IETF
oauth@jabber.ietf.org
Monday, March 23, 2015< ^ >
derek has set the subject to: OAuth WG | http://tools.ietf.org/wg/oauth/ | IETF 90 audio stream: http://ietf90streaming.dnsalias.net/ietf/ietf903.m3u
Room Configuration
Room Occupants

GMT+0
[17:54:21] kaduk joins the room
[17:59:22] David Millman joins the room
[17:59:29] tlyu@mit.edu joins the room
[17:59:47] Meetecho joins the room
[18:00:04] <kaduk> Greetings; I will be your jabber scribe for the session.  Please preface comments you would like relayed to the mic with "MIC:"
[18:00:18] Kathleen Moriarty joins the room
[18:00:50] <kaduk> I am not currently planning on typing a summary of what is being said (let me know if you want that), but I will try to indicate what slide we are on.
[18:02:26] wseltzer joins the room
[18:03:10] Steve Olshansky joins the room
[18:03:30] <kaduk> Note Well
[18:03:49] Eduardo Gueiros joins the room
[18:03:54] <kaduk> Agenda slide
[18:04:08] jeff.hodges joins the room
[18:04:18] Ken Murchison joins the room
[18:04:31] <kaduk> WG status
[18:04:33] fenton joins the room
[18:05:17] <kaduk> WG Status, cont.
[18:05:19] zhanna tsitkov joins the room
[18:05:24] <tlyu@mit.edu> audio stream is very faint, but with a whole lot of room noise & reverb, like it's coming off one of the audience mics
[18:06:07] <kaduk> Hmm, I think there was a similar issue in the sacm session this morning; they swapped out an audience mic for the speaker to use
[18:06:33] <kaduk> Are you using the meetecho stream or the m3u?
[18:06:38] <tlyu@mit.edu> m3u
[18:06:46] <fenton> Meetecho is just "spinning" for me, is it working for others? (using non-Jabber flavor)
[18:07:29] <Eduardo Gueiros> I'm full meetecho, can see the slides but audio quality is not so clear
[18:07:43] <kaduk> (another) WG Status, cont.
[18:07:44] <fenton> Oh, I am getting audio (same issue as tlyu) but no slides
[18:07:55] <kaduk> Draft Updates
[18:08:01] <kaduk> on to Justin Richer's presentation
[18:08:13] <kaduk> Looks like http://www.ietf.org/proceedings/92/slides/slides-92-oauth-2.pdf
[18:08:16] <Meetecho> if the webrtc audio is not working (spinning circle) try one of the audio alternatives that are listed in the web page
[18:08:24] <Meetecho> there are RTSP and HTTP (opus and mp3) streams
[18:08:25] <kaduk> page 2
[18:09:19] Erik Wahlstrom joins the room
[18:09:27] Bill Mills joins the room
[18:10:10] <Eduardo Gueiros> audio is much better now
[18:10:34] <fenton> yes
[18:11:21] <kaduk> page 3
[18:13:25] <kaduk> page 4
[18:13:30] <kaduk> page 5
[18:14:38] <kaduk> page 6
[18:15:36] <kaduk> page 7
[18:20:46] <jeff.hodges> is the room mic even on ?
[18:21:07] serrhini mohamed joins the room
[18:21:20] <kaduk> jeff.hodges: maybe
[18:21:47] <kaduk> Brian is trying to say that the expiration might mean different things in the different use cases, but I couldn't really follow the difference.
[18:21:55] <Erik Wahlstrom> Justins is on, others are not :) or sound is not coming through at least.
[18:22:21] <kaduk> Ah, but maybe Justin did understand.
[18:22:26] <fenton> Not hearing the questions, can Justin repeat them?
[18:23:02] <kaduk> How about now?
[18:23:04] <fenton> thanks
[18:23:08] smemery joins the room
[18:23:10] <kaduk> you're welcome
[18:24:47] Lorenzo Miniero joins the room
[18:25:05] Lorenzo Miniero leaves the room
[18:25:47] <kaduk> any hands from the jabber room?  (Indicate which option)
[18:25:55] Erik Wahlstrom leaves the room
[18:26:36] <kaduk> Next presentation: PoP semantics for JWTs
[18:26:47] <kaduk> http://www.ietf.org/proceedings/92/slides/slides-92-oauth-5.pdf
[18:26:51] <kaduk> (page 1)
[18:26:55] David Millman leaves the room
[18:26:57] <kaduk> page 2
[18:27:03] <kaduk> There are only two pages...
[18:29:24] jeff.hodges leaves the room
[18:36:18] William Atwood joins the room
[18:38:04] <kaduk> next presentation...
[18:38:21] <fenton> this speaker is unintelligible...
[18:38:27] <kaduk> Hannes?
[18:38:43] <fenton> Maybe? Is he at a mic? Doesn't sound like it.
[18:38:50] <kaduk> He's currently wrangling volunteers to read the document this week
[18:39:11] <kaduk> He's near-ish the mic at the chairs' table, but not very close to it.
[18:39:32] <fenton> Sounds like this room may have some dead microphones.
[18:40:06] <kaduk> We're pulling up John Bradley's blog post
[18:40:55] <kaduk> http://www.thread-safe.com/2015/01/proof-of-possession-putting-pieces.html I guess
[18:41:40] Erik Wahlstrom joins the room
[18:41:46] smemery leaves the room
[18:41:55] smemery joins the room
[18:41:58] <fenton> Wondering what the relationship of this work is to the new tokbind WG.
[18:42:17] <kaduk> "They are unrelated"
[18:42:26] <fenton> thx
[18:42:55] <kaduk> Hannes was talking again; could you hear?
[18:43:12] <kaduk> The links above and below the "Authorization Request" heading are the two links
[18:43:12] Steve Olshansky leaves the room
[18:43:20] <fenton> Could barely make him out if I turned up the volume a bunch.
[18:43:46] <kaduk> We're in the "Authorization Request"
[18:44:29] <kaduk> Hmm, maybe I need to rescind that "unrelated" bit, given those links...
[18:44:47] <kaduk> Here we're at the "Authorization Response"
[18:45:15] Erik Wahlstrom leaves the room
[18:47:38] <kaduk> Now at "Access Token Request" and now "Response"
[18:49:05] <kaduk> now """The value of the "key" element is..."
[18:50:33] <kaduk> "If the access token is a JWT (JSW or JWE)"
[18:50:38] Erik Wahlstrom joins the room
[18:55:25] Valery Smyslov joins the room
[18:57:43] <kaduk> new presentation
[18:58:03] <fenton> Definitely hearing Hannes well now.
[18:58:10] <kaduk> draft-ietf-oauth-pop-key-distribution
[18:58:11] jon green joins the room
[18:58:19] <kaduk> I don't have powerpoint, so I can't tell which of the slides this is.
[18:58:32] <kaduk> (Hannes is now using the presenter's mic, since he's standing up and giving the presentation)
[18:59:14] <kaduk> (Or rather, I don't have powerpoint on the VM running my jabber client.)
[18:59:23] <kaduk> AS <-> Client Interaction
[18:59:39] <fenton> I'm getting the slides well now on Meetecho, FWIW.
[19:00:28] <kaduk> These are the -3.pptx document, it seems
[19:00:54] <kaduk> (slides-92-oauth-3.pptx)
[19:01:34] <kaduk> "AS creates PoP-enabled access token as defined in ..."
[19:01:44] <kaduk> These slides are not changing the title quickly; it's like an animation
[19:02:07] <kaduk> Response: : PoP access token, 2: key=(with JWK)
[19:02:10] <fenton> Now on slide 5
[19:02:39] <Bill Mills> ket to use with the AS, or did you mean RS?
[19:02:51] <kaduk> key to use with RS
[19:04:25] <kaduk> slide 6 ("summary")
[19:04:33] <kaduk> slide 7
[19:05:32] jon green leaves the room
[19:05:37] <Bill Mills> key should certainly be (able to be) bound to both tokens
[19:06:03] <kaduk> It sounds like we're going to get some list discussion on that topic this week, yes.
[19:06:13] Bill Jouris joins the room
[19:07:19] <smemery> Third open issue: Protect Refresh Token as well as well Access Token?  Proposal ???
[19:09:29] <Bill Mills> new grant type? why?
[19:09:47] <kaduk> You're getting new data structures back?
[19:10:00] <kaduk> Do you want me to ask that at the mic?
[19:11:04] Steve Olshansky joins the room
[19:12:09] <smemery> Isn't there an expiration?
[19:12:44] <kaduk> Which expiration do you mean?  The refresh token?
[19:12:49] <Bill Mills> MIC: POP refresh tokens protect against RS compromise.  Thinking about this it's not clear what the benefit is for POP refresh tokens
[19:13:09] <kaduk> in queue
[19:13:11] <smemery> kaduk: yes.
[19:13:19] <Bill Mills> MIC:  is secret storage more secure than token storage?
[19:13:46] Ken Murchison leaves the room
[19:14:09] <kaduk> sometimes that is measured in months, though, I thought.
[19:14:41] fenton leaves the room
[19:14:46] <smemery> Ah, that would be bad.
[19:16:30] <kaduk> (We're all swapping around the one mic that has a reasonable gain level)
[19:19:29] zhanna tsitkov leaves the room
[19:20:43] Zhanna Tsitkov joins the room
[19:22:28] <kaduk> new presentation
[19:22:36] <kaduk> http://www.ietf.org/proceedings/92/slides/slides-92-oauth-4.pdf
[19:22:39] <kaduk> page 2
[19:23:33] <kaduk> page 3
[19:24:07] <Bill Mills> MIC: http signing, is this what the TokenBinding WG is doing?
[19:24:57] <kaduk> page 4
[19:25:32] William Atwood leaves the room
[19:25:47] <kaduk> page 5
[19:25:57] <Bill Mills> they are awefully close...  this should be one thing not N
[19:27:45] <kaduk> I don't think either group will benefit from trying to smash the two things together into a combined thing.
[19:28:01] <kaduk> page 6
[19:28:41] <tlyu@mit.edu> i get the impression that each approach has use cases that work better with it than with the alternative
[19:29:38] <kaduk> page 7
[19:30:58] <kaduk> [end of presentation]
[19:33:25] <kaduk> (We're pulling up http://www.ietf.org/proceedings/92/slides/slides-92-oauth-6.pdf in the background)
[19:33:46] <kaduk> page 1
[19:33:53] <kaduk> (of 2)
[19:34:45] <kaduk> How is the audio from Mike?
[19:34:55] <Bill Mills> I hear him fine
[19:35:06] <kaduk> yay
[19:35:10] <Bill Mills> as long as he stays close to the mic anyway
[19:35:27] <kaduk> yeah, he went to point at the screen and that was not good, since he is using the mic stand
[19:35:43] <kaduk> [end of presentation]
[19:39:28] <kaduk> (Justin will send an email that points to both)
[19:39:38] <Bill Mills> +1 to pushback on having to make a callout to anpother service..  I get this a lot
[19:40:35] <Bill Mills> one possibility is to allow the perimeter server to sign and POP tokens can also be signed by perimeter servers.
[19:41:16] <Bill Mills> So strip the client sig and the perimeter server does it's own signature.
[19:42:30] <kaduk> Pulling up "Open Redirectors"
[19:42:47] <kaduk> http://www.ietf.org/proceedings/92/slides/slides-92-oauth-7.pdf
[19:42:57] <kaduk> which just showed up on the materials page during the session
[19:43:15] <kaduk> page 1
[19:43:16] <kaduk> page 2
[19:43:32] William Atwood joins the room
[19:46:15] <kaduk> page 3
[19:53:05] <kaduk> new presentation
[19:53:33] <kaduk> http://www.ietf.org/proceedings/92/slides/slides-92-oauth-1.pdf
[19:54:05] <kaduk> And here's Brian, with page 1
[19:54:19] <kaduk> page 2
[19:54:49] <kaduk> page 3
[19:55:46] <kaduk> page 4
[19:56:24] <kaduk> page 5
[19:57:33] <kaduk> page 6
[19:59:19] smemery leaves the room
[20:00:56] <kaduk> "open mic" slide is up (now that we're over time)
[20:01:16] kaduk leaves the room
[20:01:41] Bill Mills leaves the room
[20:01:41] Erik Wahlstrom leaves the room
[20:02:46] Valery Smyslov leaves the room
[20:02:50] tlyu@mit.edu leaves the room
[20:03:04] Zhanna Tsitkov leaves the room
[20:03:11] Meetecho leaves the room
[20:03:11] Eduardo Gueiros leaves the room
[20:04:55] wseltzer joins the room
[20:05:03] serrhini mohamed leaves the room
[20:05:03] William Atwood leaves the room
[20:10:42] Kathleen Moriarty leaves the room
[20:15:31] wseltzer leaves the room
[20:19:01] wseltzer leaves the room
[20:19:31] Steve Olshansky leaves the room
[20:21:41] Kathleen Moriarty joins the room
[20:23:09] Kathleen Moriarty leaves the room
[20:27:57] wseltzer joins the room
[20:28:12] Steve Olshansky joins the room
[20:37:06] Steve Olshansky leaves the room
[21:35:24] wseltzer joins the room
[21:44:32] wseltzer leaves the room
[22:09:02] wseltzer leaves the room
[22:18:50] wseltzer joins the room
[22:20:32] wseltzer joins the room
[22:20:55] wseltzer joins the room
[22:32:02] wseltzer leaves the room
[22:33:02] wseltzer leaves the room
Powered by ejabberd Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!