Hi all,
in preparation of the upcoming IETF meeting Barry and I would like to start a
re-chartering discussion. We both are currently attending the Internet
Identity Workshop and so we had the chance to solicit input from the
participants. This should serve as a discussion starter.
Potentia
Hi all,
at the Washington Internet Identity Workshop we had the chance to chat
about OAuth. Given the progress on the main specification we should
discuss WG re-chartering.
The following items had been proposed at the meeting:
* Messaging Signing
Example: http://www.ietf.org/mail-archive/web
latest version includes a JSON flavor which makes
this work redundant.
EHL
> -Original Message-
> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Hannes Tschofenig
> Sent: Wednesday, October 19, 2011 10:09 PM
> To: OAuth WG
> Subject: [O
these fit.
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Hannes Tschofenig
Sent: Wednesday, October 19, 2011 10:09 PM
To: OAuth WG
Subject: [OAUTH-WG] Rechartering
Hi all,
in preparation of the upcoming IETF meeting Barry and I would like to
> do we have the band width to work on all these items, as some are
> big and some are fairly small and contained. May have to have some
> prioritized list of where people think these fit.
Yes, exactly. And one of the things we'd like to hear from all of you
is what your priorities are... how you
arry Leiba
[barryle...@computer.org]
Sent: Thursday, October 20, 2011 12:05 PM
To: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
> do we have the band width to work on all these items, as some are
> big and some are fairly small and contained. May have to have some
> prioritized list of where
up we can handle many of these smaller items.
>
> -- Justin
>
> From: oauth-boun...@ietf.org [oauth-boun...@ietf.org] on behalf of Barry
> Leiba [barryle...@computer.org]
> Sent: Thursday, October 20, 2011 12:05 PM
> To: OAuth WG
> Subject: Re: [OAUTH-WG] Recharterin
t; Cc: OAuth WG; Barry Leiba
> Subject: Re: [OAUTH-WG] Rechartering
>
> Certainly not everyone needs to pay attention to everything. We are,
> however, trying to determine whether there is a critical mass of interested
> persons for a given item in terms of reviews, document authors,
&
t; Sent: Thursday, October 20, 2011 9:31 AM
> To: Barry Leiba; OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering
>
> I think it will be true that the whole working group won't be focusing on all
> documents at the same time, much in the same way that different subsets of
> ou
ID Connect to discover OAuth
authorization and resource server endpoints.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Hannes Tschofenig
Sent: Wednesday, October 19, 2011 10:09 PM
To: OAuth WG
Subject:
nnes Tschofenig; OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering
>
> Thanks, Hannes. Here's my prioritized list of new work:
>
> 1. JSON Web Token (JWT)
> 2. Simple Web Discovery (SWD)
> 3. JSON Web Token (JWT) Bearer Token Profile
> 4. Token Revocation
>
Because it's intended for (and used for) discovery of OAuth endpoints...
-Original Message-
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Thursday, October 20, 2011 12:42 PM
To: Mike Jones; Hannes Tschofenig; OAuth WG
Subject: RE: [OAUTH-WG] Rechartering
What pos
PM
> To: Eran Hammer-Lahav; Hannes Tschofenig; OAuth WG
> Subject: RE: [OAUTH-WG] Rechartering
>
> Because it's intended for (and used for) discovery of OAuth endpoints...
>
> -Original Message-
> From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
> Sent: Thu
Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Mike Jones
>> Sent: Thursday, October 20, 2011 12:12 PM
>> To: Hannes Tschofenig; OAuth WG
>> Subject: Re: [OAUTH-WG] Rechartering
>>
>> Thanks, Hannes. Here's m
I agree.
To this end, are we going to have a rechartering discussion? I would
very much support that. We have a number of things waiting, discovery
being one of them.
Igor
On 10/20/2011 1:18 PM, Hannes Tschofenig wrote:
the past that the JSON signature& encryption work would go into JOES
Hi all,
my prioritization is driven by the goal to make OAuth the
authorization framework of choice for any internet standard protocol,
such as WebDAV, IMAP, SMTP or SIP. So let me first explain what is
missing from my point of view and explain some thoughts how to fill
the gaps.
A stan
Hi.
Just a clarification:
Although my expired draft is 'request by reference', what was proposed
through it at the iiw really is a generalized JSON based claim request
capability. It could be passed by value as JSON or could be passed by
reference. The later is an optimization for bandwidth const
Hi Torsten et al.,
Prioritizing new work items based on an overarching goal seems like a good
idea. If Torsten's goal of making OAuth "the authorization framework of choice
for any internet protocol" is more widely shared, it gives a useful basis for
assessing the proposals consistently. I thin
Original Message-
From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
Sent: Thursday, October 20, 2011 3:57 PM
To: Hannes Tschofenig
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
Hi all,
my prioritization is driven by the goal to make OAuth the
authorization framework of ch
but there is no
> way to obtain a new token with a completely different scope without doing
> the full oauth dance a second time.
>
> Dan
>
> -Original Message-
> From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
> Sent: Thursday, October 20, 2011 3:57 PM
&g
earer token implementations. I
would like to see this relaxed somewhat.
Dan
From: Dave Rochwerger [mailto:da...@quizlet.com]
Sent: Tuesday, October 25, 2011 4:08 PM
To: Dan Taflin
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
Is separating this out into 2 different tokens, really the best wa
relaxed somewhat.
>
> ** **
>
> Dan
>
> ** **
>
> *From:* Dave Rochwerger [mailto:da...@quizlet.com]
> *Sent:* Tuesday, October 25, 2011 4:08 PM
> *To:* Dan Taflin
>
> *Cc:* OAuth WG
> *Subject:* Re: [OAUTH-WG] Rechartering
>
> ** **
>
> Is sepa
2011 3:37 PM
> To: OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering
>
> I would like to second Torsten's pitch for the ability to return multiple
> access
> tokens with a single authorization process. The use case for my company is to
> segment operations into two main cate
Hi Nat,
I think your proposal would be a useful OAuth enhancement. A JSON-based
request format would allow for more complex requests (e.g. carrying
resource server URLs and corresponding scope values ;-)).
Please note: I also think the way this mechanism is introduced and used
in the current
Dan
-Original Message-
From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net
<mailto:tors...@lodderstedt.net>]
Sent: Thursday, October 20, 2011 3:57 PM
To: Hannes Tschofenig
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
Hi all,
my prioritiza
HI Torsten,
I and John just refreshed the I-D to be more in-line with what we do with
OpenID Connect.
http://tools.ietf.org/html/draft-sakimura-oauth-requrl-01
As you point out, this would solve the duplication / non-standard behavior
that OpenID Connect requires.
Cheers,
Nat
On Thu, Oct 27,
ed, then
> refresh it by asking for the different subsets you want.
>
> EHL
>
>> -Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Dan Taflin
>> Sent: Tuesday, October 25, 2011 3:37 PM
>> To: OAuth WG
>
-Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Dan Taflin
>> Sent: Tuesday, October 25, 2011 3:37 PM
>> To: OAuth WG
>> Subject: Re: [OAUTH-WG] Rechartering
>>
>> I would like to second Torsten'
Cc: OAuth WG ; Dan Taflin
Sent: Saturday, October 29, 2011 12:07 AM
Subject: Re: [OAUTH-WG] Rechartering
What if the access tokens come from different authoritative servers?
On Oct 26, 2011, at 9:15 AM, Eran Hammer-Lahav wrote:
> Why not just ask for one access token with all the scopes you n
go with the more secure MAC token in all cases, but it's probably
> worth noting how to do this.
>
> -bill
> From: Dick Hardt
> To: Eran Hammer-Lahav
> Cc: OAuth WG ; Dan Taflin
> Sent: Saturday, October 29, 2011 12:07 AM
> Subject: Re: [OAUTH-WG] Rechartering
&g
th WG
Subject: Re: [OAUTH-WG] Rechartering
What if the access tokens come from different authoritative servers?
On Oct 26, 2011, at 9:15 AM, Eran Hammer-Lahav wrote:
> Why not just ask for one access token with all the scopes you need, then
> refresh it by asking for the different subse
; Dan Taflin
Subject: Re: [OAUTH-WG] Rechartering
That's a whole different issue as this is about talking to a single server
retuning two tokens with different scopes.
