon that's better.
So just let me know.
Cheers,
S.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listi
On 21 Jun 2012, at 19:29, Barry Leiba wrote:
>>> (1) Why Informational? Everything else at that level seems to
>>> be specified in a standards track or BCP level RFC, and IETF
>>> Consensus is required. [1] I think you have to do this as
>>> standards track. Did I miss something?
>>>
>> Standa
ack. Responses are inline.
>
> On Wed, Jun 20, 2012 at 6:26 AM, Stephen Farrell
> wrote:
>>
>> Hi,
>>
>> Many thanks for a nice short document!
>
> If only they could all be so short right? :)
>
>> I've a few questions though and suspect
On 06/20/2012 05:14 PM, Mike Jones wrote:
> Per your question (5) Stephen, possibly see the registrations in
> http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-12#section-6.
> Authors, maybe using one of these as an example would help?
Thanks Mike, that answers the question. I can't s
Hi,
Many thanks for a nice short document!
I've a few questions though and suspect that a quick re-spin
might be needed, but let's see what the wg think about 'em
first.
(1) Why Informational? Everything else at that level seems to
be specified in a standards track or BCP level RFC, and IETF
Co
Hi Mike,
As you noted this is under way. When I mailed tlr I
asked for two weeks from the 13th, which co-incides
with the end of the IETF LC caused by the IPR
declaration, so it should be fine.
Cheers,
S.
On 06/18/2012 07:08 PM, Mike Jones wrote:
> Hi Stephen,
>
> Pete is holding his DISCUSS o
On 06/15/2012 07:54 PM, Mike Jones wrote:
> Bearer acknowledges Bill de hÓra. Core acknowledges Bill de hOra. Which is
> correct?
Bill may correct me but I believe the former is correct but
can't be represented in ASCII so the latter is what you ought
use.
S
Hi all,
Just to let you know that all discusses on
draft-ietf-oauth-v2 have now cleared. So
that means that when the chairs tell me
you've finished the last few updates needed,
I can shoot this on to the RFC editor (as
long as you don't mess about adding crazy
stuff:-).
Let's get this one out th
Hi all,
Just so's you know, I've requested the additional IETF LC
on the oauth bearer draft.
This is because a reviewer after the previous IETF LC and
after the IESG telechat noticed some IPR and did the right
thing.
I think we're close enough to done that folks can make
their evaluations of wh
Torsten.
>
> Am 28.05.2012 20:34, schrieb Stephen Farrell:
>>
>> Hi all,
>>
>> I've gotten the publication request for oauth-threatmodel
>> so here's my AD review of -05.
>>
>> Its quite a read (and a good one) but I've a bunch of
>>
Hi all,
I've gotten the publication request for oauth-threatmodel
so here's my AD review of -05.
Its quite a read (and a good one) but I've a bunch of
questions. Some of these will need fixing I suspect
but a lot are ok to fix later after IETF LC, depending
on whether the authors want to re-spi
not sufficiently familiar with the current state of
play to include "JSON-based" so I've left that out.
> Typo: Change "a authorization" to "an authorization".
Ta,
S.
>
> -- Mike
>
> -Original Message-
&g
On 05/09/2012 09:31 PM, Michael Thomas wrote:
>>
>
> That's not what I read Eran as asking for:
>
> "So no discussion of this is expected on the list - correct?"
Eran is right about the kinds of discussion I mentioned
as not being for the WG.
This is all business as usual, the rules are in RF
Hi Mike,
On 05/09/2012 08:34 PM, Michael Thomas wrote:
> On 05/09/2012 12:17 PM, Eran Hammer wrote:
>> Whoever you talk to for legal advice about IPR issues related to
>> standards you might implement. My only point is, this group is not
>> qualified to comment on IPR matters.
>
> The IETF gets
us: Active
> Last updated: 2012-05-03
>
> Chairs:
> Hannes Tschofenig
> Derek Atkins
>
> Security Area Directors:
> Stephen Farrell
> Sean Turner
>
> Security Area Advisor:
> Stephen Farrell
>
> Technical Advisor:
> Peter Saint-Andre
>
&
On 04/20/2012 03:40 PM, Michael Thomas wrote:
>
> Why not MUST ASN.1 while you're at it? JSON has won in case
> you'all haven't noticed it.
