f the Connect use case.
>>
>> I sent the link to it only so people could compare them, if interested.
>>
>> -- Mike
>> From: John Bradley
>> Sent: 3/22/2012 9:43 AM
>> To: Phil Hunt
>> Cc: Mike Jones; oauth@ietf.org
>> Subject: Re: [OAUTH-WG] OA
ent: Thursday, March 22, 2012 10:36 AM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
I think it's a matter of politics and semantics: The real question is what do
we officially build the IETF version off of? The WG can't officially start with
the OIDF document du
, if interested.
-- Mike
From: John Bradley
Sent: 3/22/2012 9:43 AM
To: Phil Hunt
Cc: Mike Jones; oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
It is a OIDF spec at the moment. We don't have any plan to submit it
currently.
If there is
From: John Bradley
Sent: 3/22/2012 9:43 AM
To: Phil Hunt
Cc: Mike Jones; oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
It is a OIDF spec at the moment. We don't have any plan to submit it currently.
If there is a WG desire for that to happen the OIDF board would
-- Mike
>>>
>>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
>>> George Fletcher
>>> Sent: Thursday, March 22, 2012 6:28 AM
>>> To: Torsten Lodderstedt
>>> Cc: oauth@ietf.org
>>>
; Sent: Thursday, March 22, 2012 6:28 AM
>> To: Torsten Lodderstedt
>> Cc: oauth@ietf.org
>> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
>>
>> Hi Torsten,
>>
>> I guess I worry that trying to solve all the use cases that get pulled in
>> with dynamic
24:37 -0700
To: Mike Jones mailto:michael.jo...@microsoft.com>>
Cc: "oauth@ietf.org<mailto:oauth@ietf.org>"
mailto:oauth@ietf.org>>
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
Would the plan be for the Connect Registration spec to be submitted to IETF so
they can b
auth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
> George Fletcher
> Sent: Thursday, March 22, 2012 6:28 AM
> To: Torsten Lodderstedt
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
>
> Hi Torsten,
>
> I guess I worry that trying to so
...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
George Fletcher
Sent: Thursday, March 22, 2012 6:28 AM
To: Torsten Lodderstedt
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
Hi Torsten,
I guess I worry that trying to solve all the use cases that get pulled in with
dynamic
simpler and more useful at
this point.
EH
-Original Message-
From:oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Tschofenig, Hannes (NSN - FI/Espoo)
Sent: Thursday, March 15, 2012 4:47 AM
To: ext Blaine Cook; Hannes Tschofenig
Cc:oauth@ietf.org
Subject: Re: [OAUT
for the dynamic client registration. I don't
>>>> have strong objections to it, but it is the least important and least
>>>> defined / deployed proposal on the list. The AS->RS work is probably
>>>> simpler and more useful at this point.
>>&
e list. The AS->RS work is probably
simpler and more useful at this point.
>>>>
>>>> EH
>>>>
>>>>>
-Original Message-
>>>>> From: oauth-boun...@ietf.org [6]
[mailto:oauth-boun...@ietf.org [7]] On Behalf
>>>>> Of Tscho
auth-boun...@ietf.org] On
Behalf
Of Tschofenig, Hannes (NSN - FI/Espoo)
Sent: Thursday, March 15, 2012 4:47 AM
To: ext Blaine Cook; Hannes Tschofenig
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
Hi Blaine,
These are indeed good requirements you stated below.
When you look at t
tf.org
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
Hi Blaine,
These are indeed good requirements you stated below.
When you look at the list of topics do you think that the proposed items
indeed fulfill them?
Ciao
Hannes
-Original Message-
From: oauth-boun...@ietf.org [mailto:oaut
> Sent: Wednesday, March 21, 2012 12:53 PM
> To: Torsten Lodderstedt
> Cc: Eran Hammer; oauth@ietf.org
> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
>
> I don't think dynamic registration completely removes the need for a public
> client, that can't keep secrets
>> useful at this point.
>>
>> EH
>>
>>> -Original Message-
>>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>>> Of Tschofenig, Hannes (NSN - FI/Espoo)
>>> Sent: Thursday, March 15, 2012 4:47 AM
Hi Hannes,
+1
You have compiled a list of meaningful and feasible objectives.
regards,
Torsten.
