Re: [OAUTH-WG] Shepherd Writeup for OAuth AMR

Mon, 26 Sep 2016 12:03:59 -0700 

Thanks, Hannes. I’ll plan to make these changes once I’m back in circulation – 
probably early next week.



– Mike





From: Hannes Tschofenig<mailto:[email protected]>
Sent: Monday, September 26, 2016 7:02 AM
To: [email protected]<mailto:[email protected]>
Subject: [OAUTH-WG] Shepherd Writeup for OAuth AMR



Hi all,

Here is the writeup for OAuth AMR:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_AMR.txt

There are some questions regarding the normative references. Currently,
the list of normative references contains documents that would be
clarified as downrefs (since they are informational RFCs).

I wonder whether we could make the following references informative:

    [RFC4226]  M'Raihi, D., Bellare, M., Hoornaert, F., Naccache, D., and
               O. Ranen, "HOTP: An HMAC-Based One-Time Password
               Algorithm", RFC 4226, DOI 10.17487/RFC4226, December 2005,
               <http://www.rfc-editor.org/info/rfc4226>.


    [RFC6238]  M'Raihi, D., Machani, S., Pei, M., and J. Rydell, "TOTP:
               Time-Based One-Time Password Algorithm", RFC 6238,
               DOI 10.17487/RFC6238, May 2011,
               <http://www.rfc-editor.org/info/rfc6238>.

    [RFC4211]  Schaad, J., "Internet X.509 Public Key Infrastructure
               Certificate Request Message Format (CRMF)", RFC 4211,
               DOI 10.17487/RFC4211, September 2005,
               <http://www.rfc-editor.org/info/rfc4211>.

    [JECM]     Williamson, G., "Enhanced Authentication In Online
               Banking", Journal of Economic Crime Management 4.2: 18-19,
               2006,
               <http://utica.edu/academic/institutes/ecii/publications/
               articles/51D6D996-90F2-F468-AC09C4E8071575AE.pdf>.

    [MSDN]     Microsoft, "Integrated Windows Authentication with
               Negotiate", September 2011,
               <http://blogs.msdn.com/b/benjaminperkins/
               archive/2011/09/14/iis-integrated-windows-authentication-
               with-negotiate.aspx>.

    [NIST.800-63-2]
               National Institute of Standards and Technology (NIST),
               "Electronic Authentication Guideline", NIST Special
               Publication 800-63-2, August 2013,
               <http://nvlpubs.nist.gov/nistpubs/SpecialPublications/
               NIST.SP.800-63-2.pdf>.

Comments on the shepherd writeup are welcome.

Ciao
Hannes

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to