IETF
oauth@jabber.ietf.org
Wednesday, April 6, 2016< ^ >
derek has set the subject to: OAuth WG | http://tools.ietf.org/wg/oauth/ | IETF 90 audio stream: http://ietf90streaming.dnsalias.net/ietf/ietf903.m3u
Room Configuration
Room Occupants

GMT+0
[11:54:46] Tobia Castaldi joins the room
[12:30:51] Tobia Castaldi leaves the room
[12:46:54] Meetecho joins the room
[12:55:12] Jim Fenton joins the room
[12:55:29] Tom Zeller joins the room
[12:56:21] Justin Richer joins the room
[12:56:31] Yoshiro Yoneya joins the room
[12:56:37] Brian Sipos joins the room
[12:58:43] Hiroyuki Goto joins the room
[13:02:43] Roland Hedberg joins the room
[13:03:15] <Justin Richer> Thanks, Jim.
[13:03:27] Derek Atkins joins the room
[13:03:39] <Jim Fenton> Hi…anyone that wants something channeled to the microphone, please prefix your comment with mic:
[13:03:44] <Justin Richer> Hannes: the slides aren't being broadcast to meetecho
[13:03:52] <Meetecho> fixing that
[13:03:55] <Justin Richer> oh, thanks
[13:04:57] <Jim Fenton> IN the meanwhile, I'll try to announce what slide we're on
[13:05:09] <Jim Fenton> slide:"Developments since Yokohama"
[13:05:26] Carsten Bormann joins the room
[13:06:03] derek joins the room
[13:06:22] <Jim Fenton> Let me know when the slides are making it to Meetecho
[13:06:30] Hiroyuki Goto leaves the room
[13:06:31] <derek> I'm still trying to join the meetecho stream...  It connected on Monday ust fine, but right now it seems to be sitting there waiting for WebRTC.
[13:06:54] Hiroyuki Goto joins the room
[13:06:55] <Jim Fenton> FWIW, in the room it shows you on Meetecho, Derek
[13:07:12] <Jim Fenton> slide: NEW Milestones
[13:07:37] <derek> That's nice; my browser is sitting in "Please allow your brower to use your mic and camera", but the popup hasn't come up, and I'mnot getting any audio or slids.
[13:08:00] <Jim Fenton> Slide: "OAuth Security Workshop"
[13:08:19] <Meetecho> we're working on the slides feed
[13:08:57] <Jim Fenton> slide: Manning Publications (Justin/Antonio's book)
[13:09:15] <Justin Richer> Final reviews just went out on Monday!
[13:09:16] <derek> Meetecho: thanks, but I'm not receiving audio, either..  But that could be my end.  I'm reloading the web page.  (worst case I'll restart my browser)
[13:09:20] <Jim Fenton> slide: Agenda
[13:09:30] <Justin Richer> I'm getting audio fine, just no slides. Room video is fine.
[13:09:44] <derek> Justin Richer: which implies it's me..
[13:10:25] <Jim Fenton> Beginning presentation on OAuth mix-up, John Bradley
[13:10:45] <Jim Fenton> slide: Documents
[13:10:50] Derek Atkins leaves the room
[13:10:58] <Justin Richer> (raise hand)
[13:11:20] sftcd joins the room
[13:11:28] седая борода joins the room
[13:11:52] <Jim Fenton> slide: Attackers goals
[13:14:35] Derek Atkins joins the room
[13:14:41] Craig Taylor joins the room
[13:14:50] <Jim Fenton> slide: Authorization endpoint MiM Cause
[13:15:26] <Meetecho> can't seem to be able to show slides to remotes, as our splitter has been bypassed
[13:15:53] <Jim Fenton> Meetecho: Anything we need to do in-room?
[13:15:57] <седая борода> meetecho: is that something we need to fix in the room?  What can we do?
[13:16:21] <Justin Richer> Sounds like someone plugged into the wrong box in the room
[13:16:25] Craig Taylor leaves the room
[13:16:29] craigt joins the room
[13:16:31] <Meetecho> I think the chair needs to attach to our splitter instead of the beamer directly
[13:16:38] <Meetecho> check if a Meetecho guy is still in the room
[13:16:59] <Meetecho> and he'll do that
[13:17:45] <Meetecho> Isorry, I've just been told the chair doesn't want to do that right now
[13:18:53] <Justin Richer> use the mic please
[13:18:57] <Jim Fenton> I just asked the AV guy to do go ahead
[13:18:59] <derek> Can't hear that mic..  
[13:19:01] <Jim Fenton> Having mic problems
[13:19:03] <derek> Ah, there we go!
[13:19:08] <Justin Richer> there
[13:19:42] <Jim Fenton> got video now?
[13:19:48] Craig Taylor joins the room
[13:20:05] <derek> Jim Fenton: not yet, but I seem to be very delayed.
[13:20:53] <Jim Fenton> Phil Hunt at mic
[13:21:06] <Meetecho> video should be fine, it's just the slides that are missing
[13:21:26] <Jim Fenton> Oh, right, I meant slides not video
[13:21:42] <derek> Oh, I thought Jim meant the slides had been fixed.  I'm seeing the Video.
[13:21:59] <Justin Richer> yeah, no slides yet. Someone in-room, Please switch out the plugs during the discussion here.
[13:22:11] <Jim Fenton> I did mean that I thought the slides had been fixed. Oh well.
[13:22:17] <Justin Richer> I vote for the "Random ASs attack"
[13:22:54] <Jim Fenton> The A/V guys just went up and switched some plugs on the slides, but apparently it didn't help
[13:23:12] <Justin Richer> meetecho: the plugs are switched, can we try restarting the slide stream?
[13:23:20] <Justin Richer> (apparently switched anyway)
[13:23:26] <Justin Richer> YAY!
[13:23:27] <Jim Fenton> slide: Token endpoint and RS endpoint MiM
[13:23:33] <derek> SLIDES!!!!
[13:23:37] <Jim Fenton> yay!
[13:23:41] <Meetecho> kudos to the AV guy ;)
[13:23:44] <Justin Richer> I've never been so happy for terrible powerpoint
[13:23:51] <Justin Richer> great job guys
[13:23:53] <derek> Justin Richer: LOL
[13:24:32] <Jim Fenton> If anyone not getting slides, let me know and I'll continue announcing. Otherwise not.
[13:25:35] Kathleen Moriarty joins the room
[13:25:47] <Kathleen Moriarty> FYI- I'm audio only for this session
[13:25:59] Kathleen Moriarty leaves the room
[13:26:10] <Jim Fenton> We're on Dynamic registration slide of mix-up presentation
[13:26:40] Hiroyuki Goto leaves the room
[13:26:49] <Justin Richer> you need to be registered at a bad AS, one way or another. But you can get that registration dynamically more easily.
[13:26:49] <Jim Fenton> Kathleen, do you need announcement of slide changes?
[13:27:07] Hiroyuki Goto joins the room
[13:27:15] <Justin Richer> Same idea with the discovery portion, really. But it's silly to think we can protect against bad static configurations.
[13:29:18] <Jim Fenton> Lots of assumptions about the motivations of fuzzy kittens.
[13:31:59] <Jim Fenton> Phil Hunt at mic again
[13:33:36] Anderson Freitas joins the room
[13:34:11] <Justin Richer> also: http://oauth.net/articles/authentication/
[13:34:19] Roger Carney joins the room
[13:37:15] Anderson Freitas leaves the room
[13:38:23] <Justin Richer> mic: does this require a bit of a race condition in the attack? Or are there legitimate ways to keep the victim from using the code?
[13:38:40] Derek Atkins leaves the room
[13:39:37] <Jim Fenton> Barry will be channeling you, Justin
[13:39:41] <Justin Richer> thank you
[13:40:55] <Justin Richer> OK, that makes sense -- I'm trying to solidify the preconditions
[13:43:27] derek leaves the room
[13:44:41] Karen O'Donoghue joins the room
[13:45:51] Joseph Ishac joins the room
[13:48:01] Karen O'Donoghue leaves the room
[13:48:51] <Justin Richer> +1 to William's point, it's a mess
[13:49:05] <Roland Hedberg> +1
[13:49:58] Steve Olshansky joins the room
[13:52:14] <Justin Richer> I still think "Random ASs Attack" has a certain punch to it
[13:54:06] Scott Hollenbeck joins the room
[13:54:51] <Justin Richer> possible third option: RFC6819bis
[13:55:08] Hiroyuki Goto leaves the room
[13:55:24] Hiroyuki Goto joins the room
[13:56:11] Carsten Bormann leaves the room
[13:56:32] derek joins the room
[13:57:47] <Justin Richer> mic: oddly, I kinda agree with Phil, and it almost parallels the mobile applications BCP draft.
[13:57:59] Derek Atkins joins the room
[13:58:15] <Justin Richer> (which is to say, put it into an "if you're doing things this way, do these mitigations" draft)
[13:59:01] Joseph Ishac leaves the room
[13:59:05] Joseph Ishac joins the room
[13:59:29] <Justin Richer> meetecho: video seems frozen for me
[13:59:34] Carsten Bormann joins the room
[13:59:47] <Meetecho> Justin Richer: have you tried rejoining??
[13:59:57] <Meetecho> (sorry didn't mean to add the double question mark :) )
[14:00:05] Joseph Ishac leaves the room
[14:00:12] Hiroyuki Goto leaves the room
[14:00:19] hiroyuki goto joins the room
[14:00:19] <Justin Richer> I would but I don't want to miss the audio stream as I go through the reconnect rigormorall
[14:00:46] <Roland Hedberg> I have the same problem as Justin
[14:01:32] <Justin Richer> room video is live again
[14:01:35] <Roland Hedberg> Ah, solved it ! Thanks
[14:01:48] <Justin Richer> Jim, are the slides still on the "it succeeds because"?
[14:02:00] <Justin Richer> PPT edit mode
[14:02:24] <Justin Richer> +1 to Barry's idea, that's a good management
[14:04:02] <Jim Fenton> On Mike Jones title slide now, are you seeing that?
[14:04:21] <Justin Richer> yup, that's good
[14:04:23] <Justin Richer> thanks
[14:04:40] <Jim Fenton> (sorry, looked away from Jabber for a few min)
[14:04:43] <Justin Richer> when you're remote, you can't alwas tell if the video is broken or if nothing is happening :)
[14:04:53] <Jim Fenton> could be either
[14:04:57] <Justin Richer> sometimes both
[14:07:41] hiroyuki goto leaves the room
[14:08:25] hiroyuki goto joins the room
[14:09:28] <Justin Richer> it worries me that this seems to encourage late binding the discovery of the AS. I'd bring up the point on themic but it's been brought up on the list already.
[14:09:58] <Jim Fenton> Justin: is that for the mic?
[14:12:34] седая борода leaves the room
[14:13:18] Darshak Thakore joins the room
[14:13:26] Nov Matake joins the room
[14:15:29] <Justin Richer> no, I don't think so
[14:21:44] <Justin Richer> mic: they could, but not with JOSE
[14:21:52] <Justin Richer> drop that, Hannes just said that
[14:26:01] hiroyuki goto leaves the room
[14:34:22] hiroyuki goto joins the room
[14:34:25] <Justin Richer> Yes it's OK
[14:34:46] <Justin Richer> mic: it's impossible to tell the difference between "unknown client" and "interoperability"
[14:35:29] <Jim Fenton> in line
[14:35:39] Steve Olshansky leaves the room
[14:40:26] <Justin Richer> thanks, Jim
[14:41:12] <Justin Richer> but the "threat" is clients get configured and things work?
[14:41:44] <Justin Richer> +1 to william
[14:41:54] <Justin Richer> I realize I'm mostly talking to the air here
[14:43:51] Darshak Thakore leaves the room
[14:46:56] <Justin Richer> this call for design teams and "let's just think about it" is a DoS against the WG
[14:49:07] Nov Matake_2936 joins the room
[14:49:12] Nov Matake leaves the room
[14:50:14] <Jim Fenton> wow, Open Issues is an eyechart
[14:50:47] <Justin Richer> yeah, nearly unreadable over meetecho (@ resolution)
[14:51:22] <Roland Hedberg> You have to get a bigger screen
[14:51:47] <Jim Fenton> makes the blur bigger, doesn't it?
[14:52:05] <Justin Richer> mic: we've got an implementation of my old token chaining draft, we might be able to adapt it
[14:52:18] <Meetecho> if you double click the slides it will take a larger space
[14:52:23] <Meetecho> and should become readable
[14:52:33] <Meetecho> double clicking them again willr estore the original size
[14:52:51] <Roland Hedberg> That is exactly what I did and on a 24' screen it's actually quite readable
[14:52:55] <Justin Richer> meetecho: it's still Brian's fault for making bad slides :)
[14:53:17] <Jim Fenton> especially when most of then are quite nice.
[14:53:26] <Roland Hedberg> It's a horrible slide :-)
[14:54:44] <Justin Richer> just filed it as an issue, we'll get to it someday https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1055
[14:57:27] sftcd leaves the room
[14:59:02] <Justin Richer> yes, Tony, Microsoft is behind this one ;)
[14:59:29] <Justin Richer> behind on this one, that is
[14:59:54] Donald Coffin joins the room
[15:00:34] hiroyuki goto leaves the room
[15:00:35] Nov Matake_2936 leaves the room
[15:00:47] hiroyuki goto joins the room
[15:00:49] Nov Matake joins the room
[15:02:55] <Jim Fenton> Oooh, I have a project that might want to use that Django OIDC provider.
[15:03:59] <Roland Hedberg> We're extending the Android library that William taked about to support dynamic registration and provider configuration discovery.
[15:04:49] HIROKO SOGA joins the room
[15:05:07] <Roland Hedberg> At the same time we've also some interop testing. No snags so far.
[15:06:48] Steve Olshansky joins the room
[15:07:45] <Jim Fenton> brb
[15:07:57] <Justin Richer> mic: The HEART and SMART projects both use "aud" to do something similar
[15:11:18] <Jim Fenton> back, getting in line
[15:11:40] Dave Taht joins the room
[15:11:45] <Justin Richer> mic: you can still use scope the way DT is now
[15:12:22] <Justin Richer> mic: Adding to Torsten's comment, the combinatorics of the multiple parameters is potentially problematic. I dislike the idea of structured parameters.
[15:12:28] <Justin Richer> (That's a lot on the mic I know.)
[15:12:58] <Justin Richer> I support circumventing Tony wherever possible
[15:13:22] <Justin Richer> mic: yes I'm saying that
[15:13:42] Dave Taht leaves the room
[15:14:44] <Justin Richer> optionality is absolutely key
[15:14:52] <Justin Richer> MS's implementation made it required which is problematic
[15:15:37] <Jim Fenton> is that for mic too?
[15:17:29] Mariko Kobayashi joins the room
[15:18:47] <Justin Richer> thanks
[15:23:24] <Justin Richer> *hand*
[15:23:38] <Roland Hedberg> hummmmm
[15:24:08] <Roland Hedberg> no
[15:24:09] <Jim Fenton> Roland, why?
[15:24:48] <Roland Hedberg> I didn't object I raised my hand by using the 'hum' button.
[15:25:00] <Jim Fenton> oh, you support then?
[15:25:04] <Roland Hedberg> yes
[15:25:06] Yoshiro Yoneya leaves the room
[15:25:10] <Jim Fenton> ok will clarify
[15:25:41] Steve Olshansky leaves the room
[15:26:30] Roland Schott joins the room
[15:26:48] <Roland Hedberg> Waiting for J.B's song and dance ! That he promised at the beginning of the meeting.
[15:27:24] <Derek Atkins> Obviously I can't meet for a beer..
[15:27:39] <Justin Richer> it's a bit of a long commute for me
[15:28:54] Meetecho leaves the room
[15:29:25] Carsten Bormann leaves the room
[15:29:32] Roger Carney leaves the room
[15:29:50] Steve Olshansky joins the room
[15:29:53] <Roland Hedberg> :-)
[15:29:53] <Justin Richer> clap
[15:29:55] <Justin Richer> clap
[15:29:57] <Derek Atkins> THanks everyone!
[15:30:16] <Justin Richer> 👏
[15:30:43] Jim Fenton leaves the room
[15:30:56] Donald Coffin leaves the room
[15:30:56] <derek> ... and.... meetecho ended.
[15:30:56] Tom Zeller leaves the room
[15:30:57] Brian Sipos leaves the room
[15:30:57] HIROKO SOGA leaves the room
[15:30:57] hiroyuki goto leaves the room
[15:30:57] Mariko Kobayashi leaves the room
[15:30:57] Roland Hedberg leaves the room
[15:30:57] Derek Atkins leaves the room
[15:30:58] Nov Matake leaves the room
[15:30:58] Roland Schott leaves the room
[15:31:17] Jim Fenton joins the room
[15:31:22] Craig Taylor leaves the room
[15:31:35] Scott Hollenbeck leaves the room
[15:31:43] Jim Fenton leaves the room
[15:31:48] Justin Richer leaves the room
[15:32:07] Steve Olshansky leaves the room
[15:32:20] derek leaves the room
[15:56:13] lemongrab joins the room
[15:56:47] lemongrab leaves the room
[15:59:59] craigt leaves the room
[16:58:26] Carsten Bormann joins the room
[17:01:06] Carsten Bormann leaves the room
[17:11:21] lemongrab joins the room
[17:11:50] lemongrab leaves the room
[18:54:47] craigt joins the room
[18:59:49] craigt leaves the room
[19:10:10] craigt joins the room
[20:37:15] craigt leaves the room
Powered by ejabberd - robust, scalable and extensible XMPP server Powered by Erlang Valid XHTML 1.0 Transitional Valid CSS!