Well, I also remember when XML won over ASN.1, or
was that some RPC thing? Seems like a new format wins
about every five years or so, once the last winner
Hi all,
A recent news article [1] was brought to my attention this week
that's about a paper [2] which I've just read. While it mostly
deals with implementation and integration flaws, I'm wondering
if there's anything in there that could benefit any of the
oauth drafts. Anyone had a look at that
Hi All,
So Hannes and Derek and I have been discussing this with
the Apps ADs and Apps-area WG chairs. I've also read the
docs now, and after all that we've decided that this topic
(what to do with swd and webfinger) is best handled in the
apps area and not in the oauth WG.
The logic for that is
On 04/12/2012 12:00 PM, Hannes Tschofenig wrote:
> Hi all,
>
> those who had attended the last IETF meeting may have noticed the
ongoing activity in the 'Applications Area Working Group' regarding Web
Finger.
> We had our discussion regarding Simple Web Discovery (SWD) as part of
the re-chart
FYI in case some aren't on i...@ietf.org
Having responses to these before Thursday would be good. Its
often the case that some AD will turn some of these points into
a DISCUSS so good to know what can be cleared up easily and
what might need further discussion before the telechat.
S
O
Hi Mike,
On 03/08/2012 03:31 PM, Mike Jones wrote:
Hi Stephen,
I wanted to verify that, despite this state change, that it's still OK for me
to make the editorial change suggested by the WG to the Bearer spec to change
the b64token example.
Sure. Changes the WG want that don't conflict wit
First, thanks all, but especially editors and chairs, for your
efforts on these. I'll be putting them on an IESG telechat
agenda very shortly.
That'll be for after the Paris meeting though, but only because
we have a monster 700 pages of I-Ds to go through for next week's
telechat due to outgoin
Thanks Eran,
A question...
Is this text in 3.1.2.5 correct?
If third-party
scripts are included, the client MUST NOT ensure that its own scripts
(used to extract and remove the credentials from the URI) will
execute first.
"MUST NOT ensure" is a really odd construct. Maybe s/NOT//
Hi all,
As some of you will have noticed Barry will be taking
over as an IETF applications area director in Paris
which means that he'll no longer be able to help out
as OAuth chair after that.
However, we've been quite lucky in that Derek Atkins
(cc'd) has agreed to help out along with Hannes
vious reference to RFC 2818 was
changed to RFC 6125 in draft 14 at the request of Security Area
Director Stephen Farrell.
I've quickly chatted with Stephen and he said that he only asked the
question and didn't necessarily instructed the WG to do the change from
RFC 2818 to RFC 6125. Keepi
Folks,
The OAuth bearer and base last calls had to be re-done
since I forgot to include some downref information. Other
than adding a day to IETF LC, there should be no other
difference.
Sorry about that.
S
On 01/24/2012 03:00 PM, The IESG wrote:
The IESG has received a request from the Web
On 01/23/2012 05:11 PM, Mike Jones wrote:
FYI, the OAuth Core and Bearer specifications have reached IETF last call
status - the last step before becoming RFCs. See the following notes from the
Internet Engineering Steering Group (IESG).
Not quite the last step. There may be directorate re
As before,
Thanks
S
On 21 Jan 2012, at 02:53, Eran Hammer wrote:
>> -Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Stephen Farrell
>> Sent: Thursday, October 13, 2011 10:13 AM
>
Same response as for part I from me,
S
On 01/21/2012 01:04 AM, Eran Hammer wrote:
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Stephen Farrell
Sent: Thursday, October 13, 2011 10:13 AM
Suggested non-trivial clarifications
ds resolve themselves)
is the way to go.
Thanks,
S.
On 01/20/2012 11:47 PM, Eran Hammer wrote:
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Stephen Farrell
Sent: Thursday, October 13, 2011 10:13 AM
List 1 - Fairly sure these ne
On 12/18/2011 07:00 PM, Barry Leiba wrote:
Closing out this issue:
7.2 Access Token Implementation Considerations
Access token types have to be mutually understood among the
authorization server, the resource server, and the client -- the
access token issues the token, the resource server va
aint-Andre
Sent: Thursday, December 01, 2011 12:59 PM
To: Stephen Farrell
Cc: Barry Leiba; oauth WG
Subject: Re: [OAUTH-WG] TLS version requirements in OAuth 2.0 base
On 12/1/11 1:57 PM, Stephen Farrell wrote:
On 12/01/2011 08:10 PM, Peter Saint-Andre wrote:
On 12/1/11 1:09 PM, Rob Richards wro
Hannes,
I don't see any proposed text here, I see re-chartering
suggestions. The latter is not going to happen if the
current main documents are wedged. Please focus on the
former now.
You know that I disagree with you and a number of WG
participants about this, so no need for me to repeat
myse
1 - 100 of 136 matches
Mail list logo
