| < draft-ietf-kitten-sasl-oauth-01.txt | draft-ietf-kitten-sasl-oauth-02.txt > | |||
|---|---|---|---|---|
| KITTEN W. Mills | KITTEN W. Mills | |||
| Internet-Draft Yahoo! Inc. | Internet-Draft Yahoo! Inc. | |||
| Intended status: Standards Track T. Showalter | Intended status: Standards Track T. Showalter | |||
| Expires: December 1, 2012 | Expires: February 5, 2013 | |||
| H. Tschofenig | H. Tschofenig | |||
| Nokia Siemens Networks | Nokia Siemens Networks | |||
| May 30, 2012 | August 4, 2012 | |||
| A SASL and GSS-API Mechanism for OAuth | A SASL and GSS-API Mechanism for OAuth | |||
| draft-ietf-kitten-sasl-oauth-01 | draft-ietf-kitten-sasl-oauth-02 | |||
| Abstract | Abstract | |||
| OAuth enables a third-party application to obtain limited access to a | OAuth enables a third-party application to obtain limited access to a | |||
| protected resource, either on behalf of a resource owner by | protected resource, either on behalf of a resource owner by | |||
| orchestrating an approval interaction, or by allowing the third-party | orchestrating an approval interaction, or by allowing the third-party | |||
| application to obtain access on its own behalf. | application to obtain access on its own behalf. | |||
| This document defines how an application client uses OAuth over the | This document defines how an application client uses OAuth over the | |||
| Simple Authentication and Security Layer (SASL) or the Generic | Simple Authentication and Security Layer (SASL) or the Generic | |||
| skipping to change at page 2, line 4 ¶ | skipping to change at page 2, line 4 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on December 1, 2012. | This Internet-Draft will expire on February 5, 2013. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2012 IETF Trust and the persons identified as the | Copyright (c) 2012 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 11 ¶ | skipping to change at page 3, line 11 ¶ | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 3. OAuth SASL Mechanism Specification . . . . . . . . . . . . . . 8 | 3. OAuth SASL Mechanism Specification . . . . . . . . . . . . . . 8 | |||
| 3.1. Initial Client Response . . . . . . . . . . . . . . . . . 8 | 3.1. Initial Client Response . . . . . . . . . . . . . . . . . 8 | |||
| 3.1.1. Reserved Key/Values in OAUTH . . . . . . . . . . . . . 8 | 3.1.1. Reserved Key/Values in OAUTH . . . . . . . . . . . . . 9 | |||
| 3.2. Server's Response . . . . . . . . . . . . . . . . . . . . 9 | 3.2. Server's Response . . . . . . . . . . . . . . . . . . . . 9 | |||
| 3.2.1. Mapping to SASL Identities . . . . . . . . . . . . . . 9 | 3.2.1. Mapping to SASL Identities . . . . . . . . . . . . . . 9 | |||
| 3.2.2. Server response to failed authentication. . . . . . . 10 | 3.2.2. Server response to failed authentication. . . . . . . 10 | |||
| 3.3. Use of Signature Type Authorization . . . . . . . . . . . 10 | 3.3. Use of Signature Type Authorization . . . . . . . . . . . 10 | |||
| 3.4. Channel Binding . . . . . . . . . . . . . . . . . . . . . 11 | 3.4. Channel Binding . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4. GSS-API OAuth Mechanism Specification . . . . . . . . . . . . 12 | 4. GSS-API OAuth Mechanism Specification . . . . . . . . . . . . 13 | |||
| 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 5.1. Successful Bearer Token Exchange . . . . . . . . . . . . . 13 | 5.1. Successful Bearer Token Exchange . . . . . . . . . . . . . 14 | |||
| 5.2. MAC Authentication with Channel Binding . . . . . . . . . 13 | 5.2. MAC Authentication with Channel Binding . . . . . . . . . 14 | |||
| 5.3. Failed Exchange . . . . . . . . . . . . . . . . . . . . . 14 | 5.3. Failed Exchange . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 5.4. Failed Channel Binding . . . . . . . . . . . . . . . . . . 15 | 5.4. Failed Channel Binding . . . . . . . . . . . . . . . . . . 16 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 16 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 17 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 7.1. SASL Registration . . . . . . . . . . . . . . . . . . . . 17 | 7.1. SASL Registration . . . . . . . . . . . . . . . . . . . . 18 | |||
| 7.2. GSS-API Registration . . . . . . . . . . . . . . . . . . . 17 | 7.2. GSS-API Registration . . . . . . . . . . . . . . . . . . . 18 | |||
| 8. Appendix A -- Document History . . . . . . . . . . . . . . . . 18 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 8.1. Normative References . . . . . . . . . . . . . . . . . . . 19 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . . 19 | 8.2. Informative References . . . . . . . . . . . . . . . . . . 20 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . . 20 | Appendix A. Document History . . . . . . . . . . . . . . . . . . 21 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 | |||
| 1. Introduction | 1. Introduction | |||
| OAuth [I-D.ietf-oauth-v2] enables a third-party application to obtain | OAuth [I-D.ietf-oauth-v2] enables a third-party application to obtain | |||
| limited access to a protected resource, either on behalf of a | limited access to a protected resource, either on behalf of a | |||
| resource owner by orchestrating an approval interaction, or by | resource owner by orchestrating an approval interaction, or by | |||
| allowing the third-party application to obtain access on its own | allowing the third-party application to obtain access on its own | |||
| behalf. The core OAuth specification [I-D.ietf-oauth-v2] does not | behalf. The core OAuth specification [I-D.ietf-oauth-v2] does not | |||
| define the interaction between the client and the resource server | define the interaction between the client and the resource server | |||
| with the access to a protected resource using an Access Token. This | with the access to a protected resource using an Access Token. This | |||
| skipping to change at page 8, line 17 ¶ | skipping to change at page 8, line 17 ¶ | |||
| SASL is used as a generalized authentication method in a variety of | SASL is used as a generalized authentication method in a variety of | |||
| application layer protocols. This document defines two SASL | application layer protocols. This document defines two SASL | |||
| mechanisms for usage with OAuth: "OAUTH" and "OAUTH-PLUS". The | mechanisms for usage with OAuth: "OAUTH" and "OAUTH-PLUS". The | |||
| "OAUTH" SASL mechanism enables OAuth authorizattion schemes for SASL, | "OAUTH" SASL mechanism enables OAuth authorizattion schemes for SASL, | |||
| "OAUTH-PLUS" adds channel binding [RFC5056] capability for additional | "OAUTH-PLUS" adds channel binding [RFC5056] capability for additional | |||
| security guarantees. | security guarantees. | |||
| 3.1. Initial Client Response | 3.1. Initial Client Response | |||
| Client responses are a key/value pair sequence. These key/value | Client responses are a key/value pair sequence. These key/value | |||
| pairs carry the equivalent values form an HTTP context in order to be | pairs carry the equivalent values from an HTTP context in order to be | |||
| able to complete an OAuth style HTTP authorization. The ABNF | able to complete an OAuth style HTTP authorization. The ABNF | |||
| [RFC2234] syntax is: | [RFC5234] syntax is | |||
| kvsep = %x01 | kvsep = %x01 | |||
| key = 1*ALPHA | key = 1*ALPHA | |||
| value = *(VCHAR | SP | HTAB | CR | LF ) | value = *(VCHAR | SP | HTAB | CR | LF ) | |||
| kvpair = key "=" value kvsep | kvpair = key "=" value kvsep | |||
| client_resp = 1*kvpair kvsep | client_resp = 1*kvpair kvsep | |||
| The following key/value pairs are defined in the client response: | The following key/value pairs are defined in the client response: | |||
| auth (REQUIRED): The payload of the HTTP Authorization header for | auth (REQUIRED): The payload of the HTTP Authorization header for | |||
| an equivalent HTTP OAuth authroization. | an equivalent HTTP OAuth authroization. | |||
| user (REQUIRED): Contains the user name being authenticated. The | ||||
| server MAY use this as a routing or database lookup hint. The | ||||
| server MUST NOT use this as authoritative, the user name MUST | ||||
| be asserted by the OAuth credential. | ||||
| host: Contains the host name to which the client connected. | host: Contains the host name to which the client connected. | |||
| port: Contains the port number represented as a decimal positive | port: Contains the port number represented as a decimal positive | |||
| integer string without leading zeros to which the client | integer string without leading zeros to which the client | |||
| connected. | connected. | |||
| In authorization schemes that use signatures, the client MUST send | In authorization schemes that use signatures, the client MUST send | |||
| host and port number key/values, and the server MUST fail | host and port number key/values, and the server MUST fail an | |||
| authorization request requiring signatures that do not have host and | authorization request requiring signatures that does not have host | |||
| port values. | and port values. | |||
| 3.1.1. Reserved Key/Values in OAUTH | 3.1.1. Reserved Key/Values in OAUTH | |||
| In the OAUTH mechanism values for path, query string and post body | In the OAUTH mechanism values for path, query string and post body | |||
| are assigned default values. OAuth authorization schemes MAY define | are assigned default values. OAuth authorization schemes MAY define | |||
| usage of these in the SASL context and extend this specification. | usage of these in the SASL context and extend this specification. | |||
| For OAuth schemes that use request signatures the default values MUST | For OAuth schemes that use request signatures the default values MUST | |||
| be used unless explict values are provided in the client response. | be used unless explict values are provided in the client response. | |||
| The following key values are reserved for future use: | The following key values are reserved for future use: | |||
| skipping to change at page 9, line 38 ¶ | skipping to change at page 9, line 45 ¶ | |||
| completing the SASL negotiation. The authentication scheme MUST | completing the SASL negotiation. The authentication scheme MUST | |||
| carry the user ID to be used as the authorization identity (identity | carry the user ID to be used as the authorization identity (identity | |||
| to act as). The server MUST use the ID obtained from the credential | to act as). The server MUST use the ID obtained from the credential | |||
| as the user being authorized. | as the user being authorized. | |||
| 3.2.1. Mapping to SASL Identities | 3.2.1. Mapping to SASL Identities | |||
| Some OAuth mechanisms can provide both an authorization identity and | Some OAuth mechanisms can provide both an authorization identity and | |||
| an authentication identity. An example of this is OAuth 1.0a | an authentication identity. An example of this is OAuth 1.0a | |||
| [RFC5849] where the consumer key (oauth_consumer_key) identifies the | [RFC5849] where the consumer key (oauth_consumer_key) identifies the | |||
| entity using to token which equates to the SASL authentication | entity using the token which equates to the SASL authentication | |||
| identity, and is authenticated using the shared secret. The | identity, and is authenticated using the shared secret. The | |||
| authorization identity in the OAuth 1.0a case is carried in the token | authorization identity in the OAuth 1.0a case is carried in the token | |||
| (per the requirement above), which SHOULD validated independently. | (per the requirement above), which SHOULD be validated independently. | |||
| The server MAY use a consumer key, a value derived from it, or other | The server MAY use a consumer key, a value derived from it, or other | |||
| comparable identity in the OAuth authorization scheme as the SASL | comparable identity in the OAuth authorization scheme as the SASL | |||
| authentication identity. If an appropriate authentication identity | authentication identity. If an appropriate authentication identity | |||
| is not available the server MUST use the authorization identity as | is not available the server MUST use the authorization identity as | |||
| the wuthentication identity. | the authentication identity. | |||
| 3.2.2. Server response to failed authentication. | 3.2.2. Server response to failed authentication. | |||
| For a failed authentication the server returns a JSON [RFC4627] | For a failed authentication the server returns a JSON [RFC4627] | |||
| formatted error result, and fails the authentication. The error | formatted error result, and fails the authentication. The error | |||
| result consists of the following values: | result consists of the following values: | |||
| status (REQUIRED): The authorization error code. Valid error | status (REQUIRED): The authorization error code. Valid error | |||
| codes are defined in the IANA [[need registry name]] registry | codes are defined in the IANA [[need registry name]] registry | |||
| specified in the OAuth 2 core specification. | specified in the OAuth 2 core specification. | |||
| schemes (REQUIRED): A space separated list of the OAuth | ||||
| authroization schemes supported by the server, i.e. "bearer" or | ||||
| "bearer mac". | ||||
| scope (OPTIONAL): The OAuth scope required to access the service. | scope (OPTIONAL): The OAuth scope required to access the service. | |||
| If the resource server provides a scope the client SHOULD always | If the resource server provides a scope the client SHOULD always | |||
| request scoped tokens from the token endpoint. The client MAY use a | request scoped tokens from the token endpoint. The client MAY use a | |||
| scope other than the one provided by the resource server. Scopes | scope other than the one provided by the resource server. Scopes | |||
| other than those advertised by the resource server are be defined by | other than those advertised by the resource server are be defined by | |||
| the resource owner and provided in service documentation or discovery | the resource owner and provided in service documentation or discovery | |||
| information (which is beyond the scope of this memo). If not present | information (which is beyond the scope of this memo). If not present | |||
| then the client SHOULD presume an empty scope (unscoped token) is | then the client SHOULD presume an empty scope (unscoped token) is | |||
| needed. | needed. | |||
| skipping to change at page 18, line 5 ¶ | skipping to change at page 19, line 5 ¶ | |||
| Note: None | Note: None | |||
| 7.2. GSS-API Registration | 7.2. GSS-API Registration | |||
| IANA is further requested to assign an OID for this GSS mechanism in | IANA is further requested to assign an OID for this GSS mechanism in | |||
| the SMI numbers registry, with the prefix of | the SMI numbers registry, with the prefix of | |||
| iso.org.dod.internet.security.mechanisms (1.3.6.1.5.5) and to | iso.org.dod.internet.security.mechanisms (1.3.6.1.5.5) and to | |||
| reference this specification in the registry. | reference this specification in the registry. | |||
| 8. Appendix A -- Document History | 8. References | |||
| [[ to be removed by RFC editor before publication as an RFC ]] | ||||
| -01 | ||||
| o Ripping out discovery. Changed to refer to I-D.jones-appsawg- | ||||
| webfinger instead of WF and SWD older drafts. | ||||
| o Replacing HTTP as the message format and adjusted all examples. | ||||
| -00 | ||||
| o Renamed draft into proper IETF naming format now that it's | ||||
| adopted. | ||||
| o Minor fixes. | ||||
| -00 | ||||
| o Initial revision | ||||
| 9. References | ||||
| 9.1. Normative References | 8.1. Normative References | |||
| [I-D.ietf-oauth-v2] | [I-D.ietf-oauth-v2] | |||
| Hammer-Lahav, E., Recordon, D., and D. Hardt, "The OAuth | Hardt, D., "The OAuth 2.0 Authorization Framework", | |||
| 2.0 Authorization Framework", draft-ietf-oauth-v2-26 (work | draft-ietf-oauth-v2-31 (work in progress), August 2012. | |||
| in progress), May 2012. | ||||
| [I-D.ietf-oauth-v2-bearer] | [I-D.ietf-oauth-v2-bearer] | |||
| Jones, M., Hardt, D., and D. Recordon, "The OAuth 2.0 | Jones, M. and D. Hardt, "The OAuth 2.0 Authorization | |||
| Authorization Protocol: Bearer Tokens", | Framework: Bearer Token Usage", | |||
| draft-ietf-oauth-v2-bearer-19 (work in progress), | draft-ietf-oauth-v2-bearer-23 (work in progress), | |||
| April 2012. | August 2012. | |||
| [I-D.ietf-oauth-v2-http-mac] | [I-D.ietf-oauth-v2-http-mac] | |||
| Hammer-Lahav, E., "HTTP Authentication: MAC Access | Hammer-Lahav, E., "HTTP Authentication: MAC Access | |||
| Authentication", draft-ietf-oauth-v2-http-mac-01 (work in | Authentication", draft-ietf-oauth-v2-http-mac-01 (work in | |||
| progress), February 2012. | progress), February 2012. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax | ||||
| Specifications: ABNF", RFC 2234, November 1997. | ||||
| [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., | [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., | |||
| Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext | Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext | |||
| Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. | Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. | |||
| [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., | [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., | |||
| Leach, P., Luotonen, A., and L. Stewart, "HTTP | Leach, P., Luotonen, A., and L. Stewart, "HTTP | |||
| Authentication: Basic and Digest Access Authentication", | Authentication: Basic and Digest Access Authentication", | |||
| RFC 2617, June 1999. | RFC 2617, June 1999. | |||
| [RFC2743] Linn, J., "Generic Security Service Application Program | [RFC2743] Linn, J., "Generic Security Service Application Program | |||
| skipping to change at page 20, line 6 ¶ | skipping to change at page 19, line 51 ¶ | |||
| [RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and | [RFC4422] Melnikov, A. and K. Zeilenga, "Simple Authentication and | |||
| Security Layer (SASL)", RFC 4422, June 2006. | Security Layer (SASL)", RFC 4422, June 2006. | |||
| [RFC4627] Crockford, D., "The application/json Media Type for | [RFC4627] Crockford, D., "The application/json Media Type for | |||
| JavaScript Object Notation (JSON)", RFC 4627, July 2006. | JavaScript Object Notation (JSON)", RFC 4627, July 2006. | |||
| [RFC5056] Williams, N., "On the Use of Channel Bindings to Secure | [RFC5056] Williams, N., "On the Use of Channel Bindings to Secure | |||
| Channels", RFC 5056, November 2007. | Channels", RFC 5056, November 2007. | |||
| [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax | ||||
| Specifications: ABNF", STD 68, RFC 5234, January 2008. | ||||
| [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
| (TLS) Protocol Version 1.2", RFC 5246, August 2008. | (TLS) Protocol Version 1.2", RFC 5246, August 2008. | |||
| [RFC5801] Josefsson, S. and N. Williams, "Using Generic Security | [RFC5801] Josefsson, S. and N. Williams, "Using Generic Security | |||
| Service Application Program Interface (GSS-API) Mechanisms | Service Application Program Interface (GSS-API) Mechanisms | |||
| in Simple Authentication and Security Layer (SASL): The | in Simple Authentication and Security Layer (SASL): The | |||
| GS2 Mechanism Family", RFC 5801, July 2010. | GS2 Mechanism Family", RFC 5801, July 2010. | |||
| [RFC5849] Hammer-Lahav, E., "The OAuth 1.0 Protocol", RFC 5849, | [RFC5849] Hammer-Lahav, E., "The OAuth 1.0 Protocol", RFC 5849, | |||
| April 2010. | April 2010. | |||
| skipping to change at page 20, line 28 ¶ | skipping to change at page 20, line 27 ¶ | |||
| for TLS", RFC 5929, July 2010. | for TLS", RFC 5929, July 2010. | |||
| [RFC5988] Nottingham, M., "Web Linking", RFC 5988, October 2010. | [RFC5988] Nottingham, M., "Web Linking", RFC 5988, October 2010. | |||
| [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and | [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and | |||
| Verification of Domain-Based Application Service Identity | Verification of Domain-Based Application Service Identity | |||
| within Internet Public Key Infrastructure Using X.509 | within Internet Public Key Infrastructure Using X.509 | |||
| (PKIX) Certificates in the Context of Transport Layer | (PKIX) Certificates in the Context of Transport Layer | |||
| Security (TLS)", RFC 6125, March 2011. | Security (TLS)", RFC 6125, March 2011. | |||
| 9.2. Informative References | 8.2. Informative References | |||
| [I-D.jones-appsawg-webfinger] | [I-D.jones-appsawg-webfinger] | |||
| Jones, P., Salgueiro, G., and J. Smarr, "WebFinger", | Jones, P., Salgueiro, G., and J. Smarr, "WebFinger", | |||
| draft-jones-appsawg-webfinger-05 (work in progress), | draft-jones-appsawg-webfinger-06 (work in progress), | |||
| May 2012. | June 2012. | |||
| [RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION | [RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION | |||
| 4rev1", RFC 3501, March 2003. | 4rev1", RFC 3501, March 2003. | |||
| Appendix A. Document History | ||||
| [[ to be removed by RFC editor before publication as an RFC ]] | ||||
| -02 | ||||
| o Added the user data element back in. | ||||
| o Minor editorial changes. | ||||
| -01 | ||||
| o Ripping out discovery. Changed to refer to I-D.jones-appsawg- | ||||
| webfinger instead of WF and SWD older drafts. | ||||
| o Replacing HTTP as the message format and adjusted all examples. | ||||
| -00 | ||||
| o Renamed draft into proper IETF naming format now that it's | ||||
| adopted. | ||||
| o Minor fixes. | ||||
| -00 | ||||
| o Initial revision | ||||
| Authors' Addresses | Authors' Addresses | |||
| William Mills | William Mills | |||
| Yahoo! Inc. | Yahoo! Inc. | |||
| Phone: | Phone: | |||
| Email: wmills@yahoo-inc.com | Email: wmills@yahoo-inc.com | |||
| Tim Showalter | Tim Showalter | |||
| End of changes. 23 change blocks. | ||||
| 65 lines changed or deleted | 79 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||