Call me asap to discuss what this means. 512-770-3800 Jerry Louis Leyendecker, Living Soul
On Tue, Jan 26, 2021, 2:02 PM <oauth-requ...@ietf.org> wrote: > Send OAuth mailing list submissions to > oauth@ietf.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.ietf.org/mailman/listinfo/oauth > or, via email, send a message with subject or body 'help' to > oauth-requ...@ietf.org > > You can reach the person managing the list at > oauth-ow...@ietf.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of OAuth digest..." > > > Today's Topics: > > 1. Re: November Interim meeting on WebID/IsLoggedIn followup > (Sam Goto) > 2. Last Call: <draft-ietf-oauth-access-token-jwt-11.txt> (JSON > Web Token (JWT) Profile for OAuth 2.0 Access Tokens) to Proposed > Standard (The IESG) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 25 Jan 2021 15:09:33 -0800 > From: Sam Goto <g...@google.com> > To: Vittorio Bertocci <vittorio.bertocci=40auth0....@dmarc.ietf.org> > Cc: "oauth@ietf.org" <oauth@ietf.org> > Subject: Re: [OAUTH-WG] November Interim meeting on WebID/IsLoggedIn > followup > Message-ID: > <CAMtUnc6hOz74NQwAuPbMYBaq-gSr48h0iGPs8oAVcDggQ9E= > u...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > On Fri, Jan 22, 2021 at 11:30 AM Vittorio Bertocci <vittorio.bertocci= > 40auth0....@dmarc.ietf.org> wrote: > > > Dear all, > > > > This is a followup on the actions we agreed upon during the November > > interim meeting in November (notes in > > > https://datatracker.ietf.org/meeting/interim-2020-oauth-12/materials/minutes-interim-2020-oauth-12-202011021200-00 > ). > > Apologies for the delay. > > > > The TL;DR is that we decided it might be useful to put together a > document > > that describes the identity scenarios relying on current browser features > > and that we?d like to preserve. > > > > Such document should help grounding discussions with browser vendors by > > making it easy to pinpoint how specific changes might impair > functionality > > in important scenarios, and what functionality we are trying to preserve > > (in case the new browser feature can offer alternate path to the same > > outcomes). > > > > > > > > Tackling on all the possible scenarios is too big a task for George and > > myself alone, hence we devised a proposed mechanism to generate and > > maintain that list collaboratively. > > > > You can find a framing proposal in > > > https://datatracker.ietf.org/doc/html/draft-bertocci-identity-in-browser-00 > , > > and the github repo workspace https://github.com/IDBrowserUseCases/docs. > > Thanks to Daniel and Torsten for their help on figuring out how to use > > mmark to write internet drafts. > > > > > > > > We do have a list of candidate scenarios, but before going too deep in it > > we wanted to give the group the chance to take a look at the model and > get > > your feedback before we charge down that path. This is a pretty unusual > > collaboration model and getting it to work might be tricky. > > > > Please let us know what you think! > > > > Thanks Vittorio for kicking this off and I just wanted to stop by and say > that this seems like a wonderful starting point. I read your introduction > (which I think has done a great job in capturing the intent), your > template, and your initial test use case and I think this is a great > starting point. > > More specifically: > > - I really like how you are positioning this effort. > - I really like the section on scoping > < > https://datatracker.ietf.org/doc/html/draft-bertocci-identity-in-browser-00#section-1.1 > >, > primarily on what not to cover: any scenario not currently in mainstream. I > know this is an over categorization, and I don't believe this was your > intent, but just for clarification, we would welcome scenarios under > "consumers" , "EDU" in addition to "enterprises" (I get the irony of the > section above "classifying most other cases as enterprise use cases hence > solvable by exceptions and local business policies" -- point taken). > - The template > < > https://datatracker.ietf.org/doc/html/draft-bertocci-identity-in-browser-00#section-4 > > > LGTM. There is a chance it will evolve as we write more and we read more, > but this is a good starting point. Here are a few ways that I think this > could evolve: > - perhaps a section with "Possible > technologies/announcements/APIs/features that may pose a risk to this > scenario" would be constructive to indicate "X (use case) breaks with Y > (browser API)". > - I have a sense that we would want to extend/break down "Privacy > Considerations". One way to make this more concrete, is possibly to > cross-reference one of the privacy threat models (e.g. ours is here: > Privacy > Threat Model > <https://github.com/WICG/WebID/blob/master/privacy_threat_model.md>) so > that we can collect something like "X (use case) conflicts with Y (privacy > threat)". Cross-referencing the threat model will also be useful in giving > you a sense of the threats we are set to address too. > > I'll be watching the repository and looking forward to hearing from you, > > Thanks again, > > Sam > > > > > > Cheers > > > > G&V > > > > > > > > > > _______________________________________________ > > OAuth mailing list > > OAuth@ietf.org > > https://www.ietf.org/mailman/listinfo/oauth > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://mailarchive.ietf.org/arch/browse/oauth/attachments/20210125/f7ca7c74/attachment.htm > > > > ------------------------------ > > Message: 2 > Date: Tue, 26 Jan 2021 07:20:20 -0800 > From: The IESG <iesg-secret...@ietf.org> > To: "IETF-Announce" <ietf-annou...@ietf.org> > Cc: Hannes Tschofenig <hannes.tschofe...@arm.com>, > draft-ietf-oauth-access-token-...@ietf.org, > hannes.tschofe...@arm.com, > oauth-cha...@ietf.org, oauth@ietf.org, r...@cert.org > Subject: [OAUTH-WG] Last Call: > <draft-ietf-oauth-access-token-jwt-11.txt> (JSON Web Token (JWT) > Profile for OAuth 2.0 Access Tokens) to Proposed Standard > Message-ID: <161167442045.17170.14968771117405387...@ietfa.amsl.com> > Content-Type: text/plain; charset="utf-8" > > > The IESG has received a request from the Web Authorization Protocol WG > (oauth) to consider the following document: - 'JSON Web Token (JWT) Profile > for OAuth 2.0 Access Tokens' > <draft-ietf-oauth-access-token-jwt-11.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > last-c...@ietf.org mailing lists by 2021-02-09. Exceptionally, comments > may > be sent to i...@ietf.org instead. In either case, please retain the > beginning > of the Subject line to allow automated sorting. > > Abstract > > > This specification defines a profile for issuing OAuth 2.0 access > tokens in JSON web token (JWT) format. Authorization servers and > resource servers from different vendors can leverage this profile to > issue and consume access tokens in interoperable manner. > > > > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-oauth-access-token-jwt/ > > > > No IPR declarations have been submitted directly on this I-D. > > > > > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > ------------------------------ > > End of OAuth Digest, Vol 147, Issue 13 > ************************************** >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
