OpenID Connect is the intellectual property of the OpenID Foundation and it is discussed there.
— Justin > On Feb 6, 2017, at 7:30 AM, Denis <[email protected]> wrote: > > > The scope of this draft is unclear. The title states: "OAuth Security Topics". > I have some questions: > Does this document intend to cover only the OAuth 2.0 delegation protocol > (since Justin said that OAuth 2.0 is a delegation protocol) > or OpenId Connect as well which is not limited to a delegation protocol ? > Should we discuss OpenID Connect issues and/or solutions in an IETF RFC ? > If this document is going to be progressed, the threats should be clearly > separated whether they relate to a delegation model or to > a client-server access control model. This is not currently the case. > If this document is going to be progressed, the ABC attack (in the context of > an access control model) should be mentioned even if there exits > no way to counter it given the current implicit assumptions made in OAuth > 2.0, in particular the use of software only implementations. > > Denis > >> A belated +1 >> >> >> On Sat, Feb 4, 2017, 9:08 AM Jim Manico <[email protected] >> <mailto:[email protected]>> wrote: >> I'm just some random idiot am an not in this working group but the work from >> https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00 >> <https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00> is >> one of the most up to date and useful OAuth security resources every >> published. I am thrilled to see more work put into it. >> >> Aloha, Jim >> >> >> On 2/3/17 1:57 PM, William Denniss wrote: >>> I support the adoption of this document as a working group item. >>> >>> On Thu, Feb 2, 2017 at 2:30 PM, Jim Willeke <[email protected] >>> <mailto:[email protected]>> wrote: >>> +! >>> I agree this is needed. >>> >>> -- >>> -jim >>> Jim Willeke >>> >>> On Thu, Feb 2, 2017 at 4:33 PM, John Bradley <[email protected] >>> <mailto:[email protected]>> wrote: >>> I am in favour of adoption. >>> > On Feb 2, 2017, at 4:09 AM, Hannes Tschofenig <[email protected] >>> > <mailto:[email protected]>> wrote: >>> > >>> > Hi all, >>> > >>> > this is the call for adoption of the 'OAuth Security Topics' document >>> > following the positive call for adoption at the last IETF >>> > meeting in Seoul. >>> > >>> > Here is the document: >>> > https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00 >>> > <https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00> >>> > >>> > The intention with this document is to have a place to collect >>> > discussions and conclusions around OAuth 2.0 security and to reference >>> > the actual solution specifications. >>> > >>> > Please let us know by Feb 16th whether you accept / object to the >>> > adoption of this document as a starting point for work in the OAuth >>> > working group. >>> > >>> > Ciao >>> > Hannes & Derek >>> > >>> > _______________________________________________ >>> > OAuth mailing list >>> > [email protected] <mailto:[email protected]> >>> > https://www.ietf.org/mailman/listinfo/oauth >>> > <https://www.ietf.org/mailman/listinfo/oauth> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] <mailto:[email protected]> >>> https://www.ietf.org/mailman/listinfo/oauth >>> <https://www.ietf.org/mailman/listinfo/oauth> >>> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] <mailto:[email protected]> >>> https://www.ietf.org/mailman/listinfo/oauth >>> <https://www.ietf.org/mailman/listinfo/oauth> >>> >>> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] <mailto:[email protected]> >>> https://www.ietf.org/mailman/listinfo/oauth >>> <https://www.ietf.org/mailman/listinfo/oauth> >> >> -- >> Jim Manico >> Manicode Security >> https://www.manicode.com >> <https://www.manicode.com/>_______________________________________________ >> OAuth mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/oauth >> <https://www.ietf.org/mailman/listinfo/oauth> >> -- >> Nat Sakimura >> >> Chairman of the Board, OpenID Foundation >> >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] <mailto:[email protected]> >> https://www.ietf.org/mailman/listinfo/oauth >> <https://www.ietf.org/mailman/listinfo/oauth> > > _______________________________________________ > OAuth mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/oauth > <https://www.ietf.org/mailman/listinfo/oauth>
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