EHL
From: Dick Hardt [dick.ha...@gmail.com]
Sent: Saturday, October 29, 2011 12:07
t; Cc: OAuth WG; Dan Taflin
> Subject: Re: [OAUTH-WG] Rechartering
>
> That's a whole different issue as this is about talking to a single server
> retuning two tokens with different scopes.
>
> EHL
>
>
> From: Dick Hardt [dic
I forgot an item already, namely 'identity management using OAuth' in
the style of OpenID Connect.
At IIW we also had a chat about an implementers guide and
interoperability tests. The idea of the implementers guide is create a
living document that captures implementation experience with diffe
I'd like to see us finish Core before considering re-chartering. :)
But to your original question. I'm interested in the UX extension (said I'd
edit), device flow (said I'd edit), and the OpenID Connect work which
encompasses dynamic registration and likely artifact binding (also editing
but outsi
Hannes,
what about discovery?
"Recommendations of commonly used Scope values" sounds to weak from my
point of view. I would rather suggest to work towards a clear definition
of scope syntax and semantics, including resource server identification.
Please note, I submitted a I-D on token revo
Hi!
2010/9/12 David Recordon
> I'd like to see us finish Core before considering re-chartering. :)
>
> But to your original question. I'm interested in the UX extension (said I'd
> edit), device flow (said I'd edit), and the OpenID Connect work which
> encompasses dynamic registration and likely
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
> Of Hannes Tschofenig
> Sent: Saturday, September 11, 2010 8:00 PM
> To: oauth@ietf.org
> Subject: [OAUTH-WG] Rechartering
>
> Hi all,
>
> at the Washington Internet Identity Workshop we had the
___
>
>> -Original Message-
>> From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
>> Of Hannes Tschofenig
>> Sent: Saturday, September 11, 2010 8:00 PM
>> To: oauth@ietf.org
>> Subject: [OAUTH-WG] Rechartering
>>
>
Hannes,
Many thanks for putting this together.
First, I strongly believe that the work that had already been identified
important and had started needs to be finished, and to this end I
consider the item that Torsten had brought forth, on *token revocation*,
to be of the highest priority. We
> Third, I think the implementers guide is absolutely essential.
> (Interestingly enough, the discussion of white spaces vs. commas in
> yesterday's thread has effectively started this work.) In my opinion,
> this item must be carried in parallel with others. I wonder if this
> should be tied
What about Security Considerations. I know some individuals have worked on
it in the past - does it need a WG to complete
Mark McGloin
Hannes Tschofenig
Sent by: oauth-boun...@ietf.org
12/09/2010 00:59
Hi all,
at the Washington Internet Identity Workshop we had the chance to chat
about OAu
I plan to work on that aspect. Do you (or someone else) want to contribute?
regards,
Torsten.
Am 14.09.2010 um 17:18 schrieb Mark Mcgloin :
> What about Security Considerations. I know some individuals have worked on
> it in the past - does it need a WG to complete
>
>
> Mark McGloin
>
> Han
Dynamic authz server discovery and client registration would be needed in
OAuth-based identity management. But I would submit that they're needed even
apart from it (since I've got that need), and so should be specified modularly,
with the identity management piece pointing to it (if it wants t
On 9/13/10 8:24 PM, Thomas Hardjono wrote:
> Hannes,
>
> I strongly believe that SAML support in Outh2.0 and "SAML-interoperability"
> is crucial in getting Oauth accepted and deployed in high-assurance
> (high-value) environments (eg. government, financials).
+1.
> As such, if its ok with Bria
Hi Torsten
Yes, I can contribute. Will email you directly to follow up
Regards
Mark McGloin
Torsten Lodderstedt
14/09/2010 17:01
I plan to work on that aspect. Do you (or someone else) want to contribute?
regards,
Torsten.
Am 14.09.2010 um 17:18 schrieb Mark Mcgloin :
> What about Secur
Hi Stephen, Hi IESG secretary,
Derek and myself would like to submit the updated OAuth charter to the IESG.
Please find it below.
Ciao
Hannes
--
Web Authorization Protocol (oauth)
Description of Working Group
The Web Authorization (OAuth) protocol allows a user to grant
a third-party W
Hi Barry,
as discussed today I am forwarding you the new charter text for the
OAuth working group.
In parallel to the IESG processing this re-chartering request we will
run a call for adoption to also update the milestone list at the same time.
Ciao
Hannes & Derek
--
Ch
Nat and I just refreshed the I-D for draft-sakimura-oauth-requrl.
It is essentially a standardization of the method we are using in openID
Connect to make signed requests to the Authorization server.
We do have the issue that parameters in the signed/encrypted request
necessarily duplicate the
why is it neccessary to duplicate the OAuth request parameters?
Am 27.10.2011 00:31, schrieb John Bradley:
Nat and I just refreshed the I-D for draft-sakimura-oauth-requrl.
It is essentially a standardization of the method we are using in
openID Connect to make signed requests to the Authoriz
On 10/26/2011 6:31 PM, John Bradley wrote:
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Many thanks for pointing this! It is *absolutely* (not "probably")
worth studying.
Igor
On 10/26/2011 6:31 PM, John Bradley wrote:
Nat and I just refreshed the I-D for draft-sakimura-oauth-requrl.
It is essentially a standardization of the method we are using in
openID Connect to make sign
Hopefully to make it more compatible with existing OAuth 2 libraries.At
least leave open the possibility of dealing with it at a higher level.
The argument has been made that you probably need to modify the library anyway
to check that the duplicate parameters are a match.
If there is conse
-WG] Rechartering JSON based request.
Hopefully to make it more compatible with existing OAuth 2 libraries.At
least leave open the possibility of dealing with it at a higher level.
The argument has been made that you probably need to modify the library anyway
to check that the duplicate
omitted.
>
> regards,
> Torsten.
> Gesendet mit BlackBerry® Webmail von Telekom Deutschland
>
> From: John Bradley
> Date: Thu, 27 Oct 2011 13:52:31 -0300
> To: Torsten Lodderstedt
> Cc: Nat Sakimura; OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering JSON based request.
>
] On Behalf Of Phil
Hunt
Sent: Thursday, October 27, 2011 10:49 AM
To: tors...@lodderstedt.net
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering JSON based request.
John,
What is the reason behind having a separate ID_Token from the access Token? I
understand the tokens are used to retrieve d
th-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
> Phil Hunt
> Sent: Thursday, October 27, 2011 10:49 AM
> To: tors...@lodderstedt.net
> Cc: OAuth WG
> Subject: Re: [OAUTH-WG] Rechartering JSON based request.
>
> John,
>
> What is the reason behind havin
-0300
*To: *Torsten Lodderstedt
*Cc: *Nat Sakimura; OAuth WG
*Subject: *Re: [OAUTH-WG] Rechartering JSON based request.
Hopefully to make it more compatible with existing OAuth 2 libraries.
At least leave open the possibility of dealing with it at a higher
level.
The argument has been made
27 Oct 2011 13:52:31 -0300
> *To: *Torsten Lodderstedt
> *Cc: *Nat Sakimura ; OAuth WG
>
> *Subject: *Re: [OAUTH-WG] Rechartering JSON based request.
>
> Hopefully to make it more compatible with existing OAuth 2 libraries.
> At least leave open the possibility of dealing with it
Sakimura; OAuth WG
*Subject: *Re: [OAUTH-WG] Rechartering JSON based request.
Hopefully to make it more compatible with existing OAuth 2 libraries.
At least leave open the possibility of dealing with it at a higher
level.
The argument has been made that you probably need to modify the
>>> parameters only. Alternatively, the JSON request style could be adopted as
>>> part of OAuth. Then, the URI request parameters could be omitted.
>>>
>>> regards,
>>> Torsten.
>>> Gesendet mit BlackBerry® Webmail von Teleko
Hannes
I would like to propose a brief presentation on "events". While this might not
end up being oauth wg activity, I think a lot of attendees may be interested.
We might make this one of those if we have time topics.
Phil
> On Jan 15, 2016, at 12:15, Hannes Tschofenig
> wrote:
>
> Hi B
62 matches
Mail list logo
