I agree with Phil. As currently described it replicates a lot of the work we have done in PoP.
Ciao Hannes On 12/06/2014 09:52 AM, John Bradley wrote: > No, this is the the work formerly known as origin bound certificates & > Channel ID. We need this to bind id_tokens and or access tokens to TLS > sessions. > > So it is an alternative TLS binding mechanism. We still need to describe > how to use it with OAuth and JWT. > > It is a building block we can use for PoP. > > John B. >> On Dec 5, 2014, at 10:48 PM, Phil Hunt <[email protected]> wrote: >> >> Doesn't that duplicate our current work? >> >> Phil >> >>> On Dec 5, 2014, at 11:17, Hannes Tschofenig <[email protected]> >>> wrote: >>> >>> >>> >>> >>> -------- Forwarded Message -------- >>> Subject: [websec] unbearable - new mailing list to discuss better than >>> bearer tokens... >>> Date: Fri, 05 Dec 2014 16:43:19 +0000 >>> From: Stephen Farrell <[email protected]> >>> Reply-To: Stephen Farrell <[email protected]> >>> To: [email protected] <[email protected]>, websec <[email protected]>, >>> [email protected] <[email protected]>, [email protected] Group >>> <[email protected]>, [email protected] <[email protected]> >>> >>> >>> Hiya, >>> >>> Following up on the presentation at IETF-91 on this topic, [1] >>> we've created a new list [2] for moving that along. The list >>> description is: >>> >>> "This list is for discussion of proposals for doing better than bearer >>> tokens (e.g. HTTP cookies, OAuth tokens etc.) for web applications. >>> The specific goal is chartering a WG focused on preventing security >>> token export and replay attacks." >>> >>> If you're interested please join in. >>> >>> Thanks to Vinod and Andrei for agreeing to admin the list. >>> >>> We'll kick off discussion in a few days when folks have had >>> a chance to subscribe. >>> >>> Cheers, >>> S. >>> >>> PS: Please don't reply-all to this, join the new list, wait >>> a few days and then say what you need to say:-) >>> >>> [1] https://tools.ietf.org/agenda/91/slides/slides-91-uta-2.pdf >>> [2] https://www.ietf.org/mailman/listinfo/unbearable >>> >>> _______________________________________________ >>> websec mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/websec >>> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/oauth >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
