ative.org/confluence/display/uma/UMA+Implementations
[2] https://tools.ietf.org/html/draft-maler-oauth-umagrant
[3] https://tools.ietf.org/html/draft-maler-oauth-umafedauthz
*Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
___
OAut
/bcp190 <https://tools.ietf.org/html/bcp190>, but
> I think it's a good source of inspiration)
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
Eve Maler | cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl |
Calendar: xmlg...@gmail.com
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
the two parties then they will certainly be a
challenge to get this done securely.
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth
://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman
make sense?
Should I go with it?
--
Thomas Broyer
/tɔ.ma.bʁwa.je/
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756
with this refactoring, I expect both documents to
move in tandem through the RFC approval process.
-- Justin
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com
portal. The only
difference is that they don’t have to do out-of-band registration anymore!
-- Mike
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
://nat.sakimura.org/
@_nat_en
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler
http://blog.facilelogin.com
http://RampartFAQ.com
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756
OPTIONAL
And for the OAuth client information, it should be an optional parameter
(in case it is a public client or client is authenticated with SSL mutual
authentication).
Please consider.
ShiuFun
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756
--
Thanks Regards,
Prabath
Mobile : +94 71 809 6732
http://blog.facilelogin.com
http://RampartFAQ.com
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http
@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756
Rudely responding to myself: I'm not saying this approach should definitely be
taken, just that it's a good idea to spend 15 minutes looking at the benefits
and downsides of it vs. the current laser-focus approach.
Eve
On 23 Jan 2013, at 9:28 AM, Eve Maler e...@xmlgrrl.com wrote
to imagine how much more benefit
could potentially be gotten for free if we look at it through a
pure-REST lens, not just with what's already been specified but the whole
picture.
+1
-- Todd
From:Eve Maler e...@xmlgrrl.com
To:Sergey Beryozkin sberyoz
to register
via the dynamic registration proposal the token types it supports and then
the AS can use that data as a filtering mechanism when the client asks for a
token.
Thanks,
George
On 1/23/13 12:23 PM, Eve Maler wrote:
FWIW, some of us have made a proposal for exactly this type
On 28 Dec 2012, at 5:58 AM, Anganes, Amanda L aanga...@mitre.org wrote:
Hi Eve and Thomas,
On 12/27/12 8:11 PM, Eve Maler e...@xmlgrrl.com wrote:
Amanda, thanks for the lightning-fast comments back. A couple of additional
notes on top of Thomas's response:
The scope type language
Secretariat
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler
that, eventually, the RP/IdP language from the OpenID Connect draft
will need to be genericized.
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth
to be supported without extra scaffolding.
-- Justin
\
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth@ietf.org
https
://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman
of tokens (Bearer, MAC, HOK) are going to
have different types of metadata associated with them, probably, but there
are a few core pieces (expiration, scopes) that would be common and useful.
-- Justin
On 11/29/2012 05:59 PM, Eve Maler wrote:
Hi Justin-- Glad to see this moving forward
directly show
delegation to the Teacher and walk the child home.
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth@ietf.org
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
: Thursday, October 11, 2012 4:45 AM
To: Eve Maler
Cc: oauth@ietf.org WG
Subject: Re: [OAUTH-WG] Resource owner initiated OAuth delegation
Hi,Eve
Having an RO literally being present to register a client operated
by
some third party still seems like an unnecessary constraint to me
be ideal. Otherwise I suspect it's impractical in normal use.
Eve
On 9 Oct 2012, at 6:49 PM, zhou.suj...@zte.com.cn wrote:
Hi,Prabath
Prabath Siriwardena prab...@wso2.com
2012-10-09 20:35
收件人
zhou.suj...@zte.com.cn
抄送
Eve Maler e...@xmlgrrl.com, oauth@ietf.org, oauth-boun
, 2012 at 3:20 PM, Eve Maler e...@xmlgrrl.com wrote:
There are a number of implicit actions happening here that ideally should be
accounted for. If Alice is the RO and Bob is operating the client, then when
Bob accesses the protected resource it may not just be on Alice's behalf --
think of how
corresponds to Client in OAuth, so it is still
client initiated delegation, not what Prabath wants.
