Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-v2-1-03.txt

2021-09-08 Thread Aaron Parecki 
Hi all,

The editors have published a new draft of OAuth 2.1.

https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-03.html

Huge thanks to Vittorio Bertocci and Justin Richer for their previous
reviews of the draft, a large portion of the changes in this version are
based on their feedback.

Here is a high level summary of the changes from the previous draft:

* The major change is a refactoring to collect all the grant types under
the same top-level header in section 4:
https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-03.html#name-grant-types
* Better split normative and security consideration text into the
appropriate places, both moving text that was really security
considerations out of the main part of the document, as well as pulling
normative requirements from the security considerations sections into the
appropriate part of the main document
* Incorporated many of the published errata on RFC6749
* Updated references to various RFCs
* Quite a lot of editorial clarifications throughout the document

We will continue to make progress on incorporating the suggestions from
previous reviews, but in the mean time, this was a significant structural
change that warranted publishing a new draft ahead of the upcoming interim
meetings. As always, feedback is greatly appreciated!

Thanks!

---
Aaron Parecki
https://aaronparecki.com
https://oauth2simplified.com



On Wed, Sep 8, 2021 at 2:06 PM  wrote:

>
> A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> This draft is a work item of the Web Authorization Protocol WG of the IETF.
>
> Title   : The OAuth 2.1 Authorization Framework
> Authors : Dick Hardt
>   Aaron Parecki
>   Torsten Lodderstedt
> Filename: draft-ietf-oauth-v2-1-03.txt
> Pages   : 86
> Date: 2021-09-08
>
> Abstract:
>The OAuth 2.1 authorization framework enables a third-party
>application to obtain limited access to an HTTP service, either on
>behalf of a resource owner by orchestrating an approval interaction
>between the resource owner and an authorization service, or by
>allowing the third-party application to obtain access on its own
>behalf.  This specification replaces and obsoletes the OAuth 2.0
>Authorization Framework described in RFC 6749.
>
>
> The IETF datatracker status page for this draft is:
> https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/
>
> There is also an HTML version available at:
> https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-03.html
>
> A diff from the previous version is available at:
> https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-1-03
>
>
> Internet-Drafts are also available by anonymous FTP at:
> ftp://ftp.ietf.org/internet-drafts/
>
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] oauth - Not having a session at IETF 112

2021-09-08 Thread IETF Meeting Session Request Tool 



Rifaat Shekh-Yusef, a chair of the oauth working group, indicated that the 
oauth working group does not plan to hold a session at IETF 112.

This message was generated and sent by the IETF Meeting Session Request Tool.



___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] I-D Action: draft-ietf-oauth-v2-1-03.txt

2021-09-08 Thread internet-drafts 


A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.

Title   : The OAuth 2.1 Authorization Framework
Authors : Dick Hardt
  Aaron Parecki
  Torsten Lodderstedt
Filename: draft-ietf-oauth-v2-1-03.txt
Pages   : 86
Date: 2021-09-08

Abstract:
   The OAuth 2.1 authorization framework enables a third-party
   application to obtain limited access to an HTTP service, either on
   behalf of a resource owner by orchestrating an approval interaction
   between the resource owner and an authorization service, or by
   allowing the third-party application to obtain access on its own
   behalf.  This specification replaces and obsoletes the OAuth 2.0
   Authorization Framework described in RFC 6749.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-v2-1/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-v2-1-03.html

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-v2-1-03


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] IPR Disclosures - OAuth 2.0 Authorization Server Issuer Identification

2021-09-08 Thread Rifaat Shekh-Yusef 
Karsten, Daniel,

Any update on this?

Regards,
 Rifaat


On Sat, Sep 4, 2021 at 10:30 AM Rifaat Shekh-Yusef 
wrote:

> Authors,
>
> As part of the shepherd write-up, all authors of the document must confirm
> that any and all appropriate IPR disclosures required for full conformance
> with the provisions of BCP 78 and BCP 79 have already been filed.
>
> Please, reply to this email on the mailing list and indicate if you are
> aware of any IPRs associated with this document.
>
> Regards,
>  Rifaat
>
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth