all the
> interactions that may occur. So much for the simple Oauth.
>
>
>
> *From:* Justin Richer [mailto:jric...@mit.edu]
> *Sent:* Tuesday, April 12, 2016 5:46 AM
> *To:* Torsten Lodderstadt
> *Cc:* Anthony Nadalin ; <
> oauth@ietf.org>
>
>
> *Subject:*
h@ietf.org>> mailto:oauth@ietf.org>>
*Subject:*Re: [OAUTH-WG] Call for Adoption: Resource Indicators
for OAuth 2.0
No, I'm not adding requirements for encryption. I was pointing
out some of the ways that an access token might be different for
di
Nadalin ;
Subject: Re: [OAUTH-WG] Call for Adoption: Resource Indicators for OAuth 2.0
+1 to Torsten’s point.
And a reminder to Tony that call for adoption is the *start* of the document
editing process, not the end. We’re not saying this is a complete solution with
everything thought out when we
oes on shows how unstable and not fully thought out this draft is to
>> go through WG adoption.
>> <>
>> From: OAuth [mailto:oauth-boun...@ietf.org <mailto:oauth-boun...@ietf.org>]
>> On Behalf Of Brian Campbell
>> Sent: Monday, April 11, 2016 12:30 P
Am 11.04.2016 um 22:35 schrieb Anthony Nadalin :
>
> So it’s an incomplete solution then ?
>
> From: Brian Campbell [mailto:bcampb...@pingidentity.com]
> Sent: Monday, April 11, 2016 1:34 PM
> To: Anthony Nadalin
> Cc: Nat Sakimura ;
> Subject: Re: [OAUTH-WG] Call for Adopti
So it’s an incomplete solution then ?
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: Monday, April 11, 2016 1:34 PM
To: Anthony Nadalin
Cc: Nat Sakimura ;
Subject: Re: [OAUTH-WG] Call for Adoption: Resource Indicators for OAuth 2.0
No, I'm not adding requirement
ead goes on shows how unstable and not fully thought out this draft is
> to go through WG adoption.
>
>
>
> *From:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Brian
> Campbell
> *Sent:* Monday, April 11, 2016 12:30 PM
> *To:* Nat Sakimura
> *Cc:*
> *Subject:* R
Sakimura
Cc:
Subject: Re: [OAUTH-WG] Call for Adoption: Resource Indicators for OAuth 2.0
Sending a token type is not sufficient. There's more involved than the format.
Many cases need to know if to encrypt and whom to encrypt to. What claims to
put in the token (or reference by the token).
Sending a token type is not sufficient. There's more involved than the
format. Many cases need to know if to encrypt and whom to encrypt to. What
claims to put in the token (or reference by the token). What algorithms and
keys to use for signing/encryption.
The statement that the "Current proposa
So, my understanding on the rationale/requirements for having this spec
right now is:
R1. Authz server wants toprevent the replay by the server that received it.
R2. Authz server needs to mint the access token in a variety of format
depending on the resource server and to do that, you need to know
+1 to Prateek's comments
-- Dick
> On Apr 7, 2016, at 8:24 PM, Prateek Mishra wrote:
>
> While this work addresses a gap in the existing OAuth specification set, I am
> very concerned that this
> incremental extension will lead to even more confusion around the areas of
> “scope”, “audience”
While this work addresses a gap in the existing OAuth specification set, I am
very concerned that this
incremental extension will lead to even more confusion around the areas of
“scope”, “audience” and “resource server”.
I think we should try to solve this problem via a framework that provides
I support adoption of this document as a starting point for working group work.
— Justin
> On Apr 6, 2016, at 1:25 PM, Hannes Tschofenig
> wrote:
>
> Hi all,
>
> this is the call for adoption of 'Resource Indicators for OAuth 2.0', see
> http://datatracker.ietf.org/doc/draft-campbell-oauth-
Campbell
> *Sent:* Wednesday, April 6, 2016 12:52 PM
> *To:* Phil Hunt (IDM)
> *Cc:* oauth@ietf.org
> *Subject:* Re: [OAUTH-WG] Call for Adoption: Resource Indicators for
> OAuth 2.0
>
>
>
> I support the adoption of this draft by the working group.
>
> I don'
I support adoption by the WG.
> On Apr 6, 2016, at 2:25 PM, Hannes Tschofenig
> wrote:
>
> Hi all,
>
> this is the call for adoption of 'Resource Indicators for OAuth 2.0', see
> http://datatracker.ietf.org/doc/draft-campbell-oauth-resource-indicators/
>
> Please let us know by April 20th wh
e both of these
> together
>
>
>
> *From:* Brian Campbell [mailto:bcampb...@pingidentity.com]
> *Sent:* Wednesday, April 6, 2016 1:13 PM
> *To:* Anthony Nadalin
> *Cc:* Phil Hunt (IDM) ; oauth@ietf.org
>
> *Subject:* Re: [OAUTH-WG] Call for Adoption: Resource Indi
: Wednesday, April 6, 2016 1:13 PM
To: Anthony Nadalin
Cc: Phil Hunt (IDM) ; oauth@ietf.org
Subject: Re: [OAUTH-WG] Call for Adoption: Resource Indicators for OAuth 2.0
Multiple resources are there now.
I have no idea what "interaction with Token Exchange" means. Can you please
explain?
On
this is adopted to see if this will actually solve
> the problems
>
>
>
> *From:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Brian
> Campbell
> *Sent:* Wednesday, April 6, 2016 12:52 PM
> *To:* Phil Hunt (IDM)
> *Cc:* oauth@ietf.org
> *Subject:* Re: [OAUTH-
)
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Call for Adoption: Resource Indicators for OAuth 2.0
I support the adoption of this draft by the working group.
I don't think an immediate WGLC was expected here.
On Wed, Apr 6, 2016 at 4:06 PM, Phil Hunt (IDM)
mailto:phil.h...@oracle.com>>
I support the adoption of this draft by the working group.
I don't think an immediate WGLC was expected here.
On Wed, Apr 6, 2016 at 4:06 PM, Phil Hunt (IDM)
wrote:
> With the process of immediate wglc I think we should review all documents
> more thoroughly before adoption.
>
> As I said I sup
With the process of immediate wglc I think we should review all documents more
thoroughly before adoption.
As I said I support the work.
Phil
> On Apr 6, 2016, at 16:02, Hannes Tschofenig wrote:
>
> Phil,
>
> we have discussed this concept already for years. In fact, it dates back
> to the
Phil,
we have discussed this concept already for years. In fact, it dates back
to the days of the OAuth base specification and the security
consideration section even talks about it.
We have had the content of this in the PoP key distribution draft and we
are now moving it into a separate documen
I would like to have more discussion before wg adoption.
I support the work and am willing to help.
Phil
> On Apr 6, 2016, at 14:25, Hannes Tschofenig wrote:
>
> Hi all,
>
> this is the call for adoption of 'Resource Indicators for OAuth 2.0', see
> http://datatracker.ietf.org/doc/draft-cam
Hi all,
this is the call for adoption of 'Resource Indicators for OAuth 2.0', see
http://datatracker.ietf.org/doc/draft-campbell-oauth-resource-indicators/
Please let us know by April 20th whether you accept / object to the
adoption of this document as a starting point for work in the OAuth
worki
24 matches
Mail list logo
