BEGIN:VCALENDAR PRODID:-//Research In Motion//RIM App//EN VERSION:2.0 CALSCALE:GREGORIAN METHOD:REQUEST BEGIN:VTIMEZONE TZID:Asia/Jakarta BEGIN:STANDARD DTSTART:20000101T000000 TZNAME:WIB TZOFFSETFROM:+0700 TZOFFSETTO:+0700 END:STANDARD END:VTIMEZONE BEGIN:VEVENT ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE:mailto:oauth-requ e...@ietf.org ATTENDEE;ROLE=REQ-PARTICIPANT;PARTSTAT=NEEDS-ACTION;RSVP=TRUE:mailto:oauth@ietf .org CREATED:20140803T091444Z DESCRIPTION:Send OAuth mailing list submissions to\n oauth@ietf.org\n\nT o subscribe or unsubscribe via the World Wide Web\, visit\n https://www. ietf.org/mailman/listinfo/oauth\nor\, via email\, send a message with subject o r body 'help' to\n oauth-requ...@ietf.org\n\nYou can reach the person ma naging the list at\n oauth-ow...@ietf.org\n\nWhen replying\, please edit your Subject line so it is more specific\nthan "Re: Contents of OAuth digest.. ."\n\n\nToday's Topics:\n\n 1. Bls: OAuth Digest\, Vol 69\, Issue 134 (Panca Agus Ananda)\n 2. Check out Search for Ebay for BlackBerry (Panca Agus Ananda )\n 3. (no subject) (Panca Agus Ananda)\n\n\n-------------------------------- --------------------------------------\n\nMessage: 1\nDate: Sun\, 3 Aug 2014 09 :39:20 +0700\nFrom: Panca Agus Ananda <panc...@outlook.com>\nTo: <oa...@ietf.or g>\nSubject: [OAUTH-WG] Bls: OAuth Digest\, Vol 69\, Issue 134\nMessage-ID: <BL u406-eas25e4f6a9d6d0787fc3da63a6...@phx.gbl>\nContent-Type: text/plain\; charse t="utf-8"\n\n\n\nDikirim dari ponsel cerdas BlackBerry 10 saya dengan jaringan Telkomsel.\nDari: oauth-requ...@ietf.org\nTerkirim: Rabu\, 30 Juli 2014 03.42\n Ke: oauth@ietf.org\nBalas Ke: oauth@ietf.org\nPerihal: OAuth Digest\, Vol 69\, Issue 134\n\n\nSend OAuth mailing list submissions to\n oauth@ietf.org\n \nTo subscribe or unsubscribe via the World Wide Web\, visit\n https://w ww.ietf.org/mailman/listinfo/oauth\nor\, via email\, send a message with subjec t or body 'help' to\n oauth-requ...@ietf.org\n\nYou can reach the person managing the list at\n oauth-ow...@ietf.org\n\nWhen replying\, please e dit your Subject line so it is more specific\nthan "Re: Contents of OAuth diges t..."\n\n\nToday's Topics:\n\n 1. Re: Confirmation: Call for Adoption of "OAu th Token\n Introspection" as an OAuth Working Group Item (Phil Hunt)\n\n\n ----------------------------------------------------------------------\n\nMessa ge: 1\nDate: Tue\, 29 Jul 2014 13:41:16 -0700\nFrom: Phil Hunt <phil.hunt@oracl e.com>\nTo: Justin Richer <jric...@mitre.org>\nCc: "oauth@ietf.org" <oauth@ietf .org>\nSubject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth\ n Token Introspection" as an OAuth Working Group Item\nMessage-ID: <620A f4ca-b7f7-487e-a833-3483d2b41...@oracle.com>\nContent-Type: text/plain\; charse t="utf-8"\n\nMaking everything optional achieves no benefits\, you just end up with a complex set of options and no inter op.\n\nWe had the same issue with dy n reg.\n\nI prefer to first get agreement on use case.\n\nWhat are the question s a caller can ask and what form of responses are available.\n\nShould this be limited to authz info or is this a back door for user data and wbfinger data?\n \nI would prefer to have agreement on use cases before picking a solution right now.\n\nPhil\n\n> On Jul 29\, 2014\, at 11:13\, Justin Richer <jricher@mitre.o rg> wrote:\n>\n> Agreed on this point -- which is why the only MTI bit in the i ndividual draft is "active"\, which is whether or not the token was any good to begin with. There are a set of claims with defined semantics but all are optio nal\, and the list is extensible. I think in practice we'll see people settle o n a set of common ones.\n>\n> -- Justin\n>\n>> On 07/29/2014 02:11 PM\, Bill M ills wrote:\n>> This is exactly the same problem space as webfinger\, you want to know something about a user and there's a useful set of information you migh t reasonably query\, but in the end the server may have it's own schema of data it returns. There won't be a single schema that fits all use cases\, Any give n RS/AS ecosystem may decide they have custom stuff and omit other stuff. I th ink the more rigid the MTI schema gets the harder the battle in this case.\n>>\ n>>\n>> On Tuesday\, July 29\, 2014 2:56 AM\, Paul Madsen <paul.mad...@gmail.co m> wrote:\n>>\n>>\n>> Standardized Introspection will be valuable in NAPPS\, wh ere the AS and RS may be in different policy domains.\n>>\n>> Even for single p olicy domains\, there are enterprise scenarios where the RS is from a different vendor than the AS\, such as when an API gateway validates tokens issued by an 'IdP' . We've necessarily defined our own introspection endpoint and our gatew ay partners have implemented it\, (at the instruction of the customer in questi on). But of course it's proprietary to us.\n>>\n>> Paul\n>>\n>> On Jul 28\, 201 4\, at 8:59 PM\, Phil Hunt <phil.h...@oracle.com> wrote:\n>>\n>>> That doesn?t explain the need for inter-operability. What you?ve described is what will be c ommon practice.\n>>>\n>>> It?s a great open source technique\, but that?s not a standard.\n>>>\n>>> JWT is much different. JWT is a foundational specification that describes the construction and parsing of JSON based tokens. There is int er-op with token formats that build on top and there is inter-op between every communicating party.\n>>>\n>>> In OAuth\, a site may never implement token intr ospection nor may it do it the way you describe. Why would that be a problem? Why should the group spend time on something where there may be no inter-op ne ed.\n>>>\n>>> Now that said\, if you are in the UMA community. Inter-op is qui te foundational. It is very very important. But then maybe the spec should be defined within UMA?\n>>>\n>>> Phil\n>>>\n>>> @independentid\n>>> www.independen tid.com\n>>> phil.h...@oracle.com\n>>>\n>>>\n>>>\n>>>> On Jul 28\, 2014\, at 5: 39 PM\, Justin Richer <jric...@mit.edu> wrote:\ n>>>>\n>>>> It's analogous to JWT in many ways: when you've got the AS and the RS separated somehow (different box\, different domain\, even different softwar e vendor) and you need to communicate a set of information about the approval d elegation from the AS (who has the context to know about it) through to the RS (who needs to know about it to make the authorization call). JWT gives us an in teroperable way to do this by passing values inside the token itself\, introspe ction gives a way to pass the values by reference via the token as an artifact. The two are complementary\, and there are even cases where you'd want to deplo y them together.\n>>>>\n>>>> -- Justin\n>>>>\n>>>>> On 7/28/2014 8:11 PM\, Phi l Hunt wrote:\n>>>>> Could we have some discussion on the interop cases?\n>>>>> \n>>>>> Is it driven by scenarios where AS and resource are separate domains? O r may this be only of interest to specific protocols like UMA?\n>>>>>\n>>>>> Fr om a technique principle\, the draft is important and sound. I am just not ther e yet on the reasons for an interoperable standard.\n>>>>>\n>>>>> Phil\n>>>>>\n >>>>> On Jul 28\, 2014\, at 17:00\, Thomas Broyer <t.bro...@gmail.com> wrote:\n >>>>>\n>>>>>> Yes. This spec is of special interest to the platform we're build ing for http://www.oasis-eu.org/\n>>>>>>\n>>>>>>\n>>>>>> On Mon\, Jul 28\, 2014 at 7:33 PM\, Hannes Tschofenig <hannes.tschofe...@gmx.net> wrote:\n>>>>>> Hi a ll\,\n>>>>>>\n>>>>>> during the IETF #90 OAuth WG meeting\, there was strong co nsensus in\n>>>>>> adopting the "OAuth Token Introspection"\n>>>>>> (draft-rich er-oauth-introspection-06.txt) specification as an OAuth WG\n>>>>>> work item.\ n>>>>>>\n>>>>>> We would now like to verify the outcome of this call for adopti on on the\n>>>>>> OAuth WG mailing list. Here is the link to the document:\n>>> >>> http://datatracker.ietf.org/doc/draft-richer-oauth-introspection/\n>>>>>>\n >>>>>> If you did not hum at the IETF 90 OAuth WG meeting\ , and have an opinion\n>>>>>> as to the suitability of adopting this document as a WG work item\,\n>>>>>> please send mail to the OAuth WG list indicating your opinion (Yes/No).\n>>>>>>\n>>>> >> The confirmation call for adoption will last until August 10\, 2014. If\n>> >>>> you have issues/edits/comments on the document\, please send these\n>>>>>> comments along to the list in your response to this Call for Adoption.\n>>>>>> \n>>>>>> Ciao\n>>>>>> Hannes & Derek\n>>>>>>\n>>>>>>\n>>>>>> __________________ _____________________________\n>>>>>> OAuth mailing list\n>>>>>> OAuth@ietf.org \n>>>>>> https://www.ietf.org/mailman/listinfo/oauth\n>>>>>>\n>>>>>>\n>>>>>>\n> >>>>>\n>>>>>> --\n>>>>>> Thomas Broyer\n>>>>>> /t?.ma.b?wa.je/\n>>>>>> ________ _______________________________________\n>>>>>> OAuth mailing list\n>>>>>> OAut h...@ietf.org\n>>>>>> https://www.ietf.org/mailman/listinfo/oauth\n>>>>>\n>>>>>\n> >>>> _______________________________________________\n>>>>> OAuth mailing list\ n>>>>> OAuth@ietf.org\n>>>>> https://www.ietf.org/mailman/listinfo/oauth\n>>>>\ n>>>> _______________________________________________\n>>>> OAuth mailing list\ n>>>> OAuth@ietf.org\n>>>> https://www.ietf.org/mailman/listinfo/oauth\n>>> ___ ____________________________________________\n>>> OAuth mailing list\n>>> OAuth @ietf.org\n>>> https://www.ietf.org/mailman/listinfo/oauth\n>>\n>> ____________ ___________________________________\n>> OAuth mailing list\n>> OAuth@ietf.org\n >> https://www.ietf.org/mailman/listinfo/oauth\n>>\n>>\n>>\n>>\n>> ____________ ___________________________________\n>> OAuth mailing list\n>> OAuth@ietf.org\n >> https://www.ietf.org/mailman/listinfo/oauth\n>\n-------------- next part --- -----------\nAn HTML attachment was scrubbed...\nURL: <http://www.ietf.org/mail -archive/web/oauth/attachments/20140729/a437e374/attachment.html>\n\n---------- --------------------\n\nSubject: Digest Footer\n\n_____________________________ __________________\nOAuth mailing list\noa...@ietf.org\nhttps://www.ietf.org/ma ilman/listinfo/oauth\n\n\n------------------------------\n\nEnd of OAuth Digest \, Vol 69\, Issue 134\n**************************************\n-------------- n ext part --------------\nAn HTML attachment was scrubbed...\nURL: <http://www.i etf.org/mail-archive/web/oauth/attachments/20140803/c6ce578f/attachment.html>\n \n------------------------------\n\nMessage: 2\nDate: Sun\, 3 Aug 2014 13:33:56 +0700\nFrom: Panca Agus Ananda <panc...@outlook.com>\nTo: oauth-request@ietf.o rg\, oauth@ietf.org\nSubject: [OAUTH-WG] Check out Search for Ebay for BlackBer ry\nMessage-ID: <blu406-eas19b8940435c09725eb3020a6...@phx.gbl>\nContent-Type: text/plain\; charset="us-ascii"\n\nAn HTML attachment was scrubbed...\nURL: <ht tp://www.ietf.org/mail-archive/web/oauth/attachments/20140803/b9829b72/attachme nt.html>\n\n------------------------------\n\nMessage: 3\nDate: Sun\, 3 Aug 201 4 16:12:09 +0700\nFrom: Panca Agus Ananda <panc...@outlook.com>\nTo: OAuth@ietf .org\nSubject: [OAUTH-WG] (no subject)\nMessage-ID: <BLU406-EAS24761A8E1E8BA396 8366f52a6...@phx.gbl>\nContent-Type: text/plain\; charset="us-ascii"\n\nAn HTML attachment was scrubbed...\nURL: <http://www.ietf.org/mail-archive/web/oauth/a ttachments/20140803/d01ce031/attachment.html>\n\n------------------------------ \n\nSubject: Digest Footer\n\n_______________________________________________\n OAuth mailing list\noa...@ietf.org\nhttps://www.ietf.org/mailman/listinfo/oauth \n\n\n------------------------------\n\nEnd of OAuth Digest\, Vol 70\, Issue 1\ n************************************ DTEND;TZID=Asia/Jakarta:20140804T100000 DTSTAMP:20140803T091444Z DTSTART;TZID=Asia/Jakarta:20140804T090000 ORGANIZER:mailto:panc...@outlook.com SEQUENCE:0 STATUS:CONFIRMED SUMMARY:OAuth Digest\, Vol 70\, Issue 1 TRANSP:OPAQUE UID:9b57ff64-1aee-11e4-ac33-bde6800c178d BEGIN:VALARM ACTION:DISPLAY DESCRIPTION:OAuth Digest, Vol 70, Issue 1 in 15 minutes. TRIGGER;RELATED=START:-PT15M END:VALARM END:VEVENT END:VCALENDAR
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth