Re: [OAUTH-WG] Confirmation: Call for Adoption of "Request by JWS ver.1.0 for OAuth 2.0" as an OAuth Working Group Item

[George Fletcher]

Yes for me as well

On 7/28/14, 1:33 PM, Hannes Tschofenig wrote:

Hi all,

during the IETF #90 OAuth WG meeting, there was strong consensus in
adopting the " Request by JWS ver.1.0 for OAuth 2.0"
(draft-sakimura-oauth-requrl-05.txt) specification as an OAuth WG work
item.

We would now like to verify the outcome of this call for adoption on the
OAuth WG mailing list. Here is the link to the document:
http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/

If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion
as to the suitability of adopting this document as a WG work item,
please send mail to the OAuth WG list indicating your opinion (Yes/No).

The confirmation call for adoption will last until August 10, 2014.  If
you have issues/edits/comments on the document, please send these
comments along to the list in your response to this Call for Adoption.

Ciao
Hannes & Derek



___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--
George Fletcher 
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Confirmation: Call for Adoption of "Request by JWS ver.1.0 for OAuth 2.0" as an OAuth Working Group Item

[hdknr hidelafoglia]

Yes


2014-07-29 2:33 GMT+09:00 Hannes Tschofenig :

> Hi all,
>
> during the IETF #90 OAuth WG meeting, there was strong consensus in
> adopting the " Request by JWS ver.1.0 for OAuth 2.0"
> (draft-sakimura-oauth-requrl-05.txt) specification as an OAuth WG work
> item.
>
> We would now like to verify the outcome of this call for adoption on the
> OAuth WG mailing list. Here is the link to the document:
> http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/
>
> If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion
> as to the suitability of adopting this document as a WG work item,
> please send mail to the OAuth WG list indicating your opinion (Yes/No).
>
> The confirmation call for adoption will last until August 10, 2014.  If
> you have issues/edits/comments on the document, please send these
> comments along to the list in your response to this Call for Adoption.
>
> Ciao
> Hannes & Derek
>
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Confirmation: Call for Adoption of "Request by JWS ver.1.0 for OAuth 2.0" as an OAuth Working Group Item

[Brian Campbell]

Yes (sorry I'm a little late with this one)


On Mon, Jul 28, 2014 at 11:33 AM, Hannes Tschofenig <
hannes.tschofe...@gmx.net> wrote:

> Hi all,
>
> during the IETF #90 OAuth WG meeting, there was strong consensus in
> adopting the " Request by JWS ver.1.0 for OAuth 2.0"
> (draft-sakimura-oauth-requrl-05.txt) specification as an OAuth WG work
> item.
>
> We would now like to verify the outcome of this call for adoption on the
> OAuth WG mailing list. Here is the link to the document:
> http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/
>
> If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion
> as to the suitability of adopting this document as a WG work item,
> please send mail to the OAuth WG list indicating your opinion (Yes/No).
>
> The confirmation call for adoption will last until August 10, 2014.  If
> you have issues/edits/comments on the document, please send these
> comments along to the list in your response to this Call for Adoption.
>
> Ciao
> Hannes & Derek
>
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item

[Anthony Nadalin]

I read the draft and just don’t get it, it overloads some of the basic 
semantics, I’m not quite sure you get the concept of token exchange, has what 
you described been deployed ? or even built ?

From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Brian Campbell
Sent: Monday, August 11, 2014 7:42 AM
To: Mike Jones
Cc: oauth-cha...@tools.ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token 
Exchange" as an OAuth Working Group Item

I'd be okay with that as a way forward. Frankly, of course, I'd prefer to see 
draft-campbell-oauth-sts as the starting point with Mike and the other 
draft-jones-oauth-token-exchange authors added as co-authors. Regardless, there 
are elements from both that likely need to end up in the final work so a 
consolidation of authors and concepts makes sense.
And yes, there are lots of details that the working group will need to decide 
on going forward that we shouldn't get hung up on right now. Though I believe 
that deciding if the token endpoint is used for general token exchange is an 
important philosophical question that should be answered first. If the token 
endpoint is to be used, I strongly belie that this token exchange should 
leverage and work within the constructs provided and defined by OAuth. That's 
the direction I took with draft-campbell-oauth-sts and yes that involves 
overloading the access_token response parameter with something that's not 
always strictly an access token. The existing token endpoint request/response 
are already rather close to what one might expect in an STS type exchange. I 
find there's a nice elegant simplicity to it but I also see where that 
discomfort might come from. If there's consensus to not use/overload the 
existing stuff, I think it'd be much more appropriate to define a new endpoint. 
A lot of syntactic stuff likely falls out from that decision.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item

[Hannes Tschofenig]

Hi Brian,

we should definitely take your work into account and I recall some other
drafts on the same subject being published some time ago as well.

Adding more co-authors to this working group item makes a lot of sense
to me.

Ciao
Hannes


On 08/11/2014 04:42 PM, Brian Campbell wrote:
> I'd be okay with that as a way forward. Frankly, of course, I'd prefer
> to see draft-campbell-oauth-sts as the starting point with Mike and the
> other draft-jones-oauth-token-exchange authors added as co-authors.
> Regardless, there are elements from both that likely need to end up in
> the final work so a consolidation of authors and concepts makes sense.
> 
> And yes, there are lots of details that the working group will need to
> decide on going forward that we shouldn't get hung up on right now.
> Though I believe that deciding if the token endpoint is used for general
> token exchange is an important philosophical question that should be
> answered first. If the token endpoint is to be used, I strongly belie
> that this token exchange should leverage and work within the constructs
> provided and defined by OAuth. That's the direction I took with
> draft-campbell-oauth-sts and yes that involves overloading the
> access_token response parameter with something that's not always
> strictly an access token. The existing token endpoint request/response
> are already rather close to what one might expect in an STS type
> exchange. I find there's a nice elegant simplicity to it but I also see
> where that discomfort might come from. If there's consensus to not
> use/overload the existing stuff, I think it'd be much more appropriate
> to define a new endpoint. A lot of syntactic stuff likely falls out from
> that decision.



signature.asc
Description: OpenPGP digital signature
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item

[Brian Campbell]

I'd be okay with that as a way forward. Frankly, of course, I'd prefer to
see draft-campbell-oauth-sts as the starting point with Mike and the other
draft-jones-oauth-token-exchange authors added as co-authors. Regardless,
there are elements from both that likely need to end up in the final work
so a consolidation of authors and concepts makes sense.

And yes, there are lots of details that the working group will need to
decide on going forward that we shouldn't get hung up on right now. Though
I believe that deciding if the token endpoint is used for general token
exchange is an important philosophical question that should be answered
first. If the token endpoint is to be used, I strongly belie that this
token exchange should leverage and work within the constructs provided and
defined by OAuth. That's the direction I took with draft-campbell-oauth-sts
and yes that involves overloading the access_token response parameter with
something that's not always strictly an access token. The existing token
endpoint request/response are already rather close to what one might expect
in an STS type exchange. I find there's a nice elegant simplicity to it but
I also see where that discomfort might come from. If there's consensus to
not use/overload the existing stuff, I think it'd be much more appropriate
to define a new endpoint. A lot of syntactic stuff likely falls out from
that decision.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth