Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-auth-resp-01.txt

Tue, 08 Jun 2021 02:16:51 -0700 

Hi all,

thank you for your feedback.
In this version we addressed your comments on the JARM note and clarified the mix-up description. 

We also changed the title of the draft to make it a little shorter.

Best regards,
Karsten

On 08.06.2021 11:07, [email protected] wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.

         Title           : OAuth 2.0 Authorization Server Issuer Identification
         Authors         : Karsten Meyer zu Selhausen
                           Daniel Fett
        Filename        : draft-ietf-oauth-iss-auth-resp-01.txt
        Pages           : 10
        Date            : 2021-06-08

Abstract:
    This document specifies a new parameter "iss" that is used to
    explicitly include the issuer identifier of the authorization server
    in the authorization response of an OAuth authorization flow.  The
    "iss" parameter serves as an effective countermeasure to "mix-up
    attacks".


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-iss-auth-resp-01.html

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-iss-auth-resp-01


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth


--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone:  +49 (0)234 / 54456499
Web:    https://hackmanit.de | IT Security Consulting, Penetration Testing, 
Security Training

Möchten Sie sich für ein Projekt mit dem Thema Single Sign-On oder den 
Standards OAuth und OpenID Connect vertraut machen?
Dann melden Sie sich jetzt an für Ihre Einführung in Single Sign-On, OAuth und 
OpenID Connect am Mittwoch, 09.06.2021, von 10:00 - 14:30 Uhr!
https://www.hackmanit.de/de/schulungen/uebersicht/139-einfuehrung-in-single-sign-on-oauth-und-openid-connect

Hackmanit GmbH
Universitätsstraße 60 (Exzenterhaus)
44789 Bochum

Registergericht: Amtsgericht Bochum, HRB 14896
Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. 
Christian Mainka, Dr. Marcus Niemietz

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to