Am 14.03.2012 21:21, schrieb Hannes Tschofenig:
So, here is a proposal:
---
Web Authorization Protocol (oauth)
Description of Working Group
The Web Authorization (OAuth) protocol allows a u
March 15, 2012 4:47 AM
To: ext Blaine Cook; Hannes Tschofenig
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
Hi Blaine,
These are indeed good requirements you stated below.
When you look at the list of topics do you think that the proposed items
indeed fulfill them?
Cia
Hi Paul,
for me, your proposal looks like the natural counterpart of JWT, as it
standardizes the way to implement handle-based token designs (in
contrast to self-contained tokens).
therefore +1 from my side.
regards,
Torsten.
Am 15.03.2012 11:35, schrieb Paul Madsen:
+1 to defining RS-AS in
JWT and SWD are the highest priority to find a home.
We are doing token introspection and dynamic registration.
Those are larger tasks to generalize, though probably worthwhile.
John B.
On 2012-03-19, at 2:30 PM, Phil Hunt wrote:
> I would support those features of connect that are more gener
I would support those features of connect that are more general being part of
the general spec family under the WG.
Phil
On 2012-03-19, at 9:31, John Bradley wrote:
> There is not intention to bring the openID Connect work to the OAuth WG.
> It like many other protocols rely on OAuth 2.0 but
There is not intention to bring the openID Connect work to the OAuth WG.
It like many other protocols rely on OAuth 2.0 but are not part of it.
However if there are some things that we are doing as OAuth 2.0 extensions
that are more general and can be standardized in the IETF, we should understand
On 15 March 2012 17:31, Zeltsan, Zachary (Zachary)
wrote:
> ... Considering OpenID Connect as a motivating use case for OAuth, SWD is
> the one spec that would then be missing for this OAuth use case.
I worry that bringing OpenID Connect into OAuth (rather than building
upon OAuth) will have det
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Mike
Jones
Sent: Wednesday, March 14, 2012 4:55 PM
To: Hannes Tschofenig; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
... Considering OpenID Connect as a motivating use case for OAuth, SWD is the
one
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Tschofenig, Hannes (NSN - FI/Espoo)
> Sent: Thursday, March 15, 2012 4:47 AM
> To: ext Blaine Cook; Hannes Tschofenig
> Cc: oauth@ietf.org
> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
>
> Hi
.
>>>
>>> Could you submit the document as Internet Draft when the submission gates
>>> open again?
>>> The I-D submission tool will be reopened at 00h UTC, 2012-03-26.
>>>
>>> From the current list of items what do you consider less important?
the current list of items what do you consider less important?
Ciao
Hannes
From: oauth-boun...@ietf.org<mailto:oauth-boun...@ietf.org>
[mailto:oauth-boun...@ietf.org] On Behalf Of ext Paul Madsen
Sent: Thursday, March 15, 2012 12:35 PM
To: Richer, Justin P.
Cc: oauth@ietf.org<mailto:oau
t of items what do you consider less important?
Ciao
Hannes
*From:*oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] *On
Behalf Of *ext Paul Madsen
*Sent:* Thursday, March 15, 2012 12:35 PM
*To:* Richer, Justin P.
*Cc:* oauth@ietf.org WG
*Subject:* Re: [OAUTH-WG] OAuth WG Re-Chartering
+1
xt Blaine Cook
> Sent: Thursday, March 15, 2012 1:31 PM
> To: Hannes Tschofenig
> Cc: oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
>
> On 14 March 2012 20:21, Hannes Tschofenig
> wrote:
> > So, here is a proposal:
> >
> > [Editor
On 14 March 2012 20:21, Hannes Tschofenig wrote:
> So, here is a proposal:
>
> [Editor's Note: New work for the group. 5 items maximum! ]
>
> Aug. 2012 Submit 'Token Revocation' to the IESG for consideration as a
> Proposed Standard
> Nov. 2012 Submit 'JSON Web Token (JWT)' to the IESG for
In Connect it is mostly the client that introspects the token, though we do use
JWT to keep things stateless.
As we move to more complex environments where clients are getting multiple
tokens from a AS for RS and those RS are decoupled from the AS, we need to
talk about JWT and introspection.
der less important?
Ciao
Hannes
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of ext Paul Madsen
Sent: Thursday, March 15, 2012 12:35 PM
To: Richer, Justin P.
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
+1 to defining RS-AS interactions. We
To Eran's point about the relevance of RS-AS standardization in internal
vs external deployments, many of our customers are using our AS to issue
tokens to their API clients, but an API management solution (from
different vendor) to front their APIs.
The API management soln becomes the RS and
+1 to RS-AS OpenID Connect takes a slightly different approach to Paul's. The
fact that people are reinventing the same wheel, indicates it has
standardization potential.
John B.
On 2012-03-15, at 6:35 AM, Paul Madsen wrote:
> +1 to defining RS-AS interactions. We've implemented such a 'toke
+1 to defining RS-AS interactions. We've implemented such a 'token
introspection' endpoint in our AS and I'm be happy to no longer need to
explain to customers/partners why it's not part of the standard.
As input, an (incomplete) spec for our endpoint enclosed. (we modeled
the verification as
PM
To: Hannes Tschofenig; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
This is missing Simple Web Discovery, which there was substantial
support for including during the rechartering discussion in Taipei.
Considering OpenID Connect as a motivating use case for OAuth, SWD i
nd as important as the draft you mention below?
Ciao
Hannes
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of ext Nat Sakimura
Sent: Thursday, March 15, 2012 10:47 AM
To: Anthony Nadalin
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
Looks good
wrote:
> Agree contents looks good
>
> Sent from my Windows Phone
> --
> From: Igor Faynberg
> Sent: 3/14/2012 4:26 PM
> To: oauth@ietf.org
>
> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
>
> Looks good and comprehensive to me.
> -Original Message-
> From: Richer, Justin P. [mailto:jric...@mitre.org]
> Sent: Wednesday, March 14, 2012 7:51 PM
> [...] the AS-PR connection is a real and present known
> gap introduced in OAuth2 (since OAuth1 didn't even think of them as
> separate entities) and *somebody* should be
rg [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Richer, Justin P.
>> Sent: Wednesday, March 14, 2012 2:54 PM
>> To: Hannes Tschofenig
>> Cc: oauth@ietf.org WG
>> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
>>
>> Methods of connecting the PR to the AS are
Agree contents looks good
Sent from my Windows Phone
From: Igor Faynberg
Sent: 3/14/2012 4:26 PM
To: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
Looks good and comprehensive to me.
Igor
On 3/14/2012 4:21 PM, Hannes Tschofenig wrote:
> So, h
age-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Richer, Justin P.
> Sent: Wednesday, March 14, 2012 2:54 PM
> To: Hannes Tschofenig
> Cc: oauth@ietf.org WG
> Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
>
> Methods of connecting the PR t
Methods of connecting the PR to the AS are something that several groups have
invented outside of the OAuth WG, and I think we should try to pull some of
this work together. OAuth2 gives us a logical separation of the concerns but
not a way to knit them back together.
Proposals for inclusion i
ike
Jones
Sent: Wednesday, March 14, 2012 1:55 PM
To: Hannes Tschofenig; oauth@ietf.org WG
Subject: Re: [OAUTH-WG] OAuth WG Re-Chartering
This is missing Simple Web Discovery, which there was substantial support for
including during the rechartering discussion in Taipei. Considering OpenID
Co
list.
Thanks,
-- Mike
From: Hannes Tschofenig
Sent: 3/14/2012 1:21 PM
To: oauth@ietf.org WG
Subject: [OAUTH-WG] OAuth WG Re-Chartering
So, here is a proposal:
---
Web Authorization Protocol (oauth)
Description of Working Group
The Web Authorization (OAuth
gt; To: oauth@ietf.org WG
> Subject: [OAUTH-WG] OAuth WG Re-Chartering
>
> So, here is a proposal:
>
> ---
>
> Web Authorization Protocol (oauth)
>
> Description of Working Group
>
> The Web Authorization (OAuth) protocol allows a user to grant
> a third
Looks good and comprehensive to me.
Igor
On 3/14/2012 4:21 PM, Hannes Tschofenig wrote:
So, here is a proposal:
---
Web Authorization Protocol (oauth)
Description of Working Group
The Web Authorization (OAuth) protocol allows a user to grant
a third-party Web site or application access
So, here is a proposal:
---
Web Authorization Protocol (oauth)
Description of Working Group
The Web Authorization (OAuth) protocol allows a user to grant
a third-party Web site or application access to the user's protected
resources, without necessarily revealing their long-term credentials
48 matches
Mail list logo
