Hi Barry,
as discussed today I am forwarding you the new charter text for the
OAuth working group.
In parallel to the IESG processing this re-chartering request we will
run a call for adoption to also update the milestone list at the same time.
Ciao
Hannes & Derek
--
Hannes
I would like to propose a brief presentation on "events". While this might not
end up being oauth wg activity, I think a lot of attendees may be interested.
We might make this one of those if we have time topics.
Phil
> On Jan 15, 2016, at 12:15, Hannes Tschofenig
Hi Stephen, Hi IESG secretary,
Derek and myself would like to submit the updated OAuth charter to the IESG.
Please find it below.
Ciao
Hannes
--
Web Authorization Protocol (oauth)
Description of Working Group
The Web Authorization (OAuth) protocol allows a user to grant
a third-party
: Re: [OAUTH-WG] Rechartering
That's a whole different issue as this is about talking to a single server
retuning two tokens with different scopes.
EHL
From: Dick Hardt [dick.ha...@gmail.com]
Sent: Saturday, October 29, 2011 12:07 AM
To: Eran
Lodderstedttors...@lodderstedt.net
*Cc: *Nat Sakimurasakim...@gmail.com; OAuth WGoauth@ietf.org
*Subject: *Re: [OAUTH-WG] Rechartering JSON based request.
Hopefully to make it more compatible with existing OAuth 2 libraries.
At least leave open the possibility of dealing with it at a higher
level
® Webmail von Telekom Deutschland
From: John Bradley ve7...@ve7jtb.com
Date: Thu, 27 Oct 2011 13:52:31 -0300
To: Torsten Lodderstedttors...@lodderstedt.net
Cc: Nat Sakimurasakim...@gmail.com; OAuth WGoauth@ietf.org
Subject: Re: [OAUTH-WG] Rechartering JSON based request.
Hopefully to make it more
Subject: Re: [OAUTH-WG] Rechartering
What if the access tokens come from different authoritative servers?
On Oct 26, 2011, at 9:15 AM, Eran Hammer-Lahav wrote:
Why not just ask for one access token with all the scopes you need, then
refresh it by asking for the different subsets you want.
EHL
; Dan Taflin
Subject: Re: [OAUTH-WG] Rechartering
That's a whole different issue as this is about talking to a single server
retuning two tokens with different scopes.
EHL
From: Dick Hardt [dick.ha...@gmail.com]
Sent: Saturday, October 29, 2011 12:07 AM
-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Dan Taflin
Sent: Tuesday, October 25, 2011 3:37 PM
To: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
I would like to second Torsten's pitch for the ability to return multiple
access
tokens with a single authorization
...@hueniverse.com
Cc: OAuth WG oauth@ietf.org; Dan Taflin dan.taf...@gettyimages.com
Sent: Saturday, October 29, 2011 12:07 AM
Subject: Re: [OAUTH-WG] Rechartering
What if the access tokens come from different authoritative servers?
On Oct 26, 2011, at 9:15 AM, Eran Hammer-Lahav wrote:
Why
, but it's probably
worth noting how to do this.
-bill
From: Dick Hardt dick.ha...@gmail.com
To: Eran Hammer-Lahav e...@hueniverse.com
Cc: OAuth WG oauth@ietf.org; Dan Taflin dan.taf...@gettyimages.com
Sent: Saturday, October 29, 2011 12:07 AM
Subject: Re: [OAUTH-WG] Rechartering
What
Many thanks for pointing this! It is *absolutely* (not probably)
worth studying.
Igor
On 10/26/2011 6:31 PM, John Bradley wrote:
Nat and I just refreshed the I-D for draft-sakimura-oauth-requrl.
It is essentially a standardization of the method we are using in
openID Connect to make
.
Gesendet mit BlackBerry® Webmail von Telekom Deutschland
From: John Bradley ve7...@ve7jtb.com
Date: Thu, 27 Oct 2011 13:52:31 -0300
To: Torsten Lodderstedttors...@lodderstedt.net
Cc: Nat Sakimurasakim...@gmail.com; OAuth WGoauth@ietf.org
Subject: Re: [OAUTH-WG] Rechartering JSON based request
Sent: Thursday, October 27, 2011 10:49 AM
To: tors...@lodderstedt.net
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering JSON based request.
John,
What is the reason behind having a separate ID_Token from the access Token? I
understand the tokens are used to retrieve different information
Oct 2011 13:52:31 -0300
*To: *Torsten Lodderstedttors...@lodderstedt.net
*Cc: *Nat Sakimurasakim...@gmail.com; OAuth WGoauth@ietf.org
*Subject: *Re: [OAUTH-WG] Rechartering JSON based request.
Hopefully to make it more compatible with existing OAuth 2 libraries.
At least leave open
Lodderstedttors...@lodderstedt.nettors...@lodderstedt.net
*Cc: *Nat Sakimurasakim...@gmail.com sakim...@gmail.com; OAuth WG
oauth@ietf.org oauth@ietf.org
*Subject: *Re: [OAUTH-WG] Rechartering JSON based request.
Hopefully to make it more compatible with existing OAuth 2 libraries.
At least leave open
To: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
I would like to second Torsten's pitch for the ability to return multiple
access
tokens with a single authorization process. The use case for my company is to
segment operations into two main categories: protected and confidential. (A
possible
Hi Nat,
I think your proposal would be a useful OAuth enhancement. A JSON-based
request format would allow for more complex requests (e.g. carrying
resource server URLs and corresponding scope values ;-)).
Please note: I also think the way this mechanism is introduced and used
in the
HI Torsten,
I and John just refreshed the I-D to be more in-line with what we do with
OpenID Connect.
http://tools.ietf.org/html/draft-sakimura-oauth-requrl-01
As you point out, this would solve the duplication / non-standard behavior
that OpenID Connect requires.
Cheers,
Nat
On Thu, Oct 27,
Nat and I just refreshed the I-D for draft-sakimura-oauth-requrl.
It is essentially a standardization of the method we are using in openID
Connect to make signed requests to the Authorization server.
We do have the issue that parameters in the signed/encrypted request
necessarily duplicate
, then
refresh it by asking for the different subsets you want.
EHL
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Dan Taflin
Sent: Tuesday, October 25, 2011 3:37 PM
To: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
I would like to second
why is it neccessary to duplicate the OAuth request parameters?
Am 27.10.2011 00:31, schrieb John Bradley:
Nat and I just refreshed the I-D for draft-sakimura-oauth-requrl.
It is essentially a standardization of the method we are using in
openID Connect to make signed requests to the
Lodderstedt [mailto:tors...@lodderstedt.net]
Sent: Thursday, October 20, 2011 3:57 PM
To: Hannes Tschofenig
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
Hi all,
my prioritization is driven by the goal to make OAuth the
authorization framework of choice for any internet standard protocol
the full oauth dance a second time.
Dan
-Original Message-
From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
Sent: Thursday, October 20, 2011 3:57 PM
To: Hannes Tschofenig
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
Hi all,
my prioritization is driven by the goal
like to see this relaxed somewhat.
Dan
From: Dave Rochwerger [mailto:da...@quizlet.com]
Sent: Tuesday, October 25, 2011 4:08 PM
To: Dan Taflin
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
Is separating this out into 2 different tokens, really the best way to solve
your use case?
It sounds
]
*Sent:* Tuesday, October 25, 2011 4:08 PM
*To:* Dan Taflin
*Cc:* OAuth WG
*Subject:* Re: [OAUTH-WG] Rechartering
** **
Is separating this out into 2 different tokens, really the best way to
solve your use case?
** **
It sounds to me that you simply want to track/log the two
Hi.
Just a clarification:
Although my expired draft is 'request by reference', what was proposed
through it at the iiw really is a generalized JSON based claim request
capability. It could be passed by value as JSON or could be passed by
reference. The later is an optimization for bandwidth
Hi Torsten et al.,
Prioritizing new work items based on an overarching goal seems like a good
idea. If Torsten's goal of making OAuth the authorization framework of choice
for any internet protocol is more widely shared, it gives a useful basis for
assessing the proposals consistently. I think
these fit.
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Hannes Tschofenig
Sent: Wednesday, October 19, 2011 10:09 PM
To: OAuth WG
Subject: [OAUTH-WG] Rechartering
Hi all,
in preparation of the upcoming IETF meeting Barry and I would like to start
do we have the band width to work on all these items, as some are
big and some are fairly small and contained. May have to have some
prioritized list of where people think these fit.
Yes, exactly. And one of the things we'd like to hear from all of you
is what your priorities are... how you
...@computer.org]
Sent: Thursday, October 20, 2011 12:05 PM
To: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
do we have the band width to work on all these items, as some are
big and some are fairly small and contained. May have to have some
prioritized list of where people think these fit.
Yes
: oauth-boun...@ietf.org [oauth-boun...@ietf.org] on behalf of Barry
Leiba [barryle...@computer.org]
Sent: Thursday, October 20, 2011 12:05 PM
To: OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
do we have the band width to work on all these items, as some are
big and some are fairly small
: Re: [OAUTH-WG] Rechartering
Certainly not everyone needs to pay attention to everything. We are,
however, trying to determine whether there is a critical mass of interested
persons for a given item in terms of reviews, document authors,
implementers, and deployers.
I do not see a problem
, October 20, 2011 9:31 AM
To: Barry Leiba; OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
I think it will be true that the whole working group won't be focusing on all
documents at the same time, much in the same way that different subsets of
our current WG have focused on things like
to discover OAuth
authorization and resource server endpoints.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Hannes Tschofenig
Sent: Wednesday, October 19, 2011 10:09 PM
To: OAuth WG
Subject: [OAUTH-WG
WG
Subject: Re: [OAUTH-WG] Rechartering
Thanks, Hannes. Here's my prioritized list of new work:
1. JSON Web Token (JWT)
2. Simple Web Discovery (SWD)
3. JSON Web Token (JWT) Bearer Token Profile
4. Token Revocation
My prioritized list of existing work items to complete after
Because it's intended for (and used for) discovery of OAuth endpoints...
-Original Message-
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Thursday, October 20, 2011 12:42 PM
To: Mike Jones; Hannes Tschofenig; OAuth WG
Subject: RE: [OAUTH-WG] Rechartering
What possible
-Lahav; Hannes Tschofenig; OAuth WG
Subject: RE: [OAUTH-WG] Rechartering
Because it's intended for (and used for) discovery of OAuth endpoints...
-Original Message-
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Thursday, October 20, 2011 12:42 PM
To: Mike Jones; Hannes
...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Mike Jones
Sent: Thursday, October 20, 2011 12:12 PM
To: Hannes Tschofenig; OAuth WG
Subject: Re: [OAUTH-WG] Rechartering
Thanks, Hannes. Here's my prioritized list of new work:
1. JSON Web Token (JWT)
2. Simple Web Discovery (SWD
I agree.
To this end, are we going to have a rechartering discussion? I would
very much support that. We have a number of things waiting, discovery
being one of them.
Igor
On 10/20/2011 1:18 PM, Hannes Tschofenig wrote:
the past that the JSON signature encryption work would go into JOES
Hi all,
my prioritization is driven by the goal to make OAuth the
authorization framework of choice for any internet standard protocol,
such as WebDAV, IMAP, SMTP or SIP. So let me first explain what is
missing from my point of view and explain some thoughts how to fill
the gaps.
A
Hi all,
in preparation of the upcoming IETF meeting Barry and I would like to start a
re-chartering discussion. We both are currently attending the Internet
Identity Workshop and so we had the chance to solicit input from the
participants. This should serve as a discussion starter.
includes a JSON flavor which makes
this work redundant.
EHL
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Hannes Tschofenig
Sent: Wednesday, October 19, 2011 10:09 PM
To: OAuth WG
Subject: [OAUTH-WG] Rechartering
Hi all
Third, I think the implementers guide is absolutely essential.
(Interestingly enough, the discussion of white spaces vs. commas in
yesterday's thread has effectively started this work.) In my opinion,
this item must be carried in parallel with others. I wonder if this
should be tied up
What about Security Considerations. I know some individuals have worked on
it in the past - does it need a WG to complete
Mark McGloin
Hannes Tschofenig hannes.tschofe...@gmx.net
Sent by: oauth-boun...@ietf.org
12/09/2010 00:59
Hi all,
at the Washington Internet Identity Workshop we had
I plan to work on that aspect. Do you (or someone else) want to contribute?
regards,
Torsten.
Am 14.09.2010 um 17:18 schrieb Mark Mcgloin mark.mcgl...@ie.ibm.com:
What about Security Considerations. I know some individuals have worked on
it in the past - does it need a WG to complete
Hi!
2010/9/12 David Recordon record...@gmail.com
I'd like to see us finish Core before considering re-chartering. :)
But to your original question. I'm interested in the UX extension (said I'd
edit), device flow (said I'd edit), and the OpenID Connect work which
encompasses dynamic
...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Hannes Tschofenig
Sent: Saturday, September 11, 2010 8:00 PM
To: oauth@ietf.org
Subject: [OAUTH-WG] Rechartering
Hi all,
at the Washington Internet Identity Workshop we had the chance to chat
about OAuth. Given the progress on the main
...@ietf.org] On Behalf
Of Hannes Tschofenig
Sent: Saturday, September 11, 2010 8:00 PM
To: oauth@ietf.org
Subject: [OAUTH-WG] Rechartering
Hi all,
at the Washington Internet Identity Workshop we had the chance to chat
about OAuth. Given the progress on the main specification we should
discuss
I'd like to see us finish Core before considering re-chartering. :)
But to your original question. I'm interested in the UX extension (said I'd
edit), device flow (said I'd edit), and the OpenID Connect work which
encompasses dynamic registration and likely artifact binding (also editing
but
50 matches
Mail list logo