[WG-UMA] OAuth 2.0 and the Road to Hell

Eve Maler eve at xmlgrrl.com
Tue Jul 31 00:58:49 EDT 2012


Hmm, I hope Eran will take a look at the latest version of UMA. Paul and I sought his feedback a couple of years ago, and his feedback was that it was too complex. :-) We've not only excised the complexity, our usage of OAuth is now plain vanilla and requires no extensions. (The UMA token flow is OAuth-inspired but not really an OAuth extension...)

	Eve

On 30 Jul 2012, at 5:28 AM, Alam <alamjan at gmail.com> wrote:

> His(Eran's) latest comments on UMA ..
> 
> "Another community that has been very satisfied with OAuth 2.0 is UMA. Some of the UMA project leads are people are like and respect, like Eve Maler. In the past I have invited members of the UMA community to share their project with the OAuth community on the mailing list, at IETF meetings, and on this blog. It has been a long time since I read up on UMA but I was always skeptical about its relevancy to the consumer web world I care about. UMA is also based on OAuth 2.0 and relies on many of its extensibility areas to operate. If you want to get an idea of the complexity (and richness) of this world, this is a good place to start."
> 
> source: http://hueniverse.com/2012/07/on-leaving-oauth/
> 
> Regards,
> Alam
> 
> 
> 
> On Mon, Jul 30, 2012 at 2:20 PM, Salvatore D'Agostino <sal at idmachines.com> wrote:
> Thanks Thomas.
> 
> Let's hope we all evolve ;-)
> 
> -----Original Message-----
> From: Thomas Hardjono [mailto:identity at hardjono.net]
> Sent: Sunday, July 29, 2012 8:56 PM
> To: 'John Bradley'; 'Salvatore D'Agostino'
> Cc: 'UMA WG WG'
> Subject: RE: [WG-UMA] OAuth 2.0 and the Road to Hell
> 
> +1 agree with John here. Oauth2.0 is here to stay. (It may evolve
> further in the future).
> 
> cheers,
> 
> /thomas/
> 
> -----------------------------
> 
> 
> From: wg-uma-bounces at kantarainitiative.org
> [mailto:wg-uma-bounces at kantarainitiative.org] On Behalf Of John Bradley
> Sent: Saturday, July 28, 2012 2:51 PM
> To: Salvatore D'Agostino
> Cc: 'UMA WG WG'
> Subject: Re: [WG-UMA] OAuth 2.0 and the Road to Hell
> 
> I put up a blog post this morning.
>   http://www.thread-safe.com/2012/07/the-oauth-2-sky-is-not-falling.ht
> ml
> 
> John B.
> On 2012-07-28, at 11:43 AM, Salvatore D'Agostino wrote:
> 
> 
> John,
>  
> Glad to hear the good with the bad.
>  
> Thanks,
> Sal
>  
> From: John Bradley [mailto:ve7jtb at ve7jtb.com]
> Sent: Saturday, July 28, 2012 1:00 PM
> To: Salvatore D'Agostino
> Cc: 'Eve Maler'; 'Alam'; 'UMA WG WG'
> Subject: Re: [WG-UMA] OAuth 2.0 and the Road to Hell
>  
> Get a grip people.  The sky is not falling.   Life is good.
>  
> The OAuth workgroup has been making excellent progress closing the open
> issues.
>  
> We are now finishing the instructions for the RFC editor.  The spec has been
> completed in the last several months since the chairs removed the editor's
> ability to block progress.
>  
> I don't hink it would have been in UMA's interest to support only
> confidential clients with only MAC tokens.   It is true that protocols using
> OAuth 2 need to define there security models and profile the spec as UMA
> has.   This is normal,  nothing has changed except that OAuth is making
> progress again.
>  
> John B.
>  
> On 2012-07-28, at 9:45 AM, Salvatore D'Agostino wrote:
> 
> 
> 
> Hi Eve,
>  
> Been lurking and seen this all come to pass as well.
>  
> Assume that the bad part is that Eran is right and that OAuth 2 is less
> likely the building block we looked to build on?
>  
> Regards,
>  
> Sal
>  
> From: wg-uma-bounces at kantarainitiative.org [mailto:wg-uma-bounces at kant
> arainitiative.org] On Behalf Of Eve Maler
> Sent: Friday, July 27, 2012 8:26 PM
> To: Alam
> Cc: UMA WG WG
> Subject: Re: [WG-UMA] OAuth 2.0 and the Road to Hell
>  
> Sigh. This is an extraordinarily unhelpful blog post. Dick Hardt's comment
> late in the thread captures some of the frustration around Eran's position
> and actions...
>  
>             Eve
>  
> On 27 Jul 2012, at 8:44 AM, Alam <alamjan at gmail.com> wrote:
> 
> 
> 
> 
> Hi All,
> 
> "They say the road to hell is paved with good intentions. Well, that’s OAuth
> 2.0. "  Eran Hammer for more ...
> 
> http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/
> 
> Cheers,
> Alam
> _______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma
>  
> 
> Eve Maler                                  http://www.xmlgrrl.com/blog
> +1 425 345 6756                         http://www.twitter.com/xmlgrrl
> 
> 
> 
> 
>  
> _______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma
> 
> 
> _______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma
> 
> 
> _______________________________________________
> WG-UMA mailing list
> WG-UMA at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/wg-uma


Eve Maler                                  http://www.xmlgrrl.com/blog
+1 425 345 6756                         http://www.twitter.com/xmlgrrl


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-uma/attachments/20120730/5bd0a58f/attachment.html 


More information about the WG-UMA mailing list