Congratulations, Bill! -----Original Message----- From: OAuth [mailto:[email protected]] On Behalf Of Phil Hunt Sent: Tuesday, September 01, 2015 8:14 AM To: Hannes Tschofenig Cc: [email protected] Subject: Re: [OAUTH-WG] Fwd: RFC 7628 on A Set of Simple Authentication and Security Layer (SASL) Mechanisms for OAuth
+1 ! Phil > On Aug 31, 2015, at 23:24, Hannes Tschofenig <[email protected]> > wrote: > > FYI: Thanks to Bill for the hard work! > > -------- Forwarded Message -------- > Subject: RFC 7628 on A Set of Simple Authentication and Security Layer > (SASL) Mechanisms for OAuth > Date: Mon, 31 Aug 2015 21:56:17 -0700 (PDT) > From: [email protected] > Reply-To: [email protected] > To: [email protected], [email protected] > CC: [email protected], [email protected], > [email protected] > > A new Request for Comments is now available in online RFC libraries. > > > RFC 7628 > > Title: A Set of Simple Authentication > and Security Layer (SASL) Mechanisms > for OAuth > Author: W. Mills, T. Showalter, H. Tschofenig > Status: Standards Track > Stream: IETF > Date: August 2015 > Mailbox: [email protected], > [email protected], > [email protected] > Pages: 21 > Characters: 46408 > Updates/Obsoletes/SeeAlso: None > > I-D Tag: draft-ietf-kitten-sasl-oauth-23.txt > > URL: > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.rfc-editor.org%2finfo%2frfc7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=J1hIDrCTw8Xi1hMvg3ZaZ1xvdEFhol3BqHt2q6u6VWg%3d > > DOI: > https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fdx.doi.org%2f10.17487%2fRFC7628&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fQVXZSXwbGDS7YVQ446RDFuPUxHNoLLwedzfrx0xKUE%3d > > OAuth enables a third-party application to obtain limited access to a > protected resource, either on behalf of a resource owner by > orchestrating an approval interaction or by allowing the third-party > application to obtain access on its own behalf. > > This document defines how an application client uses credentials > obtained via OAuth over the Simple Authentication and Security Layer > (SASL) to access a protected resource at a resource server. Thereby, > it enables schemes defined within the OAuth framework for > non-HTTP-based application protocols. > > Clients typically store the user's long-term credential. This does, > however, lead to significant security vulnerabilities, for example, > when such a credential leaks. A significant benefit of OAuth for > usage in those clients is that the password is replaced by a shared > secret with higher entropy, i.e., the token. Tokens typically provide > limited access rights and can be managed and revoked separately from > the user's long-term password. > > This document is a product of the Common Authentication Technology > Next Generation Working Group of the IETF. > > This is now a Proposed Standard. > > STANDARDS TRACK: This document specifies an Internet Standards Track > protocol for the Internet community, and requests discussion and > suggestions for improvements. Please refer to the current edition of > the Official Internet Protocol Standards > (https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww. > rfc-editor.org%2fstandards&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=7JPZiamj4nhqHgthEPDIzgpqkvR%2fAA6bj4Ck5vijFPU%3d) > for the standardization state and status of this protocol. Distribution of > this memo is unlimited. > > This announcement is sent to the IETF-Announce and rfc-dist lists. > To subscribe or unsubscribe, see > > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i > etf.org%2fmailman%2flistinfo%2fietf-announce&data=01%7c01%7cMichael.Jo > nes%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f14 > 1af91ab2d7cd011db47%7c1&sdata=aGciLH4fsxKJ6MUO%2fPp6BMj3JFJ37oTjdaSJ5t > WbEkg%3d > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmailm > an.rfc-editor.org%2fmailman%2flistinfo%2frfc-dist&data=01%7c01%7cMicha > el.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf > 86f141af91ab2d7cd011db47%7c1&sdata=agec9juMh0Zzn1mrY6avpBrLPlFfCs8zsyx > 8bSLgDdc%3d > > For searching the RFC series, see > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r > fc-editor.org%2fsearch&data=01%7c01%7cMichael.Jones%40microsoft.com%7c > 9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c > 1&sdata=veVw3wrA9Wz6CWTUfVTLCKAdduFgUDkiaabcuqFyRxc%3d > For downloading RFCs, see > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.r > fc-editor.org%2frfc.html&data=01%7c01%7cMichael.Jones%40microsoft.com% > 7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47% > 7c1&sdata=93atgoSh8enZBPOxNfMophuutPvidnrfoMxOc0XmjS8%3d > > Requests for special distribution should be addressed to either the > author of the RFC in question, or to [email protected]. > Unless specifically noted otherwise on the RFC itself, all RFCs are > for unlimited distribution. > > > The RFC Editor Team > Association Management Solutions, LLC > > > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.i > etf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40mi > crosoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2 > d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU% > 3d _______________________________________________ OAuth mailing list [email protected] https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c9f19ef0544aa4990d83f08d2b2dff4a3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ILpgvSqnqwWhHs7BAm7xXpjoUdVRhJhB2G3m%2fTn%2b6gU%3d _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