Eve Maler e...@xmlgrrl.com
2012-10-11 06:54
收件人
Prabath Siriwardena prab...@wso2.com
抄送
zhou.suj...@zte.com.cn, oauth@ietf.org WG oauth@ietf.org
主题
Re: [OAUTH-WG] Resource owner
/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
--
Thanks Regards,
Prabath
Mobile : +94 71 809 6732
http://blog.facilelogin.com
http://RampartFAQ.com
Eve
--
Thanks Regards,
Prabath
Mobile : +94 71 809 6732
http://blog.facilelogin.com
http://RampartFAQ.com
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth@ietf.org
https
and general AS-PR connection could be this group's fifth starting
document.
-- Justin
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth
.)
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
be the identifier for the user Bob)?
-David
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http
://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http
list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth@ietf.org
https
any
reason to generalise such a beast into a generic mechanism.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756
Zero response from the other list. Any suggestions from folks here?
Begin forwarded message:
From: Eve Maler e...@xmlgrrl.com
Date: 20 June 2011 4:54:56 PM PDT
To: oa...@googlegroups.com
Subject: [oauth] Good list of OAuth open source?
Reply-To: oa...@googlegroups.com
The list at http
Anyone knows if there is an open source OAuth2 server reference
implementation that reflects the latest draft 16, and unit-tested
against the security considerations in section 10?
On Sat, Jun 25, 2011 at 1:02 AM, Eve Maler e...@xmlgrrl.com wrote:
Zero response from the other list. Any
Both are used in production.
EHL
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Eve Maler
Sent: Friday, June 24, 2011 2:19 PM
To: oauth WG
Subject: Re: [OAUTH-WG] Fwd: [oauth] Good list of OAuth open source?
Thanks, y'all
know who might be interested to respond.
Thanks in advance,
Eve
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth@ietf.org
.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth
it as an IETF I-D
soonish:
http://kantarainitiative.org/confluence/display/uma/Working+Drafts
Eve
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler http://www.xmlgrrl.com/blog
+1 425 345 6756 http://www.twitter.com/xmlgrrl
___
OAuth mailing list
OAuth
idsubmiss...@ietf.org
Date: 10 August 2010 12:23:59 PM PDT
To: e...@xmlgrrl.com
Cc: c...@comlounge.net, m.p.machu...@ncl.ac.uk
Subject: New Version Notification for draft-oauth-dyn-reg-v1-00
A new version of I-D, draft-oauth-dyn-reg-v1-00.txt has been successfully
submitted by Eve Maler
,
how does UMA plan to address resource servers during the OAuth end-user
authorization process?
regards,
Torsten.
Am 29.07.2010 02:37, schrieb Eve Maler:
Belatedly... Sorry if I sound like a broken record on this, but: Most of
UMA's use involve letting a user introduce their various
...@cliqset.com
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler
http://www.xmlgrrl.com/blog
http://www.twitter.com/xmlgrrl
http://www.linkedin.com/in/evemaler
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler
http://www.xmlgrrl.com/blog
http://www.twitter.com
://www.ietf.org/mailman/listinfo/oauth
Eve Maler
http://www.xmlgrrl.com/blog
http://www.twitter.com/xmlgrrl
http://www.linkedin.com/in/evemaler
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler
http://www.xmlgrrl.com/blog
http://www.twitter.com/xmlgrrl
http://www.linkedin.com/in/evemaler
___
OAuth mailing list
OAuth@ietf.org
https
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler
http://www.xmlgrrl.com/blog
http://www.twitter.com/xmlgrrl
http://www.linkedin.com/in/evemaler
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler
e...@xmlgrrl.com
http
purpose. So never mind. :)
Eve
Eve Maler
e...@xmlgrrl.com
http://www.xmlgrrl.com/blog
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
is acting for itself (the client is
also the resource owner).
to something like:
...and autonomous flows where the client is acting on behalf of a different
resource owner.
Thanks,
Eve
On 21 Apr 2010, at 4:43 PM, Eve Maler wrote:
Tacking this response to the end of the thread for lack
/listinfo/oauth
Eve Maler
e...@xmlgrrl.com
http://www.xmlgrrl.com/blog
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Thanks!
On 21 Apr 2010, at 5:12 PM, Eran Hammer-Lahav wrote:
This is part of the delegation flows so username should be just fine…
EHL
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eve
Maler
Sent: Wednesday, April 21, 2010 4:43 PM
To: OAuth WG
Subject
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Eve Maler
e...@xmlgrrl.com
http
Token (comparable to OpenID/OAuth hybrid).
Anybody else interested?
paul
Eve Maler
e...@xmlgrrl.com
http://www.xmlgrrl.com/blog
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
for your use cases?
The UMA principles might be able to inform how the OAuth WG makes its case for
why Kerberos doesn't suffice. (If we discover it does, hey, our work here is
done. :-)
Eve
Eve Maler
e...@xmlgrrl.com
http://www.xmlgrrl.com/blog
all have been discussing here. I hope that I haven't missed anyone who
contributed to prior work and am happy to add other authors if I have (and
they wish to be added)!
Thanks,
--David
[1] http://www.ietf.org/mail-archive/web/oauth/current/msg01225.html
Eve Maler
e...@xmlgrrl.com
to the docs; this is fine for
some features but not for very general ones that everybody needs to
use.
Eve Maler
e...@xmlgrrl.com
http://www.xmlgrrl.com/blog
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Selected thoughts in response:
On 21 Mar 2010, at 3:51 PM, David Recordon wrote:
Thanks! Comments inline and updated the repo
(http://github.com/daveman692/OAuth-2.0/commit/3193098ff45168dd0a65456334428b20215f848a).
On Sun, Mar 21, 2010 at 12:03 PM, Eve Maler e...@xmlgrrl.com wrote:
David
will be in Anaheim Sunday evening, but should
we try to put a dinner together? 7pm-ish?
Eve Maler
e...@xmlgrrl.com
http://www.xmlgrrl.com/blog
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
.
This was a valuable thread. Perhaps someone could write up a summary of
the points raised, either on the list or at the wiki?
Peter
Eve Maler
e...@xmlgrrl.com
http://www.xmlgrrl.com/blog
___
OAuth mailing list
OAuth@ietf.org
https
when requesting access tokens, or when using access tokens. On one
side there are people who would prefer bearer tokens, and on the other
side there are folks who want crypto in various bits of the protocol
to meet different use cases.
Cheers,
Brian
Eve Maler
e...@xmlgrrl.com
http
Thanks for your further feedback. Just a couple of comments back (eliding
other portions of the thread):
On 8 Mar 2010, at 2:21 PM, Dick Hardt wrote:
On 2010-03-05, at 6:57 AM, Eve Maler wrote:
2c. Currently, WRAP doesn't say anything about how to fill the scope
parameter value
as possible in
preparation for Anaheim, ideally including specific guidance from those who
have submitted the most sensitive UMA scenarios or have the biggest concerns.
Eve
On 4 Mar 2010, at 11:01 AM, Eve Maler wrote:
Folks may be interested to see the following experiment being performed
/Meetings+and+Minutes
Eve
Eve Maler
e...@xmlgrrl.com
http://www.xmlgrrl.com/blog
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
to have TLS as a MUST
implement so that it's there if people want to use it.)
+1
- johnk
Eve Maler
e...@xmlgrrl.com
http://www.xmlgrrl.com/blog
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
72 matches
Mail list logo