Thanks for your note, Julian. Responses follow inline...
-- Mike
-Original Message-
From: Julian Reschke [mailto:julian.resc...@gmx.de]
Sent: Saturday, September 24, 2011 5:07 AM
To: Mike Jones
Cc: oauth@ietf.org
Subject
Sounds good to me. Are others good with this wording?
-- Mike
-Original Message-
From: barryleiba.mailing.li...@gmail.com
[mailto:barryleiba.mailing.li...@gmail.com] On Behalf Of Barry Leiba
Sent: Saturday, September 24, 2011 6:33 AM
To: Mike Jones
Cc
, James H [mailto:james.h.man...@team.telstra.com]
Sent: Saturday, September 24, 2011 7:41 AM
To: Mike Jones; oauth@ietf.org
Subject: RE: Proposed resolution for issue 26
From: Mike Jones
Issue #26 http://trac.tools.ietf.org/wg/oauth/trac/ticket/26 asks whether the
semantics of scope strings should
Issue #26 http://trac.tools.ietf.org/wg/oauth/trac/ticket/26 asks whether the
semantics of scope strings should be changed to require that the % character be
interpreted as introducing a percent-encoded character that follows. My
proposed resolution is that %-encoding not be required in the
James Manger and others pointed out that the current credentials syntax does
not comply with RFC 2617, nor does it match the updated credentials syntax
contained in HTTPbis, part 7:
Authenticationhttp://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-16. The
current syntax in the bearer token
-Original Message-
From: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org]
Sent: Friday, September 23, 2011 5:07 PM
To: Mike Jones
Cc: Mike Jones; d...@fb.com; dick.ha...@gmail.com
Subject: New Version Notification for draft-ietf-oauth-v2-bearer-09.txt
A new version of I-D
Draft 09http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-09.html of
the OAuth 2.0 Bearer Token
Specificationhttp://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html has
been published, which incorporates Working Group Last Call feedback. It
contains the following changes:
·
Thanks for your comment, Peter. Done.
Is there any estimated timeline for publication of the HTTPbis specs as RFCs?
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Thanks for your comments, James. Responses to them, which reflect the content
of draft 09, follow inline.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Manger, James
Thanks for your comments, Julian. Responses to them, which reflect the content
of draft 09, follow inline.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Julian
Thanks for your comments, Yaron. Responses to them, which reflect the content
of draft 09, follow inline.
-- Mike
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Mike
Jones
Sent: Wednesday, August 10
I'm back from several weeks away from the office and presently reviewing the
WGLC comments on the bearer token specification, so as to propose resolutions
to the issues raised.
-- Mike
From: oauth-boun...@ietf.org
1. Introduction: Adding the word directly after rather than using the
resource owner's credentials.
1.3. Overview: Comment on first sentence: OAuth also supports having a
client directly provide its own credentials to get an access token. It would
seem useful to refer to this as well less
Author List: Change MSFT to Microsoft (twice).
Author List: Change Yaron Goland to Yaron Y. Goland.
2. Overview: Change privliged to privileged.
2. Overview: Change messsage to message.
3. Authentication vs. Authorization: Add a period after vs so the title
becomes Authentication vs.
This version adds a missing comma in an error response example. Thanks to
Stephen Farrell for his donation of the comma.
This version should be the subject of the working group last call.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org
Updated references to oauth-v2 and httpbis.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
internet-dra...@ietf.org
Sent: Wednesday, July 27, 2011 6:45 AM
To: i-d-annou...@ietf.org
Cc: oauth@ietf.org
.
-- Mike
-Original Message-
From: MARCON, JEROME (JEROME) [mailto:jerome.mar...@alcatel-lucent.com]
Sent: Wednesday, July 27, 2011 7:53 AM
To: Mike Jones; oauth@ietf.org
Subject: RE: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-bearer-08.txt
Mike,
Regarding the allowed characters for scope
.
Cheers,
-- Mike
-Original Message-
From: barryleiba.mailing.li...@gmail.com
[mailto:barryleiba.mailing.li...@gmail.com] On Behalf Of Barry Leiba
Sent: Wednesday, July 27, 2011 10:44 AM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG
[mailto:i...@mckellar.org]
Sent: Sunday, July 10, 2011 1:16 PM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth 2.0 Bearer Token Specification draft -06
Hi,
I'm reading through draft 6 of the bearer token spec and had a question about
one of the examples. In section 2.4 there's
A few editorial points about references:
- the draft is referencing an old draft of the bearer token spec (-04),
rather than the current version (-06),
- the draft is referencing an old draft of the SAML bearer spec (-03),
rather than the current version (-04),
- the draft is not
In sections 4.1.3, 4.3.2, 4.4.2, and 6 of draft -20, the examples contain both
the line Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW and credentials in
the post body. For instance, the example from 4.3.2 is:
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic
Thanks for making this change, Eran. I propose that we use Aiden's text,
because I agree that it removes the ambiguity that he identified.
-- Mike
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Aiden
Bell
Good
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran
Hammer-Lahav
Sent: Tuesday, July 19, 2011 9:24 AM
To: OAuth WG
Subject: Re: [OAUTH-WG] Proposed change to section 8.4. Defining New
Authorization Endpoint Response Types
Revised text.
I agree that this functionality is needed. However, I believe its current
embodiment is overly restrictive. I would suggest changing this text:
Only one response type of each combination may be registered and used for
making requests. Composite response types are treated and compared in the
As a data point motivating this functionality, the OpenID Connect Core spec
currently includes:
response_type
A space delimited, case sensitive list of string
values (Pending OAuth 2.0 changes). Acceptable values include
code, token, and none. The value MUST include code
If you're going with urn:ietf:wg:oauth:2.0:grant_type:saml:2.0:bearer in the
SAML assertion profile, I'll use
urn:ietf:wg:oauth:2.0:grant_type:jwt:1.0:bearer in the JWT assertion profile.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org
+1 on submitting this as a WG doc by the deadline on July 4th.
As background, http://www.ietf.org/meeting/cutoff-dates-2011.html:
. 2011-07-04 (Monday): Internet Draft Cut-off for initial document (-00)
submission by 17:00 PT (00:00 UTC), upload using IETF ID Submission Tool.
.
I've published draft
06http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-06.html of the
OAuth Bearer Token
Specificationhttp://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html.
It contains the following changes:
* Changed parameter name bearer_token to access_token, per
Thanks Chuck. Adding context, this document moves the common parts of the SAML
Profilehttp://trac.tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-04 and
the JWT
Profilehttp://trac.tools.ietf.org/html/draft-jones-oauth-jwt-bearer-00 to a
common assertions spec. The token-type specific parts
The minutes from the special meeting included:
TODO: Eran to add extensibility language for this based on requirements.
-RedirectURI should be optional
TODO: Eran to send mail to the list proposing language changes to either change
this from REQUIRED to OPTIONAL and add clarifying
You got it right. :-)
-Original Message-
From: Marius Scurtescu [mailto:mscurte...@google.com]
Sent: Thursday, May 26, 2011 9:16 AM
To: George Fletcher
Cc: Mike Jones; John Kemp; OAuth WG
Subject: Re: [OAUTH-WG] bearer token authorization header
Maybe I created some confusion. Earlier
irrelevant to it?
paul
On 5/24/11 4:04 PM, Mike Jones wrote:
George, you are correct that resources and clients must agree upon the format
of the bearer token to achieve interoperability. The means for achieving
this agreement is out of the scope of this document
, May 25, 2011 10:11 AM
To: Mike Jones
Cc: Marius Scurtescu; George Fletcher; OAuth WG
Subject: Re: [OAUTH-WG] bearer token authorization header
On May 24, 2011, at 4:04 PM, Mike Jones wrote:
George, you are correct that resources and clients must agree upon the format
of the bearer token
The working group explicitly decided that a different name should be used, to
make it clear that other token types other than bearer tokens could also be
used with OAuth 2.
-- Mike
From: oauth-boun...@ietf.org
: Monday, May 09, 2011 10:32 AM
To: OAuth WG; Mike Jones
Cc: Mark Lentczner; Manger, James H
Subject: bearer token authorization header
I am working through version 04 of the Bearer Token draft:
http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-04
Not sure how to interpret the authorization
It would be great if you could do a similarly detailed read of the bearer token
spec as well!
-- Mike
Sent from my Windows Phone
-Original Message-
From: Brian Eaton
Sent: Sunday, May 22, 2011 8:39 PM
To: oauth@ietf.org
Subject: [OAUTH-WG] draft 16 review notes
I just read over the
In preparation for the OAuth working group meeting on Monday, I've published
draft 05http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-05.html of
the OAuth Bearer Token
Specificationhttp://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html,
incorporating input received from the OAuth
registry in the
framework spec. I suspect developers would thank us for doing that.
What do you say?
-- Mike
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Wednesday, April 06, 2011 2:58 PM
To: Mike Jones; OAuth WG
, 2011 3:58 PM
To: Mike Jones; OAuth WG
Subject: RE: Error registry proposal (round 3)
Putting aside my view that a registry for resource server error responses
across HTTP authentication schemes isn't very useful or interesting, I don't
have an objection to the bearer token specification defining
Also, change which in turns directs to which in turn directs.
-- Mike
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Manger, James H
Sent: Tuesday, April 05, 2011 5:51 PM
To: oauth@ietf.org
Subject:
One of the results at the OAuth meeting on Friday was that non-normative text
describing how to use OAuth with native applications will be restored to the
framework draft. We could start with the text from past drafts, but it can
likely be improved upon as well.
Marius, as someone who has
,
-- Mike
-Original Message-
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: Friday, April 01, 2011 8:37 AM
To: Mike Jones
Cc: Hannes Tschofenig; OAuth WG
Subject: Re: [OAUTH-WG] Agenda Update
Sadly, I am not in Prague. Given the similarities
I’ve published draft
04http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-04.html of the
OAuth Bearer Token
Specificationhttp://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html.
All changes were in response to working group last call feedback on draft 03.
The changes in this draft
: Mike Jones; oauth-boun...@ietf.org; OAuth WG
Subject: Re: [OAUTH-WG] OAuth Bearer Token draft
+1
Phil
phil.h...@oracle.commailto:phil.h...@oracle.com
On 2011-03-21, at 8:50 AM, George Fletcher wrote:
+1
On 3/11/11 2:56 AM, tors...@lodderstedt.netmailto:tors...@lodderstedt.net
wrote:
Why
I have removed the extension of the OAuth Parameters registry in
draft-ietf-oauth-v2-bearer-04, per your feedback Peter.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Peter
Saint-Andre
Sent:
Responses to suggestions not adopted on draft 04 are inline below. Thanks for
your input.
-- Mike
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Torsten Lodderstedt
Sent: Wednesday, March 23, 2011 1:52 PM
Responses to suggestions not adopted are inline below. Thanks for your input.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran
Hammer-Lahav
Sent: Wednesday, March 02, 2011 8:34 AM
To: Hannes
Responses to suggestions not adopted are inline below. Thanks for your input.
-- Mike
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Manger, James H
Sent: Wednesday, March 02, 2011 7:35 PM
To: OAuth
This text has been revised accordingly in draft 04. Thanks for the feedback.
-- Mike
-Original Message-
From: Ron Monzillo [mailto:ron.monzi...@oracle.com]
Sent: Friday, March 11, 2011 6:35 AM
To: OAuth WG; Mike Jones
Subject: editorial comment
Responses to suggestions not adopted on draft 04 are inline below. Thanks for
your input.
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Peter
Saint-Andre
Sent: Wednesday, March 23, 2011 11:11 AM
To:
I object to this proposal on two grounds:
First, changing some of the error return codes to HTTP numbers is an
unnecessary and unsolicited breaking change at a time that we should be
stabilizing the spec.
Second, the OAuth Errors registry is simpler and follows IETF standard
practices. I
To this, I'd like to add discussion of draft-jones-oauth-jwt-bearer -- the JWT
equivalent of draft-ietf-oauth-saml2-bearer. In specific, I'd like us to
consider taking this up as a working group item.
Thanks and see you in the morning!
-- Mike
-Original
Draft -04 of the JSON Web Token
(JWT)http://self-issued.info/docs/draft-jones-json-web-token.html
specification is available. It corrects a typo found by John Bradley in -03.
The draft is available at these locations:
*
: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Mike
Jones
Sent: Friday, March 25, 2011 10:26 PM
To: oauth@ietf.org; w...@ietf.org; openid-specs...@lists.openid.net
Cc: openid-sp...@lists.openid.net
Subject: [OAUTH-WG] JSON Web Token (JWT) and JSON Web Signature (JWS) now
This is now published as an IETF draft. The IETF .txt version link is:
http://www.ietf.org/id/draft-jones-oauth-jwt-bearer-00.txt
-- Mike
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Mike
Correct - good catch. I'll update the draft. The intent was for there to be
no pad character in that case.
--
Mike
From: John Bradley [mailto:ve7...@ve7jtb.com]
Sent: Monday, March 28, 2011 3:00 PM
To: Mike Jones
Cc
...@pingidentity.com]
Sent: Friday, March 25, 2011 8:00 AM
To: Eran Hammer-Lahav
Cc: Mike Jones; oauth@ietf.org
Subject: Re: [OAUTH-WG] Feedback on draft-ietf-oauth-v2-13
4.1.1: Scope string matching rules are ambiguous
In the scope definition, add The space-delimited strings are
case
As promised, I have split the contents of the JWT spec
draft-jones-json-web-token-01http://self-issued.info/docs/draft-jones-json-web-token-01.html
into two simpler specs:
draft-jones-json-web-token-02http://self-issued.info/docs/draft-jones-json-web-token-02.html
People voted as follows in the poll I conducted on the OAuth Errors Registry:
For A:
Mike Jones
Igor Faynberg
Justin Richter
Anthony Nadalin
For D or C:
Eran Hammer-Lahav
William Mills
Given
I've just published an OAuth JWT Bearer Token
Profilehttp://self-issued.info/docs/draft-jones-oauth-jwt-bearer.html. It
defines a means of using a JSON Web Token (JWT) bearer token to request an
OAuth 2.0 access token. This profile is intentionally strongly based upon the
SAML 2.0 Bearer
My last call feedback on draft 13 follows.
NORMATIVE FEEDBACK
2.1.1: If no valid redirection URI is available, the authorization server
SHOULD - I don't understand why this is a SHOULD and not a MUST
3: Restore Client Assertion Credentials
Restore the Client Assertion Credentials feature
This specification is ready to publish.
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
Hannes Tschofenig
Sent: Wednesday, March 02, 2011 12:32 AM
To: OAuth WG
Subject: [OAUTH-WG] WGLC on draft-ietf-oauth-v2-bearer-03.txt
This is a Last Call
: Monday, March 14, 2011 6:04 PM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Vote: Location of OAuth Errors Registry,
deadline Friday, March 18
Has anyone extended error codes? Is there a list of error codes
currently being used in the wild that need standardizing?
--David
for the same thing.
-- Mike
-Original Message-
From: David Recordon [mailto:record...@gmail.com]
Sent: Monday, March 14, 2011 4:15 PM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Vote: Location of OAuth Errors Registry, deadline
Friday, March 18
I still
As you know, the OAuth 2.0 Bearer Token draft -03 established the OAuth Errors
Registryhttp://self-issued.info/docs/draft-ietf-oauth-v2-bearer-03.html#errors-registry
to increase interoperability among implementations using the related OAuth
specifications. As you also know, there has been
.
-- Mike
From: Phil Hunt [mailto:phil.h...@oracle.com]
Sent: Friday, March 11, 2011 3:35 PM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Vote: Location of OAuth Errors Registry, deadline
Friday, March 18
Should option C read: No OAuth
right to put registry in bearer spec” is the
argument for (A) rather than (B).
-- Mike
From: Phillip Hunt [mailto:phil.h...@oracle.com]
Sent: Friday, March 11, 2011 4:32 PM
To: Mike Jones
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG
Several people have asked for this parameter name to be changed to
oauth2_token. If a change is made, it would seem to me that that would be the
logical name to use.
Is anyone strongly opposed to making this change?
-- Mike
From:
As editor, having received no comments on the normative content of
draft-ietf-oauth-v2-bearer-03, and having made no breaking changes since draft
-01, other than one change voted upon by the working group, I believe that
draft-ietf-oauth-v2-bearer-03 is ready for working group last call.
I'll
I did not ignore your feedback. I replied to it, pointing out why I believe
your position is incorrect.
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Monday, February 28, 2011 1:14 PM
To: Mike Jones; Hannes Tschofenig; Blaine Cook
Cc: oauth@ietf.org
Subject: RE: [OAUTH-WG] OAuth
I've published draft
03http://self-issued.info/docs/draft-ietf-oauth-v2-bearer-03.html of the
OAuth Bearer Token
Specificationhttp://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html.
It contains one breaking change relative to draft
I wanted to explicitly call out that draft -03 of the Bearer Token
Specification establishes the OAuth Errors registry to increase
interoperability among the related OAuth specifications. Eran, when you
produce draft -14 of the framework specification, please register the errors in
the
.
-- Mike
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Friday, February 25, 2011 2:33 PM
To: Mike Jones; oauth@ietf.org
Subject: RE: OAuth Errors Registry and OAuth Parameters Registry
I don't see a point in an error registry (and I find it odd for the Bearer
token
I also support the proposed refinement of the specification.
-- Mike
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Breno
Sent: Thursday, February 17, 2011 1:58 PM
To: Eran Hammer-Lahav
Cc: oauth@ietf.org
I'm likewise OK with #1. As I'd written previously, I wasn't religious about
the name OAuth2; I was for it for to be consistent with past drafts and so as
not to introduce a breaking change. Given that there appears to be consensus
to make a change, I'll plan on publishing a draft later this
Given that people are clearly voting to change the bearer token scheme name,
but that there is also significant discussion asking for OAuth2 to be part of
the name, I'd like to settle the matter by vote on the list. Please vote for
one of the following names:
1. OAuth2Bearer
2. Bearer
It will be either OAuth2Bearer or Bearer, depending upon the outcome of the
vote just sent to the list.
-- Mike
-Original Message-
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Tuesday, February 08, 2011 2:48 PM
To: Mike Jones; Marius
.
--
James Manger
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Mike
Jones
Sent: Wednesday, 9 February 2011 10:05 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] Bearer token scheme name - new vote deadline Sat, 2/12
Given that people are clearly voting to change the bearer
Here's one objection, per my note sent on January 18th:
'OAuth2' HTTP Authentication Scheme: Simply put, dropping this seems like a
huge step away from interoperability. As one data point, Microsoft implements
this in our WIF OAuth2 protected resource code. All up, clients need a way to
This seems like an overly complex characterization - especially because you're
including hypothetical choices such as schemes and sub-schemes that don't
provide substantial benefits over the straightforward schemes we have now and
would complicate implementations and people's understanding of
implementations.
I already did vote below -- for option 4.
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Thursday, February 03, 2011 9:14 AM
To: Mike Jones; OAuth WG
Subject: RE: Bearer token type and scheme name (deadline: 2/10)
All these suggestions were posted to the list
.
Cheers,
-- Mike
From: William Mills [mailto:wmi...@yahoo-inc.com]
Sent: Friday, January 28, 2011 2:54 PM
To: Mike Jones; oauth@ietf.org
Subject: RE: OAuth 2.0 Bearer Token
Your request below is ambiguous. Please provide the precise new text you're
requesting and the rationale for it.
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Thursday, January 27, 2011 1:42 PM
To: Mike Jones
Cc: OAuth WG
Subject: Update required for bearer token spec
Please
Once approved, the existing names will be registered, hence no changes are
needed to the bearer token draft to comply with these requirements.
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Thursday, January 27, 2011 2:36 PM
To: Mike Jones
Cc: OAuth WG
Subject: RE: Update required
-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf
Of Marius Scurtescu
Sent: Tuesday, January 25, 2011 6:26 PM
To: Mike Jones
Cc: OAuth WG
Subject: Re: [OAUTH-WG] Bear token scheme name
On Wed, Jan 19, 2011 at 10:10 AM, Mike Jones
michael.jo...@microsoft.com
Very cool!
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of
axel.nenn...@telekom.de
Sent: Thursday, January 20, 2011 9:39 AM
To: oauth@ietf.org
Subject: [OAUTH-WG] JSON Web Token Java implementation
My java code for implementing the new JSON
?
Thanks again,
-- Mike
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: Monday, January 17, 2011 6:10 AM
To: Mike Jones
Cc: oauth
Subject: Re: [OAUTH-WG] Couple questions on draft-ietf-oauth-v2-bearer-01
security
...@hueniverse.com]
Sent: Tuesday, January 18, 2011 11:06 PM
To: Mike Jones
Cc: OAuth WG
Subject: Bear token scheme name
Please change the draft to use a different scheme name than 'OAuth2' for the
bearer token authentication scheme. Given the unstable state of the header
(still is), it is perfectly
.
-- Mike
From: Eran Hammer-Lahav [mailto:e...@hueniverse.com]
Sent: Tuesday, January 18, 2011 10:13 AM
To: Mike Jones
Cc: oauth@ietf.org
Subject: RE: Reasons not to remove Client Assertion Credentials and OAuth2 HTTP
Authentication Scheme
I agree that at this stage
Of Mike
Jones
Sent: Friday, January 14, 2011 5:40 PM
To: oauth@ietf.org
Subject: [OAUTH-WG] Preparation for draft-ietf-oauth-v2-bearer-02
I'd like to publish draft -02 of the bearer token specification next week. As
a heads-up, I have made no normative changes to date. Most changes
capture and replay, ...
-- Mike
-Original Message-
From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
Sent: Monday, January 10, 2011 12:04 PM
To: Mike Jones; OAuth WG
Cc: Hannes Tschofenig
Subject: Comments on OAuth 2.0 Bearer Token specification
Thanks for your input, Brian. I accepted these suggestions for draft -02. The
referenced text now reads:
Furthermore, the
authorization server MUST ensure that it only hands out tokens to
clients it has authenticated first and authorized. For this
Thanks James,
I wanted to provide feedback on your comments.
You wrote token_type should be an HTTP authentication scheme name. I
disagree with this. The token_type is intended be used to identify the type of
the token, meaning that it is likely to take on values like:
SWT
+1 for option 2 - flow based organization
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran
Hammer-Lahav
Sent: Tuesday, January 11, 2011 11:19 PM
To: OAuth WG
Subject: [OAUTH-WG] Specification organization (Endpoints vs. Flows) - Vote by
1/17
(Vote at the end,
Our implementers of draft 10 have raised the following issues with draft 11.
Please address them before publishing a draft 12. I'll send editorial
feedback in a separate message.
6.2 etc.: Specification MUST permit parameter extensibility
There will be uses of OAuth2 where additional
Not that I'm aware of at present, but I expect that to change shortly.
-- Mike
-Original Message-
From: Hannes Tschofenig [mailto:hannes.tschofe...@gmx.net]
Sent: Monday, January 10, 2011 1:04 AM
To: Mike Jones
Cc: Hannes Tschofenig; oauth@ietf.org
Please put me in touch with the others who are working on JSON signing and
encryption so we can coordinate our efforts.
Thanks!
-- Mike
-Original Message-
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On
I believe the draft should continue to say that the error code space MAY be
extended.
-- Mike
From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Eran
Hammer-Lahav
Sent: Monday, January 10, 2011 11:54 AM
To:
You can read about the Artifact Binding at
https://bitbucket.org/openid/ab/wiki/Home. The latest draft is at
https://bitbucket.org/openid/ab/raw/c1eaac175dc8/openid-artifact-binding-1_0.html.
Nat Sakimura is actively updating the specification as we speak,
incorporating some of the ideas
Draft -01 of the JSON Web Token (JWT)
specificationhttp://self-issued.info/docs/draft-jones-json-web-token.html is
now available. This version incorporates the consensus decisions reached at
the Internet Identity Workshop. The remaining open issues and to-do items are
documented in Section
901 - 1000 of 1018 matches
Mail list logo
