Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

normal for the domain. -bill > -Original Message- > From: Marius Scurtescu [mailto:mscurte...@google.com] > Sent: Wednesday, January 19, 2011 9:59 AM > To: William Mills > Cc: Eran Hammer-Lahav; OAuth WG > Subject: Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentica

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

On Wed, Jan 19, 2011 at 9:50 AM, William Mills wrote: > Yes it’s old, 1 week form expiring too.  The specs seem to be stabilizing > now so it’s worth updating.   Has there been any other discovery proposal > yet? Nothing concrete AFAIK, but for SASL we also discussed using host-meta style discove

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

discovery is pretty clean using WWW-Authenticate. From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran Hammer-Lahav Sent: Friday, January 14, 2011 10:32 PM To: OAuth WG Subject: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme One of the main pr

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran Hammer-Lahav Sent: Friday, January 14, 2011 10:32 PM To: OAuth WG Subject: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme One of the main problems with OAuth in general has always been the unsanitary m

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

oun...@ietf.org] On Behalf Of Eran Hammer-Lahav Sent: Friday, January 14, 2011 10:32 PM To: OAuth WG Subject: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme One of the main problems with OAuth in general has always been the unsanitary mix of authorization and authenticatio

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

h-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran Hammer-Lahav Sent: Friday, January 14, 2011 10:32 PM To: OAuth WG Subject: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme One of the main problems with OAuth in general has always been the unsanitary mix

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

sing WWW-Authenticate. From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran Hammer-Lahav Sent: Friday, January 14, 2011 10:32 PM To: OAuth WG Subject: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme One of the main problems with OAuth in general has al

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

>> On Jan 18, 2011, at 11:13 PM, Eran Hammer-Lahav wrote: >> >>> OAuth is an authorization protocol not an authentication protocol. With the >> exception of the client password credentials passed in the form-encoded >> body, the protocol is completely authentication agnostic for both client >> aut

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

> -Original Message- > From: Subbu Allamaraju [mailto:su...@subbu.org] > Sent: Tuesday, January 18, 2011 11:37 PM > To: Eran Hammer-Lahav > Cc: OAuth WG > Subject: Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme > > > On Jan 18, 2011,

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

On Jan 18, 2011, at 11:13 PM, Eran Hammer-Lahav wrote: > OAuth is an authorization protocol not an authentication protocol. With the > exception of the client password credentials passed in the form-encoded body, > the protocol is completely authentication agnostic for both client > authentica

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

Hi Subbu, > -Original Message- > From: Subbu Allamaraju [mailto:su...@subbu.org] > Sent: Tuesday, January 18, 2011 10:43 PM > To: Eran Hammer-Lahav > Cc: OAuth WG > Subject: Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme > > Could you clar

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

Could you clarify what the "confusing mess" part is? The cited reference [1] is not useful. It is good to adhere to the challenge-response model of 2617 for wider interoperability and discoverability (yes, WWW-Authenticate with a well-known scheme name helps discovery and lack thereof reduces p

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

etty clean using WWW-Authenticate. From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran Hammer-Lahav Sent: Friday, January 14, 2011 10:32 PM To: OAuth WG Subject: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme One of the main problems with OAuth in general has a

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

.@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran Hammer-Lahav Sent: Friday, January 14, 2011 10:32 PM To: OAuth WG Subject: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme One of the main problems with OAuth in general has always been the unsanitary mix

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

Hammer-Lahav Cc: OAuth WG Subject: Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme wouldn't that mean to drop section 6 completely? regards, Torsten. Am 15.01.2011 07:32, schrieb Eran Hammer-Lahav: One of the main problems with OAuth in general has always been the uns

Re: [OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

wouldn't that mean to drop section 6 completely? regards, Torsten. Am 15.01.2011 07:32, schrieb Eran Hammer-Lahav: One of the main problems with OAuth in general has always been the unsanitary mix of authorization and authentication ("it's an authentication protocol... authorization protocol

[OAUTH-WG] Removal: 'OAuth2' HTTP Authentication Scheme

One of the main problems with OAuth in general has always been the unsanitary mix of authorization and authentication ("it's an authentication protocol... authorization protocol... authentication protocol" [1]). It has always been a confusing mess. The work on 2.0 has provided a valuable abstrac