[WG-UMA] OAuth 2.0 and the Road to Hell

Salvatore D'Agostino sal at idmachines.com
Mon Jul 30 08:20:00 EDT 2012


Thanks Thomas.

Let's hope we all evolve ;-)

-----Original Message-----
From: Thomas Hardjono [mailto:identity at hardjono.net] 
Sent: Sunday, July 29, 2012 8:56 PM
To: 'John Bradley'; 'Salvatore D'Agostino'
Cc: 'UMA WG WG'
Subject: RE: [WG-UMA] OAuth 2.0 and the Road to Hell

+1 agree with John here. Oauth2.0 is here to stay. (It may evolve
further in the future).

cheers,

/thomas/

-----------------------------


From: wg-uma-bounces at kantarainitiative.org
[mailto:wg-uma-bounces at kantarainitiative.org] On Behalf Of John Bradley
Sent: Saturday, July 28, 2012 2:51 PM
To: Salvatore D'Agostino
Cc: 'UMA WG WG'
Subject: Re: [WG-UMA] OAuth 2.0 and the Road to Hell

I put up a blog post this morning.
  http://www.thread-safe.com/2012/07/the-oauth-2-sky-is-not-falling.ht
ml

John B.
On 2012-07-28, at 11:43 AM, Salvatore D'Agostino wrote:


John,
 
Glad to hear the good with the bad.
 
Thanks,
Sal
 
From: John Bradley [mailto:ve7jtb at ve7jtb.com]
Sent: Saturday, July 28, 2012 1:00 PM
To: Salvatore D'Agostino
Cc: 'Eve Maler'; 'Alam'; 'UMA WG WG'
Subject: Re: [WG-UMA] OAuth 2.0 and the Road to Hell
 
Get a grip people.  The sky is not falling.   Life is good.
 
The OAuth workgroup has been making excellent progress closing the open
issues.
 
We are now finishing the instructions for the RFC editor.  The spec has been
completed in the last several months since the chairs removed the editor's
ability to block progress.
 
I don't hink it would have been in UMA's interest to support only
confidential clients with only MAC tokens.   It is true that protocols using
OAuth 2 need to define there security models and profile the spec as UMA
has.   This is normal,  nothing has changed except that OAuth is making
progress again.
 
John B.
 
On 2012-07-28, at 9:45 AM, Salvatore D'Agostino wrote:



Hi Eve,
 
Been lurking and seen this all come to pass as well.
 
Assume that the bad part is that Eran is right and that OAuth 2 is less
likely the building block we looked to build on?
 
Regards,
 
Sal
 
From: wg-uma-bounces at kantarainitiative.org [mailto:wg-uma-bounces at kant
arainitiative.org] On Behalf Of Eve Maler
Sent: Friday, July 27, 2012 8:26 PM
To: Alam
Cc: UMA WG WG
Subject: Re: [WG-UMA] OAuth 2.0 and the Road to Hell
 
Sigh. This is an extraordinarily unhelpful blog post. Dick Hardt's comment
late in the thread captures some of the frustration around Eran's position
and actions...
 
            Eve
 
On 27 Jul 2012, at 8:44 AM, Alam <alamjan at gmail.com> wrote:




Hi All,

"They say the road to hell is paved with good intentions. Well, that’s OAuth
2.0. "  Eran Hammer for more ...

http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

Cheers,
Alam
_______________________________________________
WG-UMA mailing list
WG-UMA at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
 

Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl




 
_______________________________________________
WG-UMA mailing list
WG-UMA at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6085 bytes
Desc: not available
Url : http://kantarainitiative.org/pipermail/wg-uma/attachments/20120730/eb3cdd57/attachment.bin 


More information about the WG-UMA mailing list