Hannes
I would like to propose a brief presentation on "events". While this might not
end up being oauth wg activity, I think a lot of attendees may be interested.
We might make this one of those if we have time topics.
Phil
> On Jan 15, 2016, at 12:15, Hannes Tschofenig
> wrote:
>
> Hi B
Hi Barry,
as discussed today I am forwarding you the new charter text for the
OAuth working group.
In parallel to the IESG processing this re-chartering request we will
run a call for adoption to also update the milestone list at the same time.
Ciao
Hannes & Derek
--
Ch
Hi Stephen, Hi IESG secretary,
Derek and myself would like to submit the updated OAuth charter to the IESG.
Please find it below.
Ciao
Hannes
--
Web Authorization Protocol (oauth)
Description of Working Group
The Web Authorization (OAuth) protocol allows a user to grant
a third-party W
t; Cc: OAuth WG; Dan Taflin
> Subject: Re: [OAUTH-WG] Rechartering
>
> That's a whole different issue as this is about talking to a single server
> retuning two tokens with different scopes.
>
> EHL
>
>
> From: Dick Hardt [dic
>>> parameters only. Alternatively, the JSON request style could be adopted as
>>> part of OAuth. Then, the URI request parameters could be omitted.
>>>
>>> regards,
>>> Torsten.
>>> Gesendet mit BlackBerry® Webmail von Teleko
Sakimura; OAuth WG
*Subject: *Re: [OAUTH-WG] Rechartering JSON based request.
Hopefully to make it more compatible with existing OAuth 2 libraries.
At least leave open the possibility of dealing with it at a higher
level.
The argument has been made that you probably need to modify the
; Dan Taflin
Subject: Re: [OAUTH-WG] Rechartering
That's a whole different issue as this is about talking to a single server
retuning two tokens with different scopes.
EHL
From: Dick Hardt [dick.ha...@gmail.com]
Sent: Saturday, October 29, 2011 12:07
th WG
Subject: Re: [OAUTH-WG] Rechartering
What if the access tokens come from different authoritative servers?
On Oct 26, 2011, at 9:15 AM, Eran Hammer-Lahav wrote:
> Why not just ask for one access token with all the scopes you need, then
> refresh it by asking for the different subse
go with the more secure MAC token in all cases, but it's probably
> worth noting how to do this.
>
> -bill
> From: Dick Hardt
> To: Eran Hammer-Lahav
> Cc: OAuth WG ; Dan Taflin
> Sent: Saturday, October 29, 2011 12:07 AM
> Subject: Re: [OAUTH-WG] Rechartering
&g
Cc: OAuth WG ; Dan Taflin
Sent: Saturday, October 29, 2011 12:07 AM
Subject: Re: [OAUTH-WG] Rechartering
What if the access tokens come from different authoritative servers?
On Oct 26, 2011, at 9:15 AM, Eran Hammer-Lahav wrote:
> Why not just ask for one access token with all the scopes you n
-Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Dan Taflin
>> Sent: Tuesday, October 25, 2011 3:37 PM
>> To: OAuth WG
>> Subject: Re: [OAUTH-WG] Rechartering
>>
>> I would like to second Torsten'
27 Oct 2011 13:52:31 -0300
> *To: *Torsten Lodderstedt
> *Cc: *Nat Sakimura ; OAuth WG
>
> *Subject: *Re: [OAUTH-WG] Rechartering JSON based request.
>
> Hopefully to make it more compatible with existing OAuth 2 libraries.
> At least leave open the possibility of dealing with it
-0300
*To: *Torsten Lodderstedt
*Cc: *Nat Sakimura; OAuth WG
*Subject: *Re: [OAUTH-WG] Rechartering JSON based request.
Hopefully to make it more compatible with existing OAuth 2 libraries.
At least leave open the possibility of dealing with it at a higher
level.
The argument has been made
th-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
> Phil Hunt
> Sent: Thursday, October 27, 2011 10:49 AM
> To: tors...@lodderstedt.net
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering JSON based request.
>
> John,
>
> What is the reason behind havin
] On Behalf Of Phil
Hunt
Sent: Thursday, October 27, 2011 10:49 AM
To: tors...@lodderstedt.net
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering JSON based request.
John,
What is the reason behind having a separate ID_Token from the access Token? I
understand the tokens are used to retrieve d
omitted.
>
> regards,
> Torsten.
> Gesendet mit BlackBerry® Webmail von Telekom Deutschland
>
> From: John Bradley
> Date: Thu, 27 Oct 2011 13:52:31 -0300
> To: Torsten Lodderstedt
> Cc: Nat Sakimura; OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering JSON based request.
>
-WG] Rechartering JSON based request.
Hopefully to make it more compatible with existing OAuth 2 libraries.At
least leave open the possibility of dealing with it at a higher level.
The argument has been made that you probably need to modify the library anyway
to check that the duplicate
Hopefully to make it more compatible with existing OAuth 2 libraries.At
least leave open the possibility of dealing with it at a higher level.
The argument has been made that you probably need to modify the library anyway
to check that the duplicate parameters are a match.
If there is conse
Many thanks for pointing this! It is *absolutely* (not "probably")
worth studying.
Igor
On 10/26/2011 6:31 PM, John Bradley wrote:
Nat and I just refreshed the I-D for draft-sakimura-oauth-requrl.
It is essentially a standardization of the method we are using in
openID Connect to make sign
On 10/26/2011 6:31 PM, John Bradley wrote:
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
why is it neccessary to duplicate the OAuth request parameters?
Am 27.10.2011 00:31, schrieb John Bradley:
Nat and I just refreshed the I-D for draft-sakimura-oauth-requrl.
It is essentially a standardization of the method we are using in
openID Connect to make signed requests to the Authoriz
ed, then
> refresh it by asking for the different subsets you want.
>
> EHL
>
>> -Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Dan Taflin
>> Sent: Tuesday, October 25, 2011 3:37 PM
>> To: OAuth WG
>
Nat and I just refreshed the I-D for draft-sakimura-oauth-requrl.
It is essentially a standardization of the method we are using in openID
Connect to make signed requests to the Authorization server.
We do have the issue that parameters in the signed/encrypted request
necessarily duplicate the
HI Torsten,
I and John just refreshed the I-D to be more in-line with what we do with
OpenID Connect.
http://tools.ietf.org/html/draft-sakimura-oauth-requrl-01
As you point out, this would solve the duplication / non-standard behavior
that OpenID Connect requires.
Cheers,
Nat
On Thu, Oct 27,
Dan
-Original Message-
From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net
<mailto:tors...@lodderstedt.net>]
Sent: Thursday, October 20, 2011 3:57 PM
To: Hannes Tschofenig
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
Hi all,
my prioritiza
Hi Nat,
I think your proposal would be a useful OAuth enhancement. A JSON-based
request format would allow for more complex requests (e.g. carrying
resource server URLs and corresponding scope values ;-)).
Please note: I also think the way this mechanism is introduced and used
in the current
2011 3:37 PM
> To: OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering
>
> I would like to second Torsten's pitch for the ability to return multiple
> access
> tokens with a single authorization process. The use case for my company is to
> segment operations into two main cate
relaxed somewhat.
>
> ** **
>
> Dan
>
> ** **
>
> *From:* Dave Rochwerger [mailto:da...@quizlet.com]
> *Sent:* Tuesday, October 25, 2011 4:08 PM
> *To:* Dan Taflin
>
> *Cc:* OAuth WG
> *Subject:* Re: [OAUTH-WG] Rechartering
>
> ** **
>
> Is sepa
earer token implementations. I
would like to see this relaxed somewhat.
Dan
From: Dave Rochwerger [mailto:da...@quizlet.com]
Sent: Tuesday, October 25, 2011 4:08 PM
To: Dan Taflin
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
Is separating this out into 2 different tokens, really the best wa
but there is no
> way to obtain a new token with a completely different scope without doing
> the full oauth dance a second time.
>
> Dan
>
> -Original Message-
> From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
> Sent: Thursday, October 20, 2011 3:57 PM
&g
Original Message-
From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
Sent: Thursday, October 20, 2011 3:57 PM
To: Hannes Tschofenig
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
Hi all,
my prioritization is driven by the goal to make OAuth the
authorization framework of ch
Hi Torsten et al.,
Prioritizing new work items based on an overarching goal seems like a good
idea. If Torsten's goal of making OAuth "the authorization framework of choice
for any internet protocol" is more widely shared, it gives a useful basis for
assessing the proposals consistently. I thin
Hi.
Just a clarification:
Although my expired draft is 'request by reference', what was proposed
through it at the iiw really is a generalized JSON based claim request
capability. It could be passed by value as JSON or could be passed by
reference. The later is an optimization for bandwidth const
Hi all,
my prioritization is driven by the goal to make OAuth the
authorization framework of choice for any internet standard protocol,
such as WebDAV, IMAP, SMTP or SIP. So let me first explain what is
missing from my point of view and explain some thoughts how to fill
the gaps.
A stan
I agree.
To this end, are we going to have a rechartering discussion? I would
very much support that. We have a number of things waiting, discovery
being one of them.
Igor
On 10/20/2011 1:18 PM, Hannes Tschofenig wrote:
the past that the JSON signature& encryption work would go into JOES
Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Mike Jones
>> Sent: Thursday, October 20, 2011 12:12 PM
>> To: Hannes Tschofenig; OAuth WG
>> Subject: Re: [OAUTH-WG] Rechartering
>>
>> Thanks, Hannes. Here's m
PM
> To: Eran Hammer-Lahav; Hannes Tschofenig; OAuth WG
> Subject: RE: [OAUTH-WG] Rechartering
>
> Because it's intended for (and used for) discovery of OAuth endpoints...
>
> -Original Message-
> From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
> Sent: Thu
Because it's intended for (and used for) discovery of OAuth endpoints...
-Original Message-
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Thursday, October 20, 2011 12:42 PM
To: Mike Jones; Hannes Tschofenig; OAuth WG
Subject: RE: [OAUTH-WG] Rechartering
What pos
nnes Tschofenig; OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering
>
> Thanks, Hannes. Here's my prioritized list of new work:
>
> 1. JSON Web Token (JWT)
> 2. Simple Web Discovery (SWD)
> 3. JSON Web Token (JWT) Bearer Token Profile
> 4. Token Revocation
>
ID Connect to discover OAuth
authorization and resource server endpoints.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Hannes Tschofenig
Sent: Wednesday, October 19, 2011 10:09 PM
To: OAuth WG
Subject:
t; Sent: Thursday, October 20, 2011 9:31 AM
> To: Barry Leiba; OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering
>
> I think it will be true that the whole working group won't be focusing on all
> documents at the same time, much in the same way that different subsets of
> ou
t; Cc: OAuth WG; Barry Leiba
> Subject: Re: [OAUTH-WG] Rechartering
>
> Certainly not everyone needs to pay attention to everything. We are,
> however, trying to determine whether there is a critical mass of interested
> persons for a given item in terms of reviews, document authors,
&
up we can handle many of these smaller items.
>
> -- Justin
>
> From: oauth-boun...@ietf.org [oauth-boun...@ietf.org] on behalf of Barry
> Leiba [barryle...@computer.org]
> Sent: Thursday, October 20, 2011 12:05 PM
> To: OAuth WG
> Subject: Re: [OAUTH-WG] Recharterin
arry Leiba
[barryle...@computer.org]
Sent: Thursday, October 20, 2011 12:05 PM
To: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
> do we have the band width to work on all these items, as some are
> big and some are fairly small and contained. May have to have some
> prioritized list of where
> do we have the band width to work on all these items, as some are
> big and some are fairly small and contained. May have to have some
> prioritized list of where people think these fit.
Yes, exactly. And one of the things we'd like to hear from all of you
is what your priorities are... how you
these fit.
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Hannes Tschofenig
Sent: Wednesday, October 19, 2011 10:09 PM
To: OAuth WG
Subject: [OAUTH-WG] Rechartering
Hi all,
in preparation of the upcoming IETF meeting Barry and I would like to
latest version includes a JSON flavor which makes
this work redundant.
EHL
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Hannes Tschofenig
> Sent: Wednesday, October 19, 2011 10:09 PM
> To: OAuth WG
> Subject: [O
Hi all,
in preparation of the upcoming IETF meeting Barry and I would like to start a
re-chartering discussion. We both are currently attending the Internet
Identity Workshop and so we had the chance to solicit input from the
participants. This should serve as a discussion starter.
Potentia
Hi Torsten
Yes, I can contribute. Will email you directly to follow up
Regards
Mark McGloin
Torsten Lodderstedt
14/09/2010 17:01
I plan to work on that aspect. Do you (or someone else) want to contribute?
regards,
Torsten.
Am 14.09.2010 um 17:18 schrieb Mark Mcgloin :
> What about Secur
On 9/13/10 8:24 PM, Thomas Hardjono wrote:
> Hannes,
>
> I strongly believe that SAML support in Outh2.0 and "SAML-interoperability"
> is crucial in getting Oauth accepted and deployed in high-assurance
> (high-value) environments (eg. government, financials).
+1.
> As such, if its ok with Bria
Dynamic authz server discovery and client registration would be needed in
OAuth-based identity management. But I would submit that they're needed even
apart from it (since I've got that need), and so should be specified modularly,
with the identity management piece pointing to it (if it wants t
I plan to work on that aspect. Do you (or someone else) want to contribute?
regards,
Torsten.
Am 14.09.2010 um 17:18 schrieb Mark Mcgloin :
> What about Security Considerations. I know some individuals have worked on
> it in the past - does it need a WG to complete
>
>
> Mark McGloin
>
> Han
What about Security Considerations. I know some individuals have worked on
it in the past - does it need a WG to complete
Mark McGloin
Hannes Tschofenig
Sent by: oauth-boun...@ietf.org
12/09/2010 00:59
Hi all,
at the Washington Internet Identity Workshop we had the chance to chat
about OAu
> Third, I think the implementers guide is absolutely essential.
> (Interestingly enough, the discussion of white spaces vs. commas in
> yesterday's thread has effectively started this work.) In my opinion,
> this item must be carried in parallel with others. I wonder if this
> should be tied
Hannes,
Many thanks for putting this together.
First, I strongly believe that the work that had already been identified
important and had started needs to be finished, and to this end I
consider the item that Torsten had brought forth, on *token revocation*,
to be of the highest priority. We
___
>
>> -Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Hannes Tschofenig
>> Sent: Saturday, September 11, 2010 8:00 PM
>> To: oauth@ietf.org
>> Subject: [OAUTH-WG] Rechartering
>>
>
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Hannes Tschofenig
> Sent: Saturday, September 11, 2010 8:00 PM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] Rechartering
>
> Hi all,
>
> at the Washington Internet Identity Workshop we had the
Hi!
2010/9/12 David Recordon
> I'd like to see us finish Core before considering re-chartering. :)
>
> But to your original question. I'm interested in the UX extension (said I'd
> edit), device flow (said I'd edit), and the OpenID Connect work which
> encompasses dynamic registration and likely
Hannes,
what about discovery?
"Recommendations of commonly used Scope values" sounds to weak from my
point of view. I would rather suggest to work towards a clear definition
of scope syntax and semantics, including resource server identification.
Please note, I submitted a I-D on token revo
I'd like to see us finish Core before considering re-chartering. :)
But to your original question. I'm interested in the UX extension (said I'd
edit), device flow (said I'd edit), and the OpenID Connect work which
encompasses dynamic registration and likely artifact binding (also editing
but outsi
I forgot an item already, namely 'identity management using OAuth' in
the style of OpenID Connect.
At IIW we also had a chat about an implementers guide and
interoperability tests. The idea of the implementers guide is create a
living document that captures implementation experience with diffe
Hi all,
at the Washington Internet Identity Workshop we had the chance to chat
about OAuth. Given the progress on the main specification we should
discuss WG re-chartering.
The following items had been proposed at the meeting:
* Messaging Signing
Example: http://www.ietf.org/mail-archive/web
62 matches
Mail list logo
