Re: [OAUTH-WG] OAuth 2.0 Pushed Authorization Requests: Implementation Status

[Sascha Preibisch]

Hello Hannes!

I have implemented PAR a while ago in my open source project "Loginbuddy"
as documented here:
- documentation:
https://github.com/SaschaZeGerman/loginbuddy/wiki/Protocols-and-APIs
- endpoint: /pauthorize

I hope it hope,
Sascha

On Wed, 24 Mar 2021 at 12:54, Hannes Tschofenig 
wrote:

> Hi all,
>
>
>
> I am working on the shepherd writeup and I need information about the
> implementation status of this specification.
>
>
>
> Can you share whether you are implementing, or planning to implement this
> specification? If there is open source, please drop a link to the mailing
> list. If you implement it in your product, please let us know as well.
>
>
>
> This information helps the steering committee to judge the quality and
> maturity of the work.
>
>
>
> Ciao
>
> Hannes
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] OAuth 2.0 Pushed Authorization Requests: IPR Confirmation

[Dave Tonge]

Hi Hannes

I'm not aware of any IPR related to this draft

Thanks

Dave

On Wed, 24 Mar 2021 at 21:46, Torsten Lodderstedt  wrote:

> Hi Hannes,
>
> I‘m not aware of any IPR related to this draft.
>
> best regards,
> Torsten.
>
> Filip Skokan  schrieb am Mi. 24. März 2021 um 21:25:
>
>> Hello Hannes. I am not aware of any IPR related to this document.
>>
>> Cheers,
>> Filip
>>
>> Odesláno z iPhonu
>>
>> 24. 3. 2021 v 20:52, Hannes Tschofenig :
>>
>> 
>>
>> Hi Torsten, Brian, Nat, Dave, Filip,
>>
>>
>>
>> I am working on the shepherd writeup for the "OAuth 2.0 Pushed Authorization 
>> Requests"  specification.
>>
>>
>>
>> One item in the shepherd template requires me to indicate whether each 
>> document author has confirmed that any and all appropriate IPR disclosures 
>> required for full conformance with the provisions of BCP 78 and BCP 79 have 
>> already been filed.
>>
>>
>>
>> Could you please confirm?
>>
>>
>>
>> Ciao
>>
>> Hannes
>>
>>
>> IMPORTANT NOTICE: The contents of this email and any attachments are
>> confidential and may also be privileged. If you are not the intended
>> recipient, please notify the sender immediately and do not disclose the
>> contents to any other person, use it for any purpose, or store or copy the
>> information in any medium. Thank you.
>> ___
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>> ___
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>


-- 
Dave Tonge
CTO
[image: Moneyhub Enterprise]

t: +44 (0)117 280 5120

Moneyhub Enterprise is a trading style of Moneyhub Financial Technology
Limited which is authorised and regulated by the Financial Conduct
Authority ("FCA"). Moneyhub Financial Technology is entered on the
Financial Services Register (FRN 809360) at fca.org.uk/register.
Moneyhub Financial
Technology is registered in England & Wales, company registration number
06909772 .
Moneyhub Financial Technology Limited 2018 ©

DISCLAIMER: This email (including any attachments) is subject to copyright,
and the information in it is confidential. Use of this email or of any
information in it other than by the addressee is unauthorised and unlawful.
Whilst reasonable efforts are made to ensure that any attachments are
virus-free, it is the recipient's sole responsibility to scan all
attachments for viruses. All calls and emails to and from this company may
be monitored and recorded for legitimate purposes relating to this
company's business. Any opinions expressed in this email (or in any
attachments) are those of the author and do not necessarily represent the
opinions of Moneyhub Financial Technology Limited or of any other group
company.

-- 


Moneyhub Enterprise is a trading style of Moneyhub Financial Technology 
Limited which is authorised and regulated by the Financial Conduct 
Authority ("FCA"). Moneyhub Financial Technology is entered on the 
Financial Services Register (FRN 809360) at https://register.fca.org.uk/ 
. Moneyhub Financial Technology is registered 
in England & Wales, company registration number 06909772. Moneyhub 
Financial Technology Limited 2020 © Moneyhub Enterprise, Regus Building, 
Temple Quay, 1 Friary, Bristol, BS1 6EA. 

DISCLAIMER: This email 
(including any attachments) is subject to copyright, and the information in 
it is confidential. Use of this email or of any information in it other 
than by the addressee is unauthorised and unlawful. Whilst reasonable 
efforts are made to ensure that any attachments are virus-free, it is the 
recipient's sole responsibility to scan all attachments for viruses. All 
calls and emails to and from this company may be monitored and recorded for 
legitimate purposes relating to this company's business. Any opinions 
expressed in this email (or in any attachments) are those of the author and 
do not necessarily represent the opinions of Moneyhub Financial Technology 
Limited or of any other group company.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] OAuth 2.0 Pushed Authorization Requests: IPR Confirmation

[Torsten Lodderstedt]

Hi Hannes,

I‘m not aware of any IPR related to this draft.

best regards,
Torsten.

Filip Skokan  schrieb am Mi. 24. März 2021 um 21:25:

> Hello Hannes. I am not aware of any IPR related to this document.
>
> Cheers,
> Filip
>
> Odesláno z iPhonu
>
> 24. 3. 2021 v 20:52, Hannes Tschofenig :
>
> 
>
> Hi Torsten, Brian, Nat, Dave, Filip,
>
>
>
> I am working on the shepherd writeup for the "OAuth 2.0 Pushed Authorization 
> Requests"  specification.
>
>
>
> One item in the shepherd template requires me to indicate whether each 
> document author has confirmed that any and all appropriate IPR disclosures 
> required for full conformance with the provisions of BCP 78 and BCP 79 have 
> already been filed.
>
>
>
> Could you please confirm?
>
>
>
> Ciao
>
> Hannes
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] OAuth 2.0 Pushed Authorization Requests: Implementation Status

[Brian Campbell]

I pieced together an informal list of some implementations and usages for
an interim presentation last August. See slide 9 of
https://datatracker.ietf.org/meeting/interim-2020-oauth-11/materials/slides-interim-2020-oauth-11-sessa-par-00.pdf
for that. The mention of PingFederate on there was in beta at the time but
has since been officially released - look for PAR at
https://docs.pingidentity.com/bundle/pingfederate-102/page/qem1584122852896.html


Earlier today Taka mentioned a few other places PAR is being
used/implemented
https://mailarchive.ietf.org/arch/msg/oauth/oUcc0PuENDFSup0n0zK0bDnTHzA/
including the OpenID conformance suite already having test cases for it.







On Wed, Mar 24, 2021 at 1:53 PM Hannes Tschofenig 
wrote:

> Hi all,
>
>
>
> I am working on the shepherd writeup and I need information about the
> implementation status of this specification.
>
>
>
> Can you share whether you are implementing, or planning to implement this
> specification? If there is open source, please drop a link to the mailing
> list. If you implement it in your product, please let us know as well.
>
>
>
> This information helps the steering committee to judge the quality and
> maturity of the work.
>
>
>
> Ciao
>
> Hannes
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] OAuth 2.0 Pushed Authorization Requests: IPR Confirmation

[Filip Skokan]

Hello Hannes. I am not aware of any IPR related to this document.

Cheers,
Filip

Odesláno z iPhonu

> 24. 3. 2021 v 20:52, Hannes Tschofenig :
> 
> 
> Hi Torsten, Brian, Nat, Dave, Filip,
>  
> I am working on the shepherd writeup for the "OAuth 2.0 Pushed Authorization 
> Requests"  specification.
>  
> One item in the shepherd template requires me to indicate whether each 
> document author has confirmed that any and all appropriate IPR disclosures 
> required for full conformance with the provisions of BCP 78 and BCP 79 have 
> already been filed.
>  
> Could you please confirm?
>  
> Ciao
> Hannes
>  
> IMPORTANT NOTICE: The contents of this email and any attachments are 
> confidential and may also be privileged. If you are not the intended 
> recipient, please notify the sender immediately and do not disclose the 
> contents to any other person, use it for any purpose, or store or copy the 
> information in any medium. Thank you. 
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] OAuth 2.0 Pushed Authorization Requests: IPR Confirmation

[Brian Campbell]

Thanks Hannes,
I can so confirm. I am not aware of any IPR related to this document.

On Wed, Mar 24, 2021 at 1:52 PM Hannes Tschofenig 
wrote:

> Hi Torsten, Brian, Nat, Dave, Filip,
>
>
>
> I am working on the shepherd writeup for the "OAuth 2.0 Pushed Authorization 
> Requests"  specification.
>
>
>
> One item in the shepherd template requires me to indicate whether each 
> document author has confirmed that any and all appropriate IPR disclosures 
> required for full conformance with the provisions of BCP 78 and BCP 79 have 
> already been filed.
>
>
>
> Could you please confirm?
>
>
>
> Ciao
>
> Hannes
>
>
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended
> recipient, please notify the sender immediately and do not disclose the
> contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] OAuth 2.0 Pushed Authorization Requests: Shepherd Write-Up

[Hannes Tschofenig]

FYI: If you want to track my shepherd write-up for the "OAuth 2.0 Pushed 
Authorization Requests" specification then you can find it here:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_PAR.txt

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] OAuth 2.0 Pushed Authorization Requests: Implementation Status

[Hannes Tschofenig]

Hi all,

I am working on the shepherd writeup and I need information about the 
implementation status of this specification.

Can you share whether you are implementing, or planning to implement this 
specification? If there is open source, please drop a link to the mailing list. 
If you implement it in your product, please let us know as well.

This information helps the steering committee to judge the quality and maturity 
of the work.

Ciao
Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] OAuth 2.0 Pushed Authorization Requests: IPR Confirmation

[Hannes Tschofenig]

Hi Torsten, Brian, Nat, Dave, Filip,



I am working on the shepherd writeup for the "OAuth 2.0 Pushed Authorization 
Requests"  specification.



One item in the shepherd template requires me to indicate whether each document 
author has confirmed that any and all appropriate IPR disclosures required for 
full conformance with the provisions of BCP 78 and BCP 79 have already been 
filed.



Could you please confirm?



Ciao

Hannes

IMPORTANT NOTICE: The contents of this email and any attachments are 
confidential and may also be privileged. If you are not the intended recipient, 
please notify the sender immediately and do not disclose the contents to any 
other person, use it for any purpose, or store or copy the information in any 
medium. Thank you.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] OAuth WG Virtual Office Hours is cancelled this week

[Takahiko Kawasaki]

What is blocking the progress? I hope the writeup is written soon, too. The
following are some facts around PAR, FYI.


   - The specification of PAR (OAuth 2.0 Pushed Authorization Requests) is
   stable.
   - The OpenID conformance suite has already implemented test cases for
   PAR.
   - There exist some authorization server implementations that support PAR.
   - Australian CDR (Consumer Data Right) has adopted PAR.
   - PAR is listed as a component of FAPI (Financial-grade API) v2.
   - PAR is mentioned in FAPI v1 Final (which was approved in January 2021).


Taka


On Tue, Mar 9, 2021 at 5:45 AM Brian Campbell  wrote:

> I typically take a couple minutes of the Virtual Office Hours call to
> inquire about the status of the shepherd writeup for the Pushed
> Authorization Requests draft. With the cancellation of the meeting, I guess
> I'll do that here by email instead. Any progress on that front?
>
> The chairs had previously indicated off-list that Hannes would be the
> document shepherd, however, I just noticed that the tracker still says "No
> shepherd assigned" [1].
>
> I do, of course, realize that these things can take some time but this
> document has been lingering for what feels like an unusually long time for
> this stage of the process. WGLC for the draft wrapped up in late August of
> last year [2] and a draft update addressing comments received during last
> call was published in mid-September [3].
>
> [1] https://datatracker.ietf.org/doc/draft-ietf-oauth-par/
> [2]
> https://mailarchive.ietf.org/arch/msg/oauth/Ua96pMGP2m_UkO123c2gYzrNvsQ/
> [3]
> https://mailarchive.ietf.org/arch/msg/oauth/qzQcfcpodeWI8fjHy_KjSJ78Lqw/
>
>
>
> On Sun, Mar 7, 2021 at 6:26 AM Rifaat Shekh-Yusef 
> wrote:
>
>> All,
>>
>> Because of the IETF conference, the OAuth WG Virtual Office Hours is
>> Cancelled this week.
>>
>> Regards,
>>  Rifaat & Hannes
>> ___
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth