WG,
On behalf of my multinational cohort of esteemed co-authors, I published
PAR -03 this morning (MDT) wanting to get a new draft out with some lead
time before the Aug 10 interim
<https://datatracker.ietf.org/meeting/interim-2020-oauth-11/session/oauth>
where PAR will be the topic de jour. The changes are summarized below,
which mostly consist of clarifications and various fixups to the text. The
"bits on the wire" protocol seems to be stable at this point, so we got
that going for us, which is nice.
-03
* Editorial updates
* Mention that https is required for the PAR endpoint
* Add some discussion of browser form posting an authz request vs.
the benefits of PAR for any application
* Added text about motivations behind PAR - integrity,
confidentiality and early client auth
* Better explain one-time use recommendation of the request_uri
* Drop the section on special error responses for request objects
* Clarify authorization request examples to say that the client
directs the user-agent to make the HTTP GET request (vs. making
the request itself)
---------- Forwarded message ---------
From: <[email protected]>
Date: Fri, Jul 31, 2020 at 7:12 AM
Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-par-03.txt
To: <[email protected]>
Cc: <[email protected]>
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Pushed Authorization Requests
Authors : Torsten Lodderstedt
Brian Campbell
Nat Sakimura
Dave Tonge
Filip Skokan
Filename : draft-ietf-oauth-par-03.txt
Pages : 19
Date : 2020-07-31
Abstract:
This document defines the pushed authorization request endpoint,
which allows clients to push the payload of an OAuth 2.0
authorization request to the authorization server via a direct
request and provides them with a request URI that is used as
reference to the data in a subsequent authorization request.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-par/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-oauth-par-03
https://datatracker.ietf.org/doc/html/draft-ietf-oauth-par-03
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-par-03
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
--
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you._
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
