Hi Bill, I know that you can reference many specifications.
I already see you being referenced by Eran in an upcoming blog post about the complexity and the lack of interoperability you have added even to SASL Oauth ;-) Ciao Hannes On 8/15/12 9:10 AM, "ext William Mills" <[email protected]> wrote: > You are mistaken, I cite MAC directly right now, but now that it is up in the > air I would much rather rely on 3 specs (Oauth 2 core, Bearer, and 1.0a) than > refer to MAC when I think I can do without MAC and use 1.0a instead. MAC is > now in flux again, the other 3 are stable or already standards. > > I think you also mistaken that we can't support 1.0a and OAuth 2 tokens in the > same SASL mechanism. Why do you think this is true? > > > > > > > From: Hannes Tschofenig <[email protected]> > To: William Mills <[email protected]> > Cc: Hannes Tschofenig <[email protected]>; Mike Jones > <[email protected]>; O Auth WG <[email protected]> > Sent: Tuesday, August 14, 2012 10:48 PM > Subject: Re: [OAUTH-WG] OAuth 1.0a > > > FYI: just to repeat my note here as well that I sent to Bill on the KITTEN > list: > > I see three possible ways forward for the OAuth SASL work, namely: > >> > Focus on Oauth 1.0 only (since it has a MAC specification in there). >> Then, you ignore all the Oauth 2.0 deployment that is out there, of which >> there is a lot. That would be pretty bad IMHO. >> > Copy relevant parts from >> http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01 (of which there is >> almost no deployment). >> > Wait for the Oauth group to settle on a mechanism. May take time. > > > I doubt that the question about the views of the WG about OAuth 1.0a can > answer any of the above questions. > > Bill does not want to wait. He also does not want to copy parts from > draft-ietf-oauth-v2-http-mac-01 into the SASL OAuth spec. Focusing on OAuth > 1.0 for now would require the specification to be extended later on to fit to > OAuth 2.0 deployments (and whatever new security mechanism we will come up > with). As a consequence, the specification will then suffer from additional > complexity. > > Ciao > Hannes > > On Aug 14, 2012, at 10:37 PM, William Mills wrote: > >> > It's for the OAUTH SASL spec. I've been writing it with the idea that >> OAuth 1.0a would work (since I think we'll have extant 1.0a typ[e tokens we >> want to allow for IMAP), but several folks were saying when this all started >> that 1.0a was dead and I should not refer to it. >> > >> > I want to make sure the SASL mechanism is build to properly handle signed >> auth schemes and not just bearer (cookie) type. >> > >> > -bill >> > >> > From: Mike Jones <[email protected]> >> > To: William Mills <[email protected]>; O Auth WG <[email protected]> >> > Sent: Tuesday, August 14, 2012 12:28 PM >> > Subject: RE: [OAUTH-WG] OAuth 1.0a >> > >> > What problem are you trying to solve? >> > >> > From: [email protected] [mailto:[email protected]] On Behalf Of >> William Mills >> > Sent: Tuesday, August 14, 2012 12:22 PM >> > To: O Auth WG >> > Subject: [OAUTH-WG] OAuth 1.0a >> > >> > What's the general opinion on 1.0a? Am I stepping in something if I refer >> to it in another draft? I want to reference an auth scheme that uses signing >> and now MAC is apparently going back to the drawing board, so I'm thinking >> about using 1.0a. >> > >> > Thanks, >> > >> > -bill >> > >> > >> > _______________________________________________ >> > OAuth mailing list >> > [email protected] >> > https://www.ietf.org/mailman/listinfo/oauth > > > > > > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
