[OAUTH-WG] (no subject)

2023-09-06 Thread Hector Zepeda 
Downloaded and install
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] (no subject)

2023-08-29 Thread Hector Zepeda 
Need this downloaded and install please
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] (no subject)

2023-08-29 Thread Hector Zepeda 
Need this downloaded and install
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] (no subject)

2023-08-29 Thread Hector Zepeda 
Need this downloaded
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] (no subject)

2023-08-29 Thread Hector Zepeda 
Need this downloaded
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] OAuth Digest, Vol 178, Issue 76

2023-08-29 Thread Hector Zepeda 
Need this down load

On Mon, Aug 28, 2023, 1:35 PM  wrote:

> Send OAuth mailing list submissions to
> oauth@ietf.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.ietf.org/mailman/listinfo/oauth
> or, via email, send a message with subject or body 'help' to
> oauth-requ...@ietf.org
>
> You can reach the person managing the list at
> oauth-ow...@ietf.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OAuth digest..."
>
>
> Today's Topics:
>
>1. Fwd: New Version Notification for
>   draft-gilman-wimse-use-cases-00.txt (Justin Richer)
>2. Re: Fwd: New Version Notification for
>   draft-gilman-wimse-use-cases-00.txt (Dick Hardt)
>
>
> --
>
> Message: 1
> Date: Mon, 28 Aug 2023 18:11:42 +
> From: "Justin Richer" 
> To: oauth 
> Subject: [OAUTH-WG] Fwd: New Version Notification for
> draft-gilman-wimse-use-cases-00.txt
> Message-ID: 
> Content-Type: text/plain; charset="utf-8"
>
> Hi all,
>
> Back at IETF116 in Yokohama, Evan Gilman presented information about
> SPIFFE, a workload security platform. At IETF 117 in SF, we presented a set
> of questions and possible new work, to lots of positive feedback. Now we?ve
> set up the Workload Identity in Multi System Environments (WIMSE) mailing
> list for discussing things, wi...@ietf.org ? and
> we?ve just published the following -00 use cases document. If this topic
> area interests you, please take a look through the use cases (it?s pretty
> short right now) and join the conversation on the WIMSE mailing list.
>
> Thanks,
>  ? Justin
>
> Begin forwarded message:
>
> From: internet-dra...@ietf.org
> Subject: New Version Notification for draft-gilman-wimse-use-cases-00.txt
> Date: August 28, 2023 at 1:53:01 PM EDT
> To: "Evan Gilman" , "Joseph Salowey" ,
> "Justin Richer" , "Pieter Kasselman" <
> pieter.kassel...@microsoft.com>
>
> A new version of Internet-Draft draft-gilman-wimse-use-cases-00.txt has
> been
> successfully submitted by Justin Richer and posted to the
> IETF repository.
>
> Name: draft-gilman-wimse-use-cases
> Revision: 00
> Title:Workload Identity Use Cases
> Date: 2023-08-28
> Group:Individual Submission
> Pages:7
> URL:
> https://www.ietf.org/archive/id/draft-gilman-wimse-use-cases-00.txt
> Status:   https://datatracker.ietf.org/doc/draft-gilman-wimse-use-cases/
> HTML:
> https://www.ietf.org/archive/id/draft-gilman-wimse-use-cases-00.html
> HTMLized:
> https://datatracker.ietf.org/doc/html/draft-gilman-wimse-use-cases
>
>
> Abstract:
>
>   Workload identity systems like SPIFFE provide a unique set of
>   security challenges, constraints, and possibilities that affect the
>   larger systems they are a part of.  This document seeks to collect
>   use cases within that space, with a specific look at both the OAuth
>   and SPIFFE technologies.
>
> Discussion Venues
>
>   This note is to be removed before publishing as an RFC.
>
>   Source for this draft and an issue tracker can be found at
>   https://github.com/bspk/draft-gilman-wimse-use-cases.
>
>
>
> The IETF Secretariat
>
>
>
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> https://mailarchive.ietf.org/arch/browse/oauth/attachments/20230828/4cc29390/attachment.htm
> >
>
> --
>
> Message: 2
> Date: Mon, 28 Aug 2023 11:34:19 -0700
> From: Dick Hardt 
> To: Justin Richer 
> Cc: oauth 
> Subject: Re: [OAUTH-WG] Fwd: New Version Notification for
> draft-gilman-wimse-use-cases-00.txt
> Message-ID:
> <
> cad9ie-vmu+l+c31mgb4iltqbmz919pu9d-kbbg8o+jm0o2r...@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Link for WIMSE list https://www.ietf.org/mailman/listinfo/wimse
>
> On Mon, Aug 28, 2023 at 11:12?AM Justin Richer  wrote:
>
> > Hi all,
> >
> > Back at IETF116 in Yokohama, Evan Gilman presented information about
> > SPIFFE, a workload security platform. At IETF 117 in SF, we presented a
> set
> > of questions and possible new work, to lots of positive feedback. Now
> we?ve
> > set up the Workload Identity in Multi System Environments (WIMSE) mailing
> > list for discussing things, wi...@ietf.org ? and we?ve just published
> the
> > following -00 use cases document. If this topic area interests you,
> please
> > take a look through the use cases (it?s pretty short right now) and join
> > the conversation on the WIMSE mailing list.
> >
> > Thanks,
> >  ? Justin
> >
> > Begin forwarded message:
> >
> > *From: *internet-dra...@ietf.org
> > *Subject: **New Version Notification for
> > draft-gilman-wimse-use-cases-00.txt*
> > *Date: *August 28, 2023 at 1:53:01 PM EDT
> > *To: *"Evan Gilman" , "Joseph Salowey"  >,
> > "Justin Richer" , "Pieter Kasselman" <
> > pieter.kassel...@microsoft.com>
> >
> > A new version of Internet-Draft

