Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth

[Torsten Lodderstedt]

+1

Am 1. September 2015 17:44:12 MESZ, schrieb Mike Jones 
<michael.jo...@microsoft.com>:
>Congratulations, Bill!
>
>-----Original Message-----
>From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Phil Hunt
>Sent: Tuesday, September 01, 2015 8:14 AM
>To: Hannes Tschofenig
>Cc: oauth@ietf.org
>Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication
>and Security Layer (SASL) Mechanisms for OAuth
>
>+1 !
>
>Phil
>
>> On Aug 31, 2015, at 23:24, Hannes Tschofenig
><hannes.tschofe...@gmx.net> wrote:
>> 
>> FYI: Thanks to Bill for the hard work!
>> 
>> -------- Forwarded Message --------
>> Subject: RFC 7628 on A Set of Simple Authentication and Security
>Layer
>> (SASL) Mechanisms for OAuth
>> Date: Mon, 31 Aug 2015 21:56:17 -0700 (PDT)
>> From: rfc-edi...@rfc-editor.org
>> Reply-To: i...@ietf.org
>> To: ietf-annou...@ietf.org, rfc-d...@rfc-editor.org
>> CC: kit...@ietf.org, drafts-update-...@iana.org, 
>> rfc-edi...@rfc-editor.org
>> 
>> A new Request for Comments is now available in online RFC libraries.
>> 
>> 
>>        RFC 7628
>> 
>>        Title:      A Set of Simple Authentication
>>                    and Security Layer (SASL) Mechanisms
>>                    for OAuth
>>        Author:     W. Mills, T. Showalter, H. Tschofenig
>>        Status:     Standards Track
>>        Stream:     IETF
>>        Date:       August 2015
>>        Mailbox:    wmills_92...@yahoo.com,
>>                    t...@psaux.com,
>>                    hannes.tschofe...@gmx.net
>>        Pages:      21
>>        Characters: 46408
>>        Updates/Obsoletes/SeeAlso:   None
>> 
>>        I-D Tag:    draft-ietf-kitten-sasl-oauth-23.txt
>> 
>>        URL:       
>https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.rfc-editor.org%2finfo%2frfc7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=J1hIDrCTw8Xi1hMvg3ZaZ1xvdEFhol3BqHt2q6u6VWg%3d
>> 
>>        DOI:       
>https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdx.doi.org%2f10.17487%2fRFC7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fQVXZSXwbGDS7YVQ446RDFuPUxHNoLLwedzfrx0xKUE%3d
>> 
>> OAuth enables a third-party application to obtain limited access to a
>
>> protected resource, either on behalf of a resource owner by 
>> orchestrating an approval interaction or by allowing the third-party 
>> application to obtain access on its own behalf.
>> 
>> This document defines how an application client uses credentials 
>> obtained via OAuth over the Simple Authentication and Security Layer
>> (SASL) to access a protected resource at a resource server.  Thereby,
>
>> it enables schemes defined within the OAuth framework for 
>> non-HTTP-based application protocols.
>> 
>> Clients typically store the user's long-term credential.  This does, 
>> however, lead to significant security vulnerabilities, for example, 
>> when such a credential leaks.  A significant benefit of OAuth for 
>> usage in those clients is that the password is replaced by a shared 
>> secret with higher entropy, i.e., the token.  Tokens typically
>provide 
>> limited access rights and can be managed and revoked separately from 
>> the user's long-term password.
>> 
>> This document is a product of the Common Authentication Technology 
>> Next Generation Working Group of the IETF.
>> 
>> This is now a Proposed Standard.
>> 
>> STANDARDS TRACK: This document specifies an Internet Standards Track 
>> protocol for the Internet community, and requests discussion and 
>> suggestions for improvements.  Please refer to the current edition of
>
>> the Official Internet Protocol Standards 
>>
>(https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.
>>
>rfc-editor.org%2fstandards&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=7JPZiamj4nhqHgthEPDIzgpqkvR%2fAA6bj4Ck5vijFPU%3d)
>for the standardization state and status of this protocol. 
>Distribution of this memo is unlimited.
>> 
>> This announcement is sent to the IETF-Announce and rfc-dist lists.
>> To subscribe or unsubscribe, see
>>  
>>
>https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i
>>
>etf.org%2fmailman%2flistinfo%2fietf-announce&data=01%7c01%7cMichael.Jo
>>
>nes%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f14
>>
>1af91ab2d7cd011db47%7c1&sdata=aGciLH4fsxKJ6MUO%2fPp6BMj3JFJ37oTjdaSJ5t
>> WbEkg%3d  
>>
>https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmailm
>>
>an.rfc-editor.org%2fmailman%2flistinfo%2frfc-dist&data=01%7c01%7cMicha
>>
>el.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf
>>
>86f141af91ab2d7cd011db47%7c1&sdata=agec9juMh0Zzn1mrY6avpBrLPlFfCs8zsyx
>> 8bSLgDdc%3d
>> 
>> For searching the RFC series, see 
>>
>https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r
>>
>fc-editor.org%2fsearch&data=01%7c01%7cMichael.Jones%40microsoft.com%7c
>>
>9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c
>> 1&sdata=veVw3wrA9Wz6CWTUfVTLCKAdduFgUDkiaabcuqFyRxc%3d
>> For downloading RFCs, see 
>>
>https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r
>>
>fc-editor.org%2frfc.html&data=01%7c01%7cMichael.Jones%40microsoft.com%
>>
>7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%
>> 7c1&sdata=93atgoSh8enZBPOxNfMophuutPvidnrfoMxOc0XmjS8%3d
>> 
>> Requests for special distribution should be addressed to either the 
>> author of the RFC in question, or to rfc-edi...@rfc-editor.org.  
>> Unless specifically noted otherwise on the RFC itself, all RFCs are 
>> for unlimited distribution.
>> 
>> 
>> The RFC Editor Team
>> Association Management Solutions, LLC
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>>
>https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i
>>
>etf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40mi
>>
>crosoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2
>>
>d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%
>> 3d
>
>_______________________________________________
>OAuth mailing list
>OAuth@ietf.org
>https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%3d
>
>_______________________________________________
>OAuth mailing list
>OAuth@ietf.org
>https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth