[Wg-uma] [OAUTH-WG] Request for feedback: OAuth IETF Drafts (Due 10/2)

J. Trent Adams jtrentadams at gmail.com
Mon Sep 21 13:58:27 PDT 2009

All -

I'm assuming that most folks on this list are already plugged into
this.  But I thought a note here might jog people to think about the
suggested changes in terms of UMA.


Eran Hammer-Lahav wrote:
> http://tools.ietf.org/html/draft-ietf-oauth-authentication
> http://tools.ietf.org/html/draft-ietf-oauth-web-delegation
> I plan to publish new revisions of the above drafts to include:
> * Error codes and optional debug information
> * Cleanup of the authentication extensibility model
> * Change the version / protocol extensibility model
> In addition to general feedback about the drafts, I am looking for specific feedback on the following items which I plan to address in the next drafts:
> * Drop core support for the RSA-SHA1 method
> * Replace HMAC-SHA1 with HMAC-SHA256
> * Define the authentication parameters as method-specific (for example, drop nonce and timestamp from PLAINTEXT)
> * The proposed Problem Reporting extension [1], its richness and complexity
> * Making the HMAC signature method required for all server implementations
> * Changing the delegation flow to require HTTP POST instead of recommending it
> * Mandating server support for all three parameter transmission methods
> * Adding a token revocation endpoint
> * Adding the ability for servers to declare their configuration (methods, etc.) in the WWW-Authenticate header response
> * The value of the client credentials (Consumer Key) and feedback from actual implementation experience
> In order for your feedback to be included or considered for the next revisions it must be received by 10/2 on the oauth at ietf.org list.
> [1] http://wiki.oauth.net/ProblemReporting
> _______________________________________________
> OAuth mailing list
> OAuth at ietf.org
> https://www.ietf.org/mailman/listinfo/oauth

J. Trent Adams

Profile: http://www.mediaslate.org/jtrentadams/
LinkedIN: http://www.linkedin.com/in/jtrentadams
Twitter: http://twitter.com/jtrentadams

More information about the Wg-uma mailing list