[OAUTH-WG] Download and install please

2023-08-25 Thread Hector Zepeda 
-- 
null
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] OAuth Digest, Vol 178, Issue 51

2023-08-25 Thread Hector Zepeda 
Download and install please

On Thu, Aug 24, 2023 at 6:50 PM  wrote:

> Send OAuth mailing list submissions to
> oauth@ietf.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.ietf.org/mailman/listinfo/oauth
> or, via email, send a message with subject or body 'help' to
> oauth-requ...@ietf.org
>
> You can reach the person managing the list at
> oauth-ow...@ietf.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of OAuth digest..."
>
>
> Today's Topics:
>
>1. Re: SD-JWT does not meet standard security definitions
>   (Watson Ladd)
>2. Re: SD-JWT does not meet standard security definitions
>   (Kristina Yasuda)
>3. Re: SD-JWT does not meet standard security definitions
>   (Watson Ladd)
>
>
> --
>
> Message: 1
> Date: Thu, 24 Aug 2023 13:07:39 -0700
> From: Watson Ladd 
> To: Daniel Fett 
> Cc: Hannes Tschofenig , oauth@ietf.org,
> draft-ietf-oauth-selective-disclosure-jwt@ietf.org
> Subject: Re: [OAUTH-WG] SD-JWT does not meet standard security
> definitions
> Message-ID:
>  y...@mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> On Thu, Aug 24, 2023 at 3:44?AM Daniel Fett  wrote:
> >
> > Thanks, Hannes.
> >
> > The fact that technologies like AnonCreds are based on such old
> principles, yet they are not uniformly standardized, often times limited to
> a few implementations that may or may not be secure, are full of security
> footguns, lack hardware support, and are just extremely hard or impossible
> to deploy speaks for itself.
> >
> > That's why things like SD-JWT exist and gain traction.
> >
> > Yes, you have to jump through hoops to get unlinkability, but it is not
> impossible, and it seems to be a good tradeoff for many.
>
> Is there a document describing this that we can compare to the BBS
> version? Because it's a lot harder than you think: you need a blind
> signature and cut and choose for the credential openings (or
> rerandomization via structure preserving signatures, hello pairings),
> you need to deal with exhaustion of the supply of tokens, your
> issuance process has to be repeatable at low cost, so that's also
> getting messy, and then the hardware binding has its own special
> problems. None of that is in this draft, and I think it would be a lot
> better if we spelled it out here or someplace else to get a better
> sense of the tradeoffs.
>
> I would also like to point out that if end users don't like the
> privacy aspects, they simply won't use this technology. That's a very
> serious deployment issue.
>
> Sincerely,
> Watson Ladd
>
> --
> Astra mortemque praestare gradatim
>
>
>
> --
>
> Message: 2
> Date: Thu, 24 Aug 2023 20:32:02 +
> From: Kristina Yasuda 
> To: Watson Ladd , Daniel Fett
> 
> Cc: Hannes Tschofenig , "oauth@ietf.org"
> ,
> "draft-ietf-oauth-selective-disclosure-jwt@ietf.org"
> 
> Subject: Re: [OAUTH-WG] SD-JWT does not meet standard security
> definitions
> Message-ID:
> <
> sa1pr00mb13101b25440011fd872fd7eee5...@sa1pr00mb1310.namprd00.prod.outlook.com
> >
>
> Content-Type: text/plain; charset="utf-8"
>
> First of all, BBS and SD-JWT are not comparable apple to apple. BBS is a
> signature scheme and it needs to be combined with few other things like JWP
> or BBS data integrity proof type (https://www.w3.org/TR/vc-di-bbs/) with
> JSON-LD payload. While SD-JWT is a mechanism that can be used with any
> crypto suite.
>
> Second, how to do batch issuance of the credential (honestly, of any
> credential format: not just SD-JWT VCs but also mdocs and JWT-VCs) and
> whether it can be done low cost is out of scope of the credential format
> (or any of its components) specification itself. Btw when using OpenID4VCI
> (an extension of oauth), batch issuing SD-JWTs does not need a blind
> signature and I do not know what you mean by exhaustion of the supply of
> tokens, there are only access token and refresh token involved in a usual
> manner.
>
> Best,
> Kristina
>
> Get Outlook for iOS
> 
> From: Watson Ladd 
> Sent: Thursday, August 24, 2023 9:08 PM
> To: Daniel Fett 
> Cc: Hannes Tschofenig ; oauth@ietf.org <
> oauth@ietf.org>; draft-ietf-oauth-selective-disclosure-jwt@ietf.org <
> draft-ietf-oauth-selective-disclosure-jwt@ietf.org>
> Subject: Re: SD-JWT does not meet standard security definitions
>
> [You don't often get email from watsonbl...@gmail.com. Learn why this is
> important at https://aka.ms/LearnAboutSenderIdentification ]
>
> On Thu, Aug 24, 2023 at 3:44?AM Daniel Fett  wrote:
> >
> > Thanks, Hannes.
> >
> > The fact that technologies like AnonCreds are based on such old
> principles, yet they are not uniformly standardized, often times limited to
> a few implementations that