-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Some news from IETF 75...
- -------- Original Message -------- Subject: [OAUTH-WG] Breakfast BoF minutes Date: Wed, 29 Jul 2009 08:50:02 +0200 From: Peter Saint-Andre <stpe...@stpeter.im> To: oa...@ietf.org <oa...@ietf.org> We just finished an OAuth breakfast Bof at IETF 75. Here are the topics we discussed, in no particular order. Various folks at the meeting volunteered to start separate threads about some of these. 1. OAuth for delegation. Currently the spec addresses only single-layer delegation ("three-legged") and is silent about multi-layer delegation. If we don't define this in a standard way, different people will find different, non-standard ways to do it. We need to gather use cases and work on specifying it. 2. Non-WWW use cases. Let's gather these (shared calendaring, XMPP chatroom ownership, exchange of app-level blobs, etc.). 3. OAuth for authentication. In this case, OAuth could be used to replace DIGEST for authn. It's possible that SCRAM could be used as a signing method. The group also talked about defining various related SASL mechanisms (SAML, OpenID, OAuth). 4. Channel bindings. There are similarities here to HTTPS/DIGEST (Leif Johansson mentioned an expired I-D about this and volunteered to post to the list). 5. Attribute extensions. Could we use OAuth for transporting existing SAML formats? 6. Split off the header signing aspects of OAuth, or at least call that out more clearly in the spec? Someone at the BoF likened this to "DKIM for the Web". 7. The spec is not designed to be profiled and extended. Is this OK? 8. Do callbacks need to be forward-ported to the I-D? 9. Discussion redirects. Currently most folks still take their items to the googlegroups list. That's fine, but going forward we would like to use the WG list for topics related to the core specifications. If you were at the BoF and see errors in what I've reported, please post in reply. Thanks! Peter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpwD90ACgkQNL8k5A2w/vxD7wCgyweZFXLPvVrrIH61g3JpNUa1 VdUAnRG52UQleYkEFP9Q2FGRTrCRkN2j =+lAc -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---