Hi all,we would like to ask again for feedback on our draft for the "web_message" response mode: *https://datatracker.ietf.org/doc/draft-meyerzuselha-oauth-web-message-response-mode/
*
We think it would be very helpful for implementers and developers to specify a secure standard for a postMessage API-based response mode.
Best regards, Karsten* * On 23.11.2023 10:11, Karsten Meyer zu Selhausen | Hackmanit wrote:
Hi everyone,at the last OSW the topic of a response mode based on the postMessage API came up. This approach is already used by multiple parties (e.g., Google) but lacks standardization.There was some sense of agreement that it would be a good idea to create an RFC defining this response mode to counter security flaws in individual implementations and improve interoperability.Because the efforts in the past were long expired (draft -00 of https://datatracker.ietf.org/doc/draft-sakimura-oauth-wmrm/ expired in 2016) we took the initiative and started to work on a new ID for the "web_message" response mode.*We would like to to ask the members of the working group for feedback on our draft: https://datatracker.ietf.org/doc/draft-meyerzuselha-oauth-web-message-response-mode/*I see that "draft-sakimura-oauth-wmrm" has been recently updated. However, there have not been any changes to its contents. What are the plans of the authors for this draft?Best regards Karsten -- Karsten Meyer zu Selhausen Senior IT Security Consultant Phone: +49 (0)234 / 54456499 Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, Security Training Multi-Factor Authentication (MFA) significantly increases the security of your accounts. Learn in our blog posts what the best MFA options are and how FIDO2 goes one step further to solve the world’s password problem: https://www.hackmanit.de/en/blog-en/162-what-is-mfa https://www.hackmanit.de/en/blog-en/165-what-is-fido2 Hackmanit GmbH Universitätsstraße 60 (Exzenterhaus) 44789 Bochum Registergericht: Amtsgericht Bochum, HRB 14896 Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. Christian Mainka, Prof. Dr. Marcus Niemietz
-- Karsten Meyer zu Selhausen Senior IT Security Consultant Phone: +49 (0)234 / 54456499 Web: https://hackmanit.de | IT Security Consulting, Penetration Testing, Security Training Multi-Factor Authentication (MFA) significantly increases the security of your accounts. Learn in our blog posts what the best MFA options are and how FIDO2 goes one step further to solve the world’s password problem: https://www.hackmanit.de/en/blog-en/162-what-is-mfa https://www.hackmanit.de/en/blog-en/165-what-is-fido2 Hackmanit GmbH Universitätsstraße 60 (Exzenterhaus) 44789 Bochum Registergericht: Amtsgericht Bochum, HRB 14896 Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. Christian Mainka, Prof. Dr. Marcus Niemietz
OpenPGP_0x4535C0E7DB16F148.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
