[OAUTH-WG] Fwd: New Version Notification for draft-ietf-oauth-dpop-03.txt

Wed, 07 Apr 2021 13:30:33 -0700 

A new revision of DPoP has been published. The doc history snippet is
copied below. The main change here is the addition of an access token hash
claim.

   -03

   *  Add an access token hash ("ath") claim to the DPoP proof when used
      in conjunction with the presentation of an access token for
      protected resource access

   *  add Untrusted Code in the Client Context section to security
      considerations

   *  Editorial updates and fixes

---------- Forwarded message ---------
From: <[email protected]>
Date: Wed, Apr 7, 2021 at 2:16 PM
Subject: New Version Notification for draft-ietf-oauth-dpop-03.txt


A new version of I-D, draft-ietf-oauth-dpop-03.txt
has been successfully submitted by Brian Campbell and posted to the
IETF repository.

Name:           draft-ietf-oauth-dpop
Revision:       03
Title:          OAuth 2.0 Demonstrating Proof-of-Possession at the
Application Layer (DPoP)
Document date:  2021-04-07
Group:          oauth
Pages:          32
URL:            https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-03.txt
Status:         https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/
Html:
https://www.ietf.org/archive/id/draft-ietf-oauth-dpop-03.html
Htmlized:       https://tools.ietf.org/html/draft-ietf-oauth-dpop-03
Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-dpop-03

Abstract:
   This document describes a mechanism for sender-constraining OAuth 2.0
   tokens via a proof-of-possession mechanism on the application level.
   This mechanism allows for the detection of replay attacks with access
   and refresh tokens.




Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to