< draft-ietf-kitten-sasl-oauth-12.txt		draft-ietf-kitten-sasl-oauth-13.txt >
	KITTEN W. Mills		KITTEN W. Mills
	Internet-Draft Yahoo! Inc.		Internet-Draft Yahoo! Inc.
	Intended status: Standards Track T. Showalter		Intended status: Standards Track T. Showalter
	Expires: June 18, 2014		Expires: August 18, 2014
	H. Tschofenig		H. Tschofenig
	Nokia Solutions and Networks		ARM Ltd.
	December 15, 2013		February 14, 2014
	A set of SASL Mechanisms for OAuth		A set of SASL Mechanisms for OAuth
	draft-ietf-kitten-sasl-oauth-12.txt		draft-ietf-kitten-sasl-oauth-13.txt
	Abstract		Abstract
	OAuth enables a third-party application to obtain limited access to a		OAuth enables a third-party application to obtain limited access to a
	protected resource, either on behalf of a resource owner by		protected resource, either on behalf of a resource owner by
	orchestrating an approval interaction, or by allowing the third-party		orchestrating an approval interaction, or by allowing the third-party
	application to obtain access on its own behalf.		application to obtain access on its own behalf.
	This document defines how an application client uses credentials		This document defines how an application client uses credentials
	obtained via OAuth over the Simple Authentication and Security Layer		obtained via OAuth over the Simple Authentication and Security Layer
	skipping to change at page 2, line 4 ¶		skipping to change at page 2, line 4 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on June 18, 2014.		This Internet-Draft will expire on August 18, 2014.
	Copyright Notice		Copyright Notice
	Copyright (c) 2013 IETF Trust and the persons identified as the		Copyright (c) 2014 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	carefully, as they describe your rights and restrictions with respect		carefully, as they describe your rights and restrictions with respect
	to this document. Code Components extracted from this document must		to this document. Code Components extracted from this document must
	include Simplified BSD License text as described in Section 4.e of		include Simplified BSD License text as described in Section 4.e of
	the Trust Legal Provisions and are provided without warranty as		the Trust Legal Provisions and are provided without warranty as
	described in the Simplified BSD License.		described in the Simplified BSD License.
	Table of Contents		Table of Contents
	1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2		1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
	2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5		2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
	3. OAuth SASL Mechanism Specifications . . . . . . . . . . . . . 6		3. OAuth SASL Mechanism Specifications . . . . . . . . . . . . . 6
	3.1. Initial Client Response . . . . . . . . . . . . . . . . . 7		3.1. Initial Client Response . . . . . . . . . . . . . . . . . 7
	3.1.1. Reserved Key/Values . . . . . . . . . . . . . . . . . 7		3.1.1. Reserved Key/Values . . . . . . . . . . . . . . . . . 7
	3.2. Server's Response . . . . . . . . . . . . . . . . . . . . 8		3.2. Server's Response . . . . . . . . . . . . . . . . . . . . 8
	3.2.1. OAuth Identifiers in the SASL Context . . . . . . . . 8		3.2.1. OAuth Identifiers in the SASL Context . . . . . . . . 8
	3.2.2. Server Response to Failed Authentication . . . . . . 8		3.2.2. Server Response to Failed Authentication . . . . . . 8
	3.2.3. Completing an Error Message Sequence . . . . . . . . 9		3.2.3. Completing an Error Message Sequence . . . . . . . . 9
	3.3. OAuth Access Token Types using Keyed Message Digests . . 9		3.3. OAuth Access Token Types using Keyed Message Digests . . 9
	4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 10		4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 10
	4.1. Successful Bearer Token Exchange . . . . . . . . . . . . 11		4.1. Successful Bearer Token Exchange . . . . . . . . . . . . 10
	4.2. Failed Exchange . . . . . . . . . . . . . . . . . . . . . 11		4.2. Failed Exchange . . . . . . . . . . . . . . . . . . . . . 11
	4.3. SMTP Example of a Failed Negotiation . . . . . . . . . . 12		4.3. SMTP Example of a Failed Negotiation . . . . . . . . . . 12
	5. Security Considerations . . . . . . . . . . . . . . . . . . . 13		5. Security Considerations . . . . . . . . . . . . . . . . . . . 13
	6. Internationalization Considerations . . . . . . . . . . . . . 14		6. Internationalization Considerations . . . . . . . . . . . . . 14
	7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14		7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
	7.1. SASL Registration . . . . . . . . . . . . . . . . . . . . 14		7.1. SASL Registration . . . . . . . . . . . . . . . . . . . . 14
	8. References . . . . . . . . . . . . . . . . . . . . . . . . . 15		8. References . . . . . . . . . . . . . . . . . . . . . . . . . 15
	8.1. Normative References . . . . . . . . . . . . . . . . . . 15		8.1. Normative References . . . . . . . . . . . . . . . . . . 15
	8.2. Informative References . . . . . . . . . . . . . . . . . 16		8.2. Informative References . . . . . . . . . . . . . . . . . 16
	Appendix A. Acknowlegements . . . . . . . . . . . . . . . . . . 16		Appendix A. Acknowlegements . . . . . . . . . . . . . . . . . . 16
	Appendix B. Document History . . . . . . . . . . . . . . . . . . 16		Appendix B. Document History . . . . . . . . . . . . . . . . . . 17
	Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19		Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
	1. Introduction		1. Introduction
	OAuth 1.0a [RFC5849] and OAuth 2.0 [RFC6749] are protocol frameworks		OAuth 1.0a [RFC5849] and OAuth 2.0 [RFC6749] are protocol frameworks
	that enable a third-party application to obtain limited access to a		that enable a third-party application to obtain limited access to a
	protected resource, either on behalf of a resource owner by		protected resource, either on behalf of a resource owner by
	orchestrating an approval interaction, or by allowing the third-party		orchestrating an approval interaction, or by allowing the third-party
	application to obtain access on its own behalf.		application to obtain access on its own behalf.
	skipping to change at page 16, line 18 ¶		skipping to change at page 16, line 18 ¶
	[RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC		[RFC6749] Hardt, D., "The OAuth 2.0 Authorization Framework", RFC
	6749, October 2012.		6749, October 2012.
	[RFC6750] Jones, M. and D. Hardt, "The OAuth 2.0 Authorization		[RFC6750] Jones, M. and D. Hardt, "The OAuth 2.0 Authorization
	Framework: Bearer Token Usage", RFC 6750, October 2012.		Framework: Bearer Token Usage", RFC 6750, October 2012.
	8.2. Informative References		8.2. Informative References
	[I-D.ietf-oauth-json-web-token]		[I-D.ietf-oauth-json-web-token]
	Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token		Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token
	(JWT)", draft-ietf-oauth-json-web-token-13 (work in		(JWT)", draft-ietf-oauth-json-web-token-15 (work in
	progress), November 2013.		progress), January 2014.
	[I-D.ietf-oauth-v2-http-mac]		[I-D.ietf-oauth-v2-http-mac]
	Richer, J., Mills, W., Tschofenig, H., and P. Hunt, "OAuth		Richer, J., Mills, W., Tschofenig, H., and P. Hunt, "OAuth
	2.0 Message Authentication Code (MAC) Tokens", draft-ietf-		2.0 Message Authentication Code (MAC) Tokens", draft-ietf-
	oauth-v2-http-mac-04 (work in progress), July 2013.		oauth-v2-http-mac-05 (work in progress), January 2014.
	[RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION		[RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
	4rev1", RFC 3501, March 2003.		4rev1", RFC 3501, March 2003.
	[RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,		[RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,
	October 2008.		October 2008.
	[RFC6819] Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0		[RFC6819] Lodderstedt, T., McGloin, M., and P. Hunt, "OAuth 2.0
	Threat Model and Security Considerations", RFC 6819,		Threat Model and Security Considerations", RFC 6819,
	January 2013.		January 2013.
	skipping to change at page 17, line 4 ¶		skipping to change at page 17, line 8 ¶
	Lodderstadt, Ryan Troll, Alexey Melnikov, Jeffrey Hutzelman, and Nico		Lodderstadt, Ryan Troll, Alexey Melnikov, Jeffrey Hutzelman, and Nico
	Williams.		Williams.
	This document was produced under the chairmanship of Alexey Melnikov,		This document was produced under the chairmanship of Alexey Melnikov,
	Tom Yu, Shawn Emery, Josh Howlett, Sam Hartman. The supervising area		Tom Yu, Shawn Emery, Josh Howlett, Sam Hartman. The supervising area
	directors was Stephen Farrell.		directors was Stephen Farrell.
	Appendix B. Document History		Appendix B. Document History
	[[ to be removed by RFC editor before publication as an RFC ]]		[[ to be removed by RFC editor before publication as an RFC ]]
			-13
			o Changed affiliation.
	-12		-12
	o Removed -PLUS components from the specification.		o Removed -PLUS components from the specification.
	-11		-11
	o Removed GSS-API components from the specification.		o Removed GSS-API components from the specification.
	o Updated security consideration section.		o Updated security consideration section.
	skipping to change at page 19, line 24 ¶		skipping to change at page 19, line 31 ¶
	William Mills		William Mills
	Yahoo! Inc.		Yahoo! Inc.
	Email: wmills_92105@yahoo.com		Email: wmills_92105@yahoo.com
	Tim Showalter		Tim Showalter
	Email: tjs@psaux.com		Email: tjs@psaux.com
	Hannes Tschofenig		Hannes Tschofenig
	Nokia Solutions and Networks		ARM Ltd.
	Linnoitustie 6		110 Fulbourn Rd
	Espoo 02600		Cambridge CB1 9NJ
	Finland		Great Britain
	Phone: +358 (50) 4871445		Email: Hannes.tschofenig@gmx.net
	Email: Hannes.Tschofenig@gmx.net
	URI: http://www.tschofenig.priv.at		URI: http://www.tschofenig.priv.at
End of changes. 13 change blocks.
	18 lines changed or deleted		22 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/