; The IESG; oauth@ietf.org
Subject: Re: [OAUTH-WG] Last Call: draft-ietf-oauth-v2-bearer-15.txt (The
OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard
Thanks that is better.
Without knowing the lifetime of the token these are per guess probabilities.
Effectively 128bits
[mailto:ve7...@ve7jtb.com]
Sent: Monday, February 06, 2012 5:07 PM
To: Eran Hammer
Cc: Julian Reschke; i...@ietf.org; The IESG; oauth@ietf.org
Subject: Re: [OAUTH-WG] Last Call: draft-ietf-oauth-v2-bearer-15.txt (The
OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard
RE new
-Original Message-
From: John Bradley [mailto:ve7...@ve7jtb.com]
Sent: Monday, February 06, 2012 5:07 PM
To: Eran Hammer
Cc: Julian Reschke; i...@ietf.org; The IESG; oauth@ietf.org
Subject: Re: [OAUTH-WG] Last Call: draft-ietf-oauth-v2-bearer-15.txt (The
OAuth 2.0 Authorization Protocol: Bearer
RE new text in Draft 23
http://tools.ietf.org/html/draft-ietf-oauth-v2-23#section-10.10
Generated tokens and other credentials not intended for handling by
end-users MUST be constructed from a cryptographically strong random
or pseudo-random number sequence ([RFC1750]) generated by the
Cc: The IESG; oauth@ietf.org
Subject: Re: [OAUTH-WG] Last Call: draft-ietf-oauth-v2-bearer-15.txt (The
OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard
I fully agree with Julian's perspective. I believe there is sufficient feedback
requiring further review of this issue
My agreement was, and is, to the *production* rules and not the
*parsing* rules. So long as the former is a proper subset of the latter,
everything is fine. What's happening here is that the spec is being read
-- by experts -- as if it were superceding the latter, and that's not a
good thing.
hat type='TechAdvisor'/
(see http://tools.ietf.org/wg/oauth/charters )
On 1/25/12 1:37 AM, Mike Jones wrote:
Eran, do I then correctly understand that you've changed your mind on
the position you took in
http://www.ietf.org/mail-archive/web/oauth/current/msg07698.html,
which was: All I agree
On 2012-01-23 16:58, Julian Reschke wrote:
On 2012-01-23 16:46, The IESG wrote:
The IESG has received a request from the Web Authorization Protocol WG
(oauth) to consider the following document:
- 'The OAuth 2.0 Authorization Protocol: Bearer Tokens'
draft-ietf-oauth-v2-bearer-15.txt as a
: The IESG; oauth@ietf.org
Subject: Re: [OAUTH-WG] Last Call: draft-ietf-oauth-v2-bearer-15.txt (The
OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard
On 2012-01-23 16:58, Julian Reschke wrote:
On 2012-01-23 16:46, The IESG wrote:
The IESG has received a request from the Web
On 2012-01-25 01:03, Mike Jones wrote:
Per the discussion at
http://www.ietf.org/mail-archive/web/oauth/current/msg08040.html, the working
group's rationale for supporting quoted-string but not token syntax for these
parameters, and for requiring that backslash ('\') quoting not be used when
The IESG has received a request from the Web Authorization Protocol WG
(oauth) to consider the following document:
- 'The OAuth 2.0 Authorization Protocol: Bearer Tokens'
draft-ietf-oauth-v2-bearer-15.txt as a Proposed Standard
The IESG plans to make a decision in the next few weeks, and
On 2012-01-23 16:46, The IESG wrote:
The IESG has received a request from the Web Authorization Protocol WG
(oauth) to consider the following document:
- 'The OAuth 2.0 Authorization Protocol: Bearer Tokens'
draft-ietf-oauth-v2-bearer-15.txt as a Proposed Standard
...
Please see my
-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Julian Reschke
Sent: Monday, January 23, 2012 7:58 AM
To: i...@ietf.org
Cc: The IESG; oauth@ietf.org; IETF-Announce
Subject: Re: [OAUTH-WG] Last Call: draft-ietf-oauth-v2-bearer-15.txt (The
OAuth 2.0 Authorization Protocol: Bearer
On 2012-01-23 18:24, Mike Jones wrote:
As editor of the Oauth Bearer spec, I believe that these comments have been
well understood and considered by the working group. I do understand that the
working group's consensus position is different than Julian's. See these notes
documenting that
; oauth@ietf.org; IETF-Announce
Subject: Re: [OAUTH-WG] Last Call: draft-ietf-oauth-v2-bearer-15.txt (The
OAuth 2.0 Authorization Protocol: Bearer Tokens) to Proposed Standard
As editor of the Oauth Bearer spec, I believe that these comments have been
well understood and considered by the working
15 matches
Mail list logo
