Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
Brian Campbell <bcampbell@pingidentity.com> Fri, 08 August 2014 14:28 UTC
Return-Path: <bcampbell@pingidentity.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 288D81B2B23 for <oauth@ietfa.amsl.com>; Fri, 8 Aug 2014 07:28:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.568
X-Spam-Level:
X-Spam-Status: No, score=-3.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id egzaEag1JzE5 for <oauth@ietfa.amsl.com>; Fri, 8 Aug 2014 07:28:15 -0700 (PDT)
Received: from na3sys009aog134.obsmtp.com (na3sys009aog134.obsmtp.com [74.125.149.83]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0E781B2AD7 for <oauth@ietf.org>; Fri, 8 Aug 2014 07:28:14 -0700 (PDT)
Received: from mail-ig0-f174.google.com ([209.85.213.174]) (using TLSv1) by na3sys009aob134.postini.com ([74.125.148.12]) with SMTP ID DSNKU+Teftuk3KIE+t9EmOnhkJqesX2m3C/n@postini.com; Fri, 08 Aug 2014 07:28:14 PDT
Received: by mail-ig0-f174.google.com with SMTP id c1so1098919igq.13 for <oauth@ietf.org>; Fri, 08 Aug 2014 07:28:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ScH16/ldJQ0O819RJQQWGmPP4V1/TA30h43ezbs/g44=; b=Eht4TaZ58gPb7H/FA0pxtCRrzs1MFUVMrk8Ckf4bP+CLoY1h9qWQvSPHekgYmikFy8 AM/ixb1rt4WYhJfmJUIwi4iCJfsIjS+VF3iA8wjA/zJx/kx8ZQlgtGow9axbYVL5L1JK K5jcMJQqbt8rmb2YwWvvnJ+v3PeHEwRnElomoynggJ/l8iPSSB2MF7npbwXF48EXruuS atobjHHLpu8zMLLDRydU+U698U+9DgfU/R5XVj/MW2MhIT0uMAunNuOlsDzobmi/X8l4 qVsRGaA0WVeyUqhV0nd4cwyf6vE2zv9D/oPTysiT6fw2yUkIfeXhuHIzRj7C1cjkVHnY BG0w==
X-Gm-Message-State: ALoCoQkMxYAIs5gJ7RiVA1/txUylXDIYWy41wWojrQKl2e9ZUHmb9O34V+4VLV4KQqpsFErymJl6XMel1d4wmiWN9rGvN28o0zFehiMnFXVAMEPUYWcweMnnjZb/LrvjaU78ss1y9urC
X-Received: by 10.42.214.207 with SMTP id hb15mr12563431icb.30.1407508093885; Fri, 08 Aug 2014 07:28:13 -0700 (PDT)
X-Received: by 10.42.214.207 with SMTP id hb15mr12563409icb.30.1407508093724; Fri, 08 Aug 2014 07:28:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.150.162 with HTTP; Fri, 8 Aug 2014 07:27:43 -0700 (PDT)
In-Reply-To: <53D6896E.1030701@gmx.net>
References: <53D6896E.1030701@gmx.net>
From: Brian Campbell <bcampbell@pingidentity.com>
Date: Fri, 08 Aug 2014 08:27:43 -0600
Message-ID: <CA+k3eCTJMAGGwt1xhOKuVrEJpQqUhTjXzUM6gx8f_XgHdXzH_A@mail.gmail.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
Content-Type: multipart/alternative; boundary="20cf301cbea2f1ff6505001f035d"
Archived-At: http://mailarchive.ietf.org/arch/msg/oauth/vYthOEVfyoC4T9BSlB9HRi3EOrI
Cc: "oauth-chairs@tools.ietf.org" <oauth-chairs@tools.ietf.org>, "oauth@ietf.org" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Confirmation: Call for Adoption of "OAuth 2.0 Token Exchange" as an OAuth Working Group Item
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Aug 2014 14:28:18 -0000
I am very much in favor of the WG pursuing the general concept of an OAuth Token Exchange. However, I don't believe this document, in its current form anyway, is the necessarily the most appropriate starting point as a WG work item. I wrote up an I-D, which I'd ask to be considered as alternative or additional input into the process: https://datatracker.ietf.org/doc/draft-campbell-oauth-sts/ I don't intend this to be confrontational or "this is better than that" kind of thing. Producing a draft just seemed like the most straightforward way to document some initial thoughts on it. I'm more than open to collaborating on it going forward. On Mon, Jul 28, 2014 at 11:33 AM, Hannes Tschofenig < hannes.tschofenig@gmx.net> wrote: > Hi all, > > during the IETF #90 OAuth WG meeting, there was strong consensus in > adopting the "OAuth 2.0 Token Exchange" > (draft-jones-oauth-token-exchange-01.txt) specification as an OAuth WG > work item. > > We would now like to verify the outcome of this call for adoption on the > OAuth WG mailing list. Here is the link to the document: > http://datatracker.ietf.org/doc/draft-jones-oauth-token-exchange/ > > If you did not hum at the IETF 90 OAuth WG meeting, and have an opinion > as to the suitability of adopting this document as a WG work item, > please send mail to the OAuth WG list indicating your opinion (Yes/No). > > The confirmation call for adoption will last until August 10, 2014. If > you have issues/edits/comments on the document, please send these > comments along to the list in your response to this Call for Adoption. > > Ciao > Hannes & Derek > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > -- [image: Ping Identity logo] <https://www.pingidentity.com/> Brian Campbell Distinquished Engineer @ bcampbell@pingidentity.com [image: phone] +1 720.317.2061 Connect with us… [image: twitter logo] <https://twitter.com/pingidentity> [image: youtube logo] <https://www.youtube.com/user/PingIdentityTV> [image: LinkedIn logo] <https://www.linkedin.com/company/21870> [image: Facebook logo] <https://www.facebook.com/pingidentitypage> [image: Google+ logo] <https://plus.google.com/u/0/114266977739397708540> [image: slideshare logo] <http://www.slideshare.net/PingIdentity> [image: flipboard logo] <http://flip.it/vjBF7> [image: rss feed icon] <https://www.pingidentity.com/blogs/>
- [OAUTH-WG] Confirmation: Call for Adoption of "OA… Hannes Tschofenig
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Brian Campbell
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… John Bradley
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Brian Campbell
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Mike Jones
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… John Bradley
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Brian Campbell
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Hannes Tschofenig
- Re: [OAUTH-WG] Confirmation: Call for Adoption of… Anthony Nadalin