Hi all,
thank you for your valuable feedback on the last draft version. Daniel
and I tried to address all comments in the new version.
Changes in -02:
* Incorporated WG feedback
* Clarifications for unique issuer identifier
* Clarifications when multiple issuer identifier could be present
* Added note that iss parameter MUST NOT be used with JARM
* Added note on error responses and example for error response
* Editorial changes
We would like to ask you for further feedback and comments on the new
draft version.
Best regards,
Karsten
-------- Forwarded Message --------
Subject: New Version Notification for
draft-meyerzuselhausen-oauth-iss-auth-resp-02.txt
Date: Tue, 17 Nov 2020 03:42:02 -0800
From: internet-dra...@ietf.org
To: Karsten zu Selhausen <karsten.meyerzuselhau...@hackmanit.de>,
Daniel Fett <m...@danielfett.de>, Karsten Meyer zu Selhausen
<karsten.meyerzuselhau...@hackmanit.de>
A new version of I-D, draft-meyerzuselhausen-oauth-iss-auth-resp-02.txt
has been successfully submitted by Karsten Meyer zu Selhausen and posted
to the
IETF repository.
Name: draft-meyerzuselhausen-oauth-iss-auth-resp
Revision: 02
Title: OAuth 2.0 Authorization Server Issuer Identifier in Authorization
Response
Document date: 2020-11-17
Group: Individual Submission
Pages: 10
URL:
https://www.ietf.org/archive/id/draft-meyerzuselhausen-oauth-iss-auth-resp-02.txt
Status:
https://datatracker.ietf.org/doc/draft-meyerzuselhausen-oauth-iss-auth-resp/
Html:
https://www.ietf.org/archive/id/draft-meyerzuselhausen-oauth-iss-auth-resp-02.html
Htmlized:
https://tools.ietf.org/html/draft-meyerzuselhausen-oauth-iss-auth-resp-02
Diff:
https://www.ietf.org/rfcdiff?url2=draft-meyerzuselhausen-oauth-iss-auth-resp-02
Abstract:
This document specifies a new parameter "iss" that is used to
explicitly include the issuer identifier of the authorization server
in the authorization response of an OAuth authorization flow. If
implemented correctly, the "iss" parameter serves as an effective
countermeasure to "mix-up attacks".
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
The IETF Secretariat
--
Karsten Meyer zu Selhausen
IT Security Consultant
Phone: +49 (0)234 / 54456499
Web: https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
Nehmen Sie an unserer nächsten Live Online-Schulung zur Sicherheit von OAuth
und OpenID Connect am 27.01 + 28.01.2021 teil:
https://www.hackmanit.de/de/schulungen/127-live-online-schulung-single-sign-on-sicherheit-oauth-openid-connect-am-27-01-28-01-2021
Hackmanit GmbH
Universitätsstraße 60 (Exzenterhaus)
44789 Bochum
Registergericht: Amtsgericht Bochum, HRB 14896
Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr.
Christian Mainka, Dr. Marcus Niemietz
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
