OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Fwd: Re: [OAUTH-WG] First draft of OAuth 2.0

we're back in with the cool kids! :-)

-------- Original Message --------
Subject: Re: [OAUTH-WG] First draft of OAuth 2.0
Date: Tue, 23 Mar 2010 10:47:59 -0700
From: David Recordon <recordond@gmail.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>, Chuck Mortimore <cmortimore@salesforce.com>, Mark Mcgloin <mark.mcgloin@ie.ibm.com>
CC: OAuth WG <oauth@ietf.org> 


Hey Chuck,
Thanks for rewriting the SAML flow into the style of my draft!  I
really appreciate it.

I originally dropped the SAML flow because I hadn't seen support for
it on the mailing list(s) the past two months.  I think that our
default should be making the spec as short and simple as possible so
removed a few things from WRAP in order to start conversations like
this one.  It's now clear that Google, Microsoft, Salesforce, and IBM
all need the SAML profile.  Chuck, I'll merge your wording in.  Want
to be listed as an author?

We're also going to need to figure out which flows should be in the
core spec versus which should be developed at the same time but in
individual documents.

Thanks,
--David

On Tue, Mar 23, 2010 at 4:50 AM, Torsten Lodderstedt
<torsten@lodderstedt.net> wrote:
> +1 for assertion support
>
> what about enhancing the flow #2.4 to accept any kind of user credentials
> (username/password, SAML assertions, other authz servers tokens)
>
> regards,
> Torsten.
>
> Am 23.03.2010 um 12:42 schrieb Mark Mcgloin <mark.mcgloin@ie.ibm.com>:
>
>> +1 for assertion profile. Was there any reason why it was dropped?
>>
>> On 3/23/10, Chuck Mortimore wrote:
>>>
>>> Just getting a chance to review this – I apologize for not getting this
>>
>> before the meeting started.
>>
>>> We’d like to see some form of an Assertion Profile, similar to section
>>> 5.2
>>
>> from draft-hardt-oauth-01.   We have strong customer use-cases for an
>> assertion based flow, specifically SAML bearer tokens, and I >believe
>> Microsoft may have already shipped a minor variation on this ( wrap_SAML )
>> in Azure.
>>
>>
>> Mark McGloin
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]