Re: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt

2013-07-30 Thread Nat Sakimura
Inline: 2013/7/31 Prateek Mishra > Nat - > > your blog posting is helpful to those of us who are looking for a minimal > extension of OAuth with > an authenticator. Many implementors are seeking a modest extension of > OAuth, not an entire new protocol > stack. I believe that is the point of

Re: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt

2013-07-30 Thread Prateek Mishra
Nat - your blog posting is helpful to those of us who are looking for a minimal extension of OAuth with an authenticator. Many implementors are seeking a modest extension of OAuth, not an entire new protocol stack. I believe that is the point of Phil Hunt's proposal to the OAuth committee.

Re: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt

2013-07-30 Thread Nat Sakimura
I have written a short blog post titled "Write an OpenID Connect server in three simple steps ". Really, there is not much you need to on top of OAuth 2.0. It puzzles me why you need to create a draft with onl

Re: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt

2013-07-30 Thread John Bradley
Connect dosen't require a userinfo endpoint. It is required for interoperability if you are building an open IdP. For an enterprise type deployment discovery, registration, userifo are all optional. The server is required to pass the nonce which is equivalent to a request ID through to the

[OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt

2013-07-30 Thread Phil Hunt
Forgot reply all. Phil Begin forwarded message: > From: Phil Hunt > Date: 30 July, 2013 17:25:46 GMT+02:00 > To: "Richer, Justin P." > Subject: Re: [OAUTH-WG] New Version Notification for > draft-hunt-oauth-v2-user-a4c-00.txt > > The whole point is authn only. Many do not want or need the us

Re: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt

2013-07-30 Thread Anthony Nadalin
: oauth@ietf.org WG Subject: [OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt FYI. I have been noticing a substantial number of sites acting as OAuth Clients using OAuth to authenticate users. I know several of us have blogged on the issue over the past year so I

[OAUTH-WG] Fwd: New Version Notification for draft-hunt-oauth-v2-user-a4c-00.txt

2013-07-29 Thread Phil Hunt
FYI. I have been noticing a substantial number of sites acting as OAuth Clients using OAuth to authenticate users. I know several of us have blogged on the issue over the past year so I won't re-hash it here. In short, many of us recommended OIDC as the correct methodology. Never-the-less, I