Discussion:
[OAUTH-WG] Decentralized OAuth2.0 -- FW: New Version Notification for draft-hardjono-oauth-decentralized-00.txt
Thomas Hardjono
2017-02-01 23:48:26 UTC
Permalink
Folks,

This may be of interest. Its forward-looking, I know. Appreciate any comments on the draft.

Best.

/thomas/

________________________________________
From: internet-***@ietf.org [internet-***@ietf.org]
Sent: Wednesday, February 01, 2017 6:39 PM
To: Thomas Hardjono
Subject: New Version Notification for draft-hardjono-oauth-decentralized-00.txt

A new version of I-D, draft-hardjono-oauth-decentralized-00.txt
has been successfully submitted by Thomas Hardjono and posted to the
IETF repository.

Name: draft-hardjono-oauth-decentralized
Revision: 00
Title: Decentralized Service Architecture for OAuth2.0
Document date: 2017-02-01
Group: Individual Submission
Pages: 21
URL: https://www.ietf.org/internet-drafts/draft-hardjono-oauth-decentralized-00.txt
Status: https://datatracker.ietf.org/doc/draft-hardjono-oauth-decentralized/
Htmlized: https://tools.ietf.org/html/draft-hardjono-oauth-decentralized-00


Abstract:
This document proposes an alternative service architecture for user-
centric control of the sharing of resources, such as personal data,
using the decentralized peer-to-peer computing paradigm. The term
'control' is used here to denote the full capacity of the user to
freely select (i) the entities with whom to share resources (e.g.
data), and (ii) the entities which provide services implementing
user-controlled resource sharing. The peer-to-peer service
architecture uses a set of computing nodes called OAuth2.0 Nodes (ON)
that are part of a peer-to-peer network as the basis for the
decentralized service architecture. Each OAuth2.0 Nodes is assumed
to have the capability to provide AS-services, RS-services and
Client-services.





Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat
Aaron Parecki
2017-02-02 00:26:54 UTC
Permalink
The introduction sounds great, especially acknowledging the problems due to
"the predominance of the web single sign-on model as the basis for the user
interaction"... but is there a summary of what this actually describes? I
see a lot of boilerplate text, and defining some new terms, but I don't
actually know what I would implement after reading this.

----
Aaron Parecki
aaronparecki.com
@aaronpk <http://twitter.com/aaronpk>


On Wed, Feb 1, 2017 at 3:48 PM, Thomas Hardjono <***@mit.edu> wrote:

>
> Folks,
>
> This may be of interest. Its forward-looking, I know. Appreciate any
> comments on the draft.
>
> Best.
>
> /thomas/
>
> ________________________________________
> From: internet-***@ietf.org [internet-***@ietf.org]
> Sent: Wednesday, February 01, 2017 6:39 PM
> To: Thomas Hardjono
> Subject: New Version Notification for draft-hardjono-oauth-
> decentralized-00.txt
>
> A new version of I-D, draft-hardjono-oauth-decentralized-00.txt
> has been successfully submitted by Thomas Hardjono and posted to the
> IETF repository.
>
> Name: draft-hardjono-oauth-decentralized
> Revision: 00
> Title: Decentralized Service Architecture for OAuth2.0
> Document date: 2017-02-01
> Group: Individual Submission
> Pages: 21
> URL: https://www.ietf.org/internet-drafts/draft-hardjono-oauth-
> decentralized-00.txt
> Status: https://datatracker.ietf.org/doc/draft-hardjono-oauth-
> decentralized/
> Htmlized: https://tools.ietf.org/html/draft-hardjono-oauth-
> decentralized-00
>
>
> Abstract:
> This document proposes an alternative service architecture for user-
> centric control of the sharing of resources, such as personal data,
> using the decentralized peer-to-peer computing paradigm. The term
> 'control' is used here to denote the full capacity of the user to
> freely select (i) the entities with whom to share resources (e.g.
> data), and (ii) the entities which provide services implementing
> user-controlled resource sharing. The peer-to-peer service
> architecture uses a set of computing nodes called OAuth2.0 Nodes (ON)
> that are part of a peer-to-peer network as the basis for the
> decentralized service architecture. Each OAuth2.0 Nodes is assumed
> to have the capability to provide AS-services, RS-services and
> Client-services.
>
>
>
>
>
> Please note that it may take a couple of minutes from the time of
> submission
> until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
> _______________________________________________
> OAuth mailing list
> ***@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
Thomas Hardjono
2017-02-02 13:32:10 UTC
Permalink
What's needed would be (a) contracts servers that can talk to one another, (b) addition of pub-keys to some well known endpoints, and (c) some actual contracts with actual legal prose :-)

The contract server could be treated as a protected endpoint (e.g. at the AS), but since contract agreement is a 2-way handshake we may need to add some new message flows.

/thomas/


________________________________________
From: Aaron Parecki [***@parecki.com]
Sent: Wednesday, February 01, 2017 7:26 PM
To: Thomas Hardjono
Cc: ***@ietf.org; oauth-***@ietf.org
Subject: Re: [OAUTH-WG] Decentralized OAuth2.0 -- FW: New Version Notification for draft-hardjono-oauth-decentralized-00.txt

The introduction sounds great, especially acknowledging the problems due to "the predominance of the web single sign-on model as the basis for the user interaction"... but is there a summary of what this actually describes? I see a lot of boilerplate text, and defining some new terms, but I don't actually know what I would implement after reading this.

----
Aaron Parecki
aaronparecki.com<http://aaronparecki.com>
@aaronpk<http://twitter.com/aaronpk>


On Wed, Feb 1, 2017 at 3:48 PM, Thomas Hardjono <***@mit.edu<mailto:***@mit.edu>> wrote:

Folks,

This may be of interest. Its forward-looking, I know. Appreciate any comments on the draft.

Best.

/thomas/

________________________________________
From: internet-***@ietf.org<mailto:internet-***@ietf.org> [internet-***@ietf.org<mailto:internet-***@ietf.org>]
Sent: Wednesday, February 01, 2017 6:39 PM
To: Thomas Hardjono
Subject: New Version Notification for draft-hardjono-oauth-decentralized-00.txt

A new version of I-D, draft-hardjono-oauth-decentralized-00.txt
has been successfully submitted by Thomas Hardjono and posted to the
IETF repository.

Name: draft-hardjono-oauth-decentralized
Revision: 00
Title: Decentralized Service Architecture for OAuth2.0
Document date: 2017-02-01
Group: Individual Submission
Pages: 21
URL: https://www.ietf.org/internet-drafts/draft-hardjono-oauth-decentralized-00.txt
Status: https://datatracker.ietf.org/doc/draft-hardjono-oauth-decentralized/
Htmlized: https://tools.ietf.org/html/draft-hardjono-oauth-decentralized-00


Abstract:
This document proposes an alternative service architecture for user-
centric control of the sharing of resources, such as personal data,
using the decentralized peer-to-peer computing paradigm. The term
'control' is used here to denote the full capacity of the user to
freely select (i) the entities with whom to share resources (e.g.
data), and (ii) the entities which provide services implementing
user-controlled resource sharing. The peer-to-peer service
architecture uses a set of computing nodes called OAuth2.0 Nodes (ON)
that are part of a peer-to-peer network as the basis for the
decentralized service architecture. Each OAuth2.0 Nodes is assumed
to have the capability to provide AS-services, RS-services and
Client-services.





Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>.

The IETF Secretariat
Loading...