Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-threatmodel-07.txt

Thu, 16 Aug 2012 11:01:05 -0700 

Hi,

we don't plan further changes.

regards,
Torsten.

Am 16.08.2012 19:35, schrieb Stephen Farrell:

Thanks,

Since this is on the Aug 30 telechat let's  not have any further changes 
without a chair/AD asking.

Ta,
S

On 16 Aug 2012, at 18:19, Torsten Lodderstedt <[email protected]> wrote:


Hi all,

the new revision covers token substitution, which has been added to the core 
spec lately. Additionally, it describes a similar attack on the code flow, 
which is prevented by forcing the authorization server to validate that an 
authorization code had been issued to the calling client.

We also made the references to core and bearer spec normative.

regards,
Torsten.

Am 16.08.2012 19:14, schrieb [email protected]:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
  This draft is a work item of the Web Authorization Protocol Working Group of 
the IETF.

    Title           : OAuth 2.0 Threat Model and Security Considerations
    Author(s)       : Torsten Lodderstedt
                           Mark McGloin
                           Phil Hunt
    Filename        : draft-ietf-oauth-v2-threatmodel-07.txt
    Pages           : 70
    Date            : 2012-08-16

Abstract:
    This document gives additional security considerations for OAuth,
    beyond those in the OAuth specification, based on a comprehensive
    threat model for the OAuth 2.0 Protocol.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-threatmodel

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-07

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-threatmodel-07


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth


_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to