Dear Oauth WG, a new version of the "Cross-Device Flows: Security Best Current Practice" draft has been published. It has been updated to include all the feedback we received as part of the IESG review process.
Many thanks to all the reviewers for their detailed feedback. Cheers Pieter ---------- Forwarded message --------- From: <[email protected]> Date: Fri, Jan 23, 2026 at 6:57 PM Subject: New Version Notification for draft-ietf-oauth-cross-device-security-15.txt To: Daniel Fett <[email protected]>, Filip Skokan <[email protected]>, Pieter Kasselman <[email protected]> A new version of Internet-Draft draft-ietf-oauth-cross-device-security-15.txt has been successfully submitted by Pieter Kasselman and posted to the IETF repository. Name: draft-ietf-oauth-cross-device-security Revision: 15 Title: Cross-Device Flows: Security Best Current Practice Date: 2026-01-23 Group: oauth Pages: 67 URL: https://www.ietf.org/archive/id/draft-ietf-oauth-cross-device-security-15.txt Status: https://datatracker.ietf.org/doc/draft-ietf-oauth-cross-device-security/ HTML: https://www.ietf.org/archive/id/draft-ietf-oauth-cross-device-security-15.html HTMLized: https://datatracker.ietf.org/doc/html/draft-ietf-oauth-cross-device-security Diff: https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-cross-device-security-15 Abstract: This document describes threats against cross-device flows along with practical mitigations, protocol selection guidance, and a summary of formal analysis results identified as relevant to the security of cross-device flows. It serves as a security guide to system designers, architects, product managers, security specialists, fraud analysts and engineers implementing cross-device flows. The IETF Secretariat _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
