Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-05 Thread Eran Hammer-Lahav
u do a terrible good job as an > editor. I just offered my opinion of why this WG is not as focused as you > would expect it. > > regards, > Torsten. > > >> EHL >> >>> -Original Message- >>> From: Torsten Lodderstedt [mailt

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-05 Thread Torsten Lodderstedt
Brian, I would like to start from your security considerations document. Do you have a documented threat model (attackers, attacks, propabilities) motivating the choosen counter-measures? regards, Torsten. Am 05.08.2010 um 02:09 schrieb Brian Eaton : > On Wed, Aug 4, 2010 at 10:04 AM, Torsten

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-05 Thread Torsten Lodderstedt
[mailto:tors...@lodderstedt.net] >> Sent: Wednesday, August 04, 2010 10:05 AM >> To: Eran Hammer-Lahav >> Cc: OAuth WG (oauth@ietf.org); Brian Eaton >> Subject: Re: [OAUTH-WG] Extensibility: new endpoints >> >>> >>>> ideas. I still hope to get the di

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-04 Thread Brian Eaton
On Wed, Aug 4, 2010 at 10:04 AM, Torsten Lodderstedt wrote: >> So far no one has offered to work on the security consideration section >> (Brian's draft is too far from the format I need to incorporate). >> > > I could work on this topic, if Brian does not insist to do so. > @Brian: What do you th

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-04 Thread Eran Hammer-Lahav
August 04, 2010 10:05 AM > To: Eran Hammer-Lahav > Cc: OAuth WG (oauth@ietf.org); Brian Eaton > Subject: Re: [OAUTH-WG] Extensibility: new endpoints > > > > >> ideas. I still hope to get the discovery spec finished in the same > >> timeframe, but have no plans t

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-04 Thread Torsten Lodderstedt
onday, August 02, 2010 1:20 PM To: Eran Hammer-Lahav Cc: OAuth WG (oauth@ietf.org) Subject: Re: [OAUTH-WG] Extensibility: new endpoints What consensus do you refer to? The WG charter? regards, Torsten. Am 02.08.2010 22:18, schrieb Eran Hammer-Lahav: No according to WG consensus. We took it all o

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-03 Thread Eran Hammer-Lahav
> -Original Message- > From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] > Sent: Tuesday, August 03, 2010 8:25 AM > To: Eran Hammer-Lahav > Cc: OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Extensibility: new endpoints > > > > > The main p

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-03 Thread Torsten Lodderstedt
eneral discussions on the list and during the interim meeting. >> >> EHL >> >> >> -----Original Message- >> From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] >> Sent: Monday, August 02, 2010 1:20 PM >> To: Eran Hammer-Lahav >> Cc:

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-03 Thread Eran Hammer-Lahav
> -Original Message- > From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] > Sent: Tuesday, August 03, 2010 7:00 AM > To: Eran Hammer-Lahav > Cc: OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Extensibility: new endpoints > > I'm fine with spe

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-03 Thread Torsten Lodderstedt
0 PM >> To: Eran Hammer-Lahav >> Cc: OAuth WG (oauth@ietf.org) >> Subject: Re: [OAUTH-WG] Extensibility: new endpoints >> >> What consensus do you refer to? The WG charter? >> >> regards, >> Torsten. >> >> Am 02.08.2010 22:18, schrieb

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-02 Thread David Recordon
dt.net] > > Sent: Monday, August 02, 2010 1:20 PM > > To: Eran Hammer-Lahav > > Cc: OAuth WG (oauth@ietf.org) > > Subject: Re: [OAUTH-WG] Extensibility: new endpoints > > > > What consensus do you refer to? The WG charter? > > > > regards, > > Torst

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-02 Thread Eran Hammer-Lahav
so while it may be a WG item, it is not part of > the > core spes. > > > > EHL > > > > > >> -Original Message- > >> From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] > >> Sent: Monday, August 02, 2010 1:07 PM > >>

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-02 Thread Torsten Lodderstedt
-Original Message- From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] Sent: Monday, August 02, 2010 1:07 PM To: Eran Hammer-Lahav Cc: OAuth WG (oauth@ietf.org) Subject: Re: [OAUTH-WG] Extensibility: new endpoints and discovery does not belong into the core? regards, Torsten. Am

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-02 Thread Eran Hammer-Lahav
2010 1:07 PM > To: Eran Hammer-Lahav > Cc: OAuth WG (oauth@ietf.org) > Subject: Re: [OAUTH-WG] Extensibility: new endpoints > > and discovery does not belong into the core? > > regards, > Torsten. > > Am 02.08.2010 22:05, schrieb Eran Hammer-Lahav: > > This

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-02 Thread Torsten Lodderstedt
-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Torsten Lodderstedt Sent: Monday, August 02, 2010 12:54 PM To: OAuth WG (oauth@ietf.org) Subject: [OAUTH-WG] Extensibility: new endpoints the existing authorization server endpoints (end-user authorization and tokens endpoint) have a relat

Re: [OAUTH-WG] Extensibility: new endpoints

2010-08-02 Thread Eran Hammer-Lahav
st 02, 2010 12:54 PM > To: OAuth WG (oauth@ietf.org) > Subject: [OAUTH-WG] Extensibility: new endpoints > > the existing authorization server endpoints (end-user authorization and > tokens endpoint) have a relatively clearly semantics and scope. Adding > distinct new functions to

[OAUTH-WG] Extensibility: new endpoints

2010-08-02 Thread Torsten Lodderstedt
the existing authorization server endpoints (end-user authorization and tokens endpoint) have a relatively clearly semantics and scope. Adding distinct new functions to an authorization server will (in my opionion) require the definition of new endpoints. For example, I'm working on an I-D for