Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

I also support the adoption. I had been pushing for this work in OAuth for a long time and now we also need it for the work in ACE as well. From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Rifaat Shekh-Yusef Sent: 19 July 2018 16:02 To: oauth Subject: [OAUTH-WG] Call for adoption for

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

I support adoption of this document. On Thu, Jul 19, 2018 at 4:01 PM, Rifaat Shekh-Yusef wrote: > Hi all, > > This is the call for adoption of the 'Resource Indicators for OAuth 2.0' > document > following the positive call for adoption at the Montreal IETF meeting. > > Here is the document: >

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

Yes there was. +1 to adopt this document. On Thu, Jul 19, 2018 at 2:11 PM, Dick Hardt wrote: > William: there was discussion in the meeting about the PoP document using > "resource" rather than "aud" > > On Thu, Jul 19, 2018 at 4:53 PM, Mike Jones c...@dmarc.ietf.org> wrote: > >> Microsoft’s

Re: [OAUTH-WG] Call for adoption for "Distributed OAuth"

I'm supportive. :) On Thu, Jul 19, 2018 at 4:05 PM, Rifaat Shekh-Yusef wrote: > Hi all, > > This is the call for adoption of the 'Distributed OAuth' document > following the positive call for adoption at the Montreal IETF meeting. > > Here is the document: >

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

William: there was discussion in the meeting about the PoP document using "resource" rather than "aud" On Thu, Jul 19, 2018 at 4:53 PM, Mike Jones < Michael.Jones=40microsoft@dmarc.ietf.org> wrote: > Microsoft’s Azure AD OAuth server has used the resource= parameter since > at least 2012 to

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

I support adoption of this document. On Thu, Jul 19, 2018 at 4:54 PM, John Bradley wrote: > > > I accept the adoption of this document. > > > > Sent from Mail for > Windows 10 > > > > *From: *Rifaat Shekh-Yusef > *Sent: *Thursday, July 19, 2018

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

I accept the adoption of this document. Sent from Mail for Windows 10 From: Rifaat Shekh-Yusef Sent: Thursday, July 19, 2018 4:02 PM To: oauth Subject: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0" Hi all, This is the call for adoption of the 'Resource Indicators for

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

Microsoft’s Azure AD OAuth server has used the resource= parameter since at least 2012 to indicate what resource the requested access token is to be for. -- Mike From: William Denniss Sent: Thursday, July 19, 2018 4:40 PM To: Hannes

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

Hi William, that was the idea. Ciao Hannes From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of William Denniss Sent: 19 July 2018 16:32 To: Mike Jones Cc: oauth Subject: Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0" Question: if this is adopted along with

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

Yes On Thu, Jul 19, 2018 at 4:32 PM William Denniss wrote: > Question: if this is adopted along with > https://datatracker.ietf.org/doc/draft-hardt-oauth-distributed/, is the > plan for this spec to be the authoritative definition, and Distributed > OAuth to take a reference instead of

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

I support adoption. The “resource” request parameter that it defines is already widely used. -- Mike From: OAuth On Behalf Of Rifaat Shekh-Yusef Sent: Thursday, July 19, 2018 4:02 PM To: oauth Subject: [OAUTH-WG] Call for adoption for

[OAUTH-WG] Call for adoption for "Distributed OAuth"

Hi all, This is the call for adoption of the 'Distributed OAuth' document following the positive call for adoption at the Montreal IETF meeting. Here is the document: https://datatracker.ietf.org/doc/draft-hardt-oauth-distributed/ Please let us know by August 2nd whether you accept / object to

[OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

Hi all, This is the call for adoption of the 'Resource Indicators for OAuth 2.0' document following the positive call for adoption at the Montreal IETF meeting. Here is the document: https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02 Please let us know by August 2nd

[OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"

Hi all, This is the call for adoption of the 'JWT Response for OAuth Token Introspection' document following the presentation by Torsten at the Montreal IETF meeting where we didn't have a chance to do a call for adoption in the meeting itself. Here is presentation by Torsten:

Re: [OAUTH-WG] ACE - OAuth Synchronization

Hi Hannes, Can you remind me which parameters are being problematic in this regard? I mostly only remember the ace discussions of keyid, recently, so I probably lost track of some relevant bits. Thanks, Ben On Thu, Jul 19, 2018 at 02:34:26PM +, Hannes Tschofenig wrote: > Hi Ben, Hi Ekr, >

Re: [OAUTH-WG] Request for adoption of draft-campbell-oauth-resource-indicators as a working group document

To those who haven't been at the f2f meeting: We did a consensus call during the meeting and the result was a strong positive confirmation from the participants with no objections. Rifaat will have to run through a call on the mailing list to get the confirmation. Ciao Hannes From: Mike Jones

[OAUTH-WG] ACE - OAuth Synchronization

Hi Ben, Hi Ekr, We tried to find an agreement of which group defines parameters needed for ACE to support the PoP token functionality. Unfortunately, we didn't manage to find an agreement in which group the work should be done. The ACE working group wants to start a working group last call on

[OAUTH-WG] Request for adoption of draft-campbell-oauth-resource-indicators as a working group document

https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02 defines the already-commonly-used "resource" request parameter. At today's working group meeting, several people spoke up saying that they need a parameter with those semantics. I therefore request that the chairs do a

Re: [OAUTH-WG] updated Distributed OAuth ID

On Thu, Jul 19, 2018 at 8:51 AM, Torsten Lodderstedt < tors...@lodderstedt.net> wrote: > Hi Dick, > > > >> >> Section 3: >> Don’t you think it could be a useful information to have the resource URI >> available in the authorization flow?I would assume it could have some >> additional meaning to

Re: [OAUTH-WG] updated Distributed OAuth ID

David, thanks for the detailed feedback ... responses inline ... On Thu, Jul 19, 2018 at 3:54 AM, David Waite wrote: > Four comments. > > First: What is the rationale for including the parameters as Link headers > rather than part of the WWW-Authenticate challenge, e.g.: > > WWW-Authenticate:

Re: [OAUTH-WG] updated Distributed OAuth ID

Hi Dick, > >> >> Section 3: >> Don’t you think it could be a useful information to have the resource URI >> available in the authorization flow?I would assume it could have some >> additional meaning to the AS and could also be the context of the scope. > > I'm assuming you are referring

Re: [OAUTH-WG] updated Distributed OAuth ID

Four comments. First: What is the rationale for including the parameters as Link headers rather than part of the WWW-Authenticate challenge, e.g.: WWW-Authenticate: Bearer realm="example_realm", scope="example_scope",