This submission includes the new section 6 introductory paragraph agreed upon earlier this afternoon (pacific time). It also removes the first paragraph in sec 5 that was introduced in error in draft 06.
This should cover all the feedback received so far. Cheers, Phil @independentid www.independentid.com [email protected] > On Dec 1, 2015, at 3:15 PM, [email protected] wrote: > > > A New Internet-Draft is available from the on-line Internet-Drafts > directories. > This draft is a work item of the Web Authorization Protocol Working Group of > the IETF. > > Title : OAuth 2.0 Proof-of-Possession (PoP) Security > Architecture > Authors : Phil Hunt > Justin Richer > William Mills > Prateek Mishra > Hannes Tschofenig > Filename : draft-ietf-oauth-pop-architecture-07.txt > Pages : 23 > Date : 2015-12-01 > > Abstract: > The OAuth 2.0 bearer token specification, as defined in RFC 6750, > allows any party in possession of a bearer token (a "bearer") to get > access to the associated resources (without demonstrating possession > of a cryptographic key). To prevent misuse, bearer tokens must be > protected from disclosure in transit and at rest. > > Some scenarios demand additional security protection whereby a client > needs to demonstrate possession of cryptographic keying material when > accessing a protected resource. This document motivates the > development of the OAuth 2.0 proof-of-possession security mechanism. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-architecture/ > > There's also a htmlized version available at: > https://tools.ietf.org/html/draft-ietf-oauth-pop-architecture-07 > > A diff from the previous version is available at: > https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-pop-architecture-07 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
