Just updated a typo that was pointed out. BTW, the spec has not progressed for a long time. I wonder what can I do to push it through.
Nat ________________________________ 差出人: [email protected] 送信日時: 日曜日, 10月 21, 2018 11:17 午後 宛先: Nat Sakimura; John Bradley 件名: New Version Notification for draft-ietf-oauth-jwsreq-17.txt A new version of I-D, draft-ietf-oauth-jwsreq-17.txt has been successfully submitted by Nat Sakimura and posted to the IETF repository. Name: draft-ietf-oauth-jwsreq Revision: 17 Title: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR) Document date: 2018-10-21 Group: oauth Pages: 27 URL: https://www.ietf.org/internet-drafts/draft-ietf-oauth-jwsreq-17.txt Status: https://datatracker.ietf.org/doc/draft-ietf-oauth-jwsreq/ Htmlized: https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-17 Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwsreq Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-jwsreq-17 Abstract: The authorization request in OAuth 2.0 described in RFC 6749 utilizes query parameter serialization, which means that Authorization Request parameters are encoded in the URI of the request and sent through user agents such as web browsers. While it is easy to implement, it means that (a) the communication through the user agents are not integrity protected and thus the parameters can be tainted, and (b) the source of the communication is not authenticated. Because of these weaknesses, several attacks to the protocol have now been put forward. This document introduces the ability to send request parameters in a JSON Web Token (JWT) instead, which allows the request to be signed with JSON Web Signature (JWS) and encrypted with JSON Web Encryption (JWE) so that the integrity, source authentication and confidentiality property of the Authorization Request is attained. The request can be sent by value or by reference. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
