Re: [OAUTH-WG] Call for adoption: Cross-Device Flows

2022-11-21 Thread Justin Richer 
I support adoption of this draft. It’s important work that affects a number of 
areas in and around OAuth.

 — Justin

On Nov 15, 2022, at 6:43 AM, Rifaat Shekh-Yusef 
mailto:rifaat.s.i...@gmail.com>> wrote:

All,

During the IETF meeting last week, there was a strong support for the adoption 
of the following document as a WG document:
https://datatracker.ietf.org/doc/draft-kasselman-cross-device-security/

This is to start a call for adoption for this document.
Please, provide your feedback on the mailing list on whether you support the 
adoption of this document as a WG or not, by Nov 29th.

Regards,
 Rifaat & Hannes


___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] [Editorial Errata Reported] RFC9126 (7254)

2022-11-21 Thread Chris Smiley 

Greetings Area Directors,

We are unable to verify this erratum that the submitter marked as editorial.  
Please note that we have changed the “Type” of the following errata 
report to “Technical”.  As Stream Approver, please review and set the 
Status and Type accordingly (see the definitions at 
https://www.rfc-editor.org/errata-definitions/).

You may review the report at: 
https://www.rfc-editor.org/errata/eid7254

Please see https://www.rfc-editor.org/how-to-verify/ for further 
information on how to verify errata reports.

Further information on errata can be found at: 
https://www.rfc-editor.org/errata.php.

Thank you.

RFC Editor/cs


> On Nov 18, 2022, at 10:23 AM, RFC Errata System  
> wrote:
> 
> The following errata report has been submitted for RFC9126,
> "OAuth 2.0 Pushed Authorization Requests".
> 
> --
> You may review the report below and at:
> https://www.rfc-editor.org/errata/eid7254
> 
> --
> Type: Editorial
> Reported by: Joseph Heenan 
> 
> Section: 1.1
> 
> Original Text
> -
> POST /as/par HTTP/1.1
> Host: as.example.com
> Content-Type: application/x-www-form-urlencoded
> 
> _type=code
> _id=CLIENT1234=duk681S8n00GsJpe7n9boxdzen
> <...>
> 
> Corrected Text
> --
> POST /as/par HTTP/1.1
> Host: as.example.com
> Content-Type: application/x-www-form-urlencoded
> 
> response_type=code
> _id=CLIENT1234=duk681S8n00GsJpe7n9boxdzen
> <...>
> 
> Notes
> -
> In the 'Introductory Example', the POST body to the par endpoint contains an 
> unnecessary '&' at the start. (It's perhaps technically valid, but could 
> potentially confuse readers.)
> 
> Instructions:
> -
> This erratum is currently posted as "Reported". If necessary, please
> use "Reply All" to discuss whether it should be verified or
> rejected. When a decision is reached, the verifying party  
> can log in to change the status and edit the report, if necessary. 
> 
> --
> RFC9126 (draft-ietf-oauth-par-10)
> --
> Title   : OAuth 2.0 Pushed Authorization Requests
> Publication Date: September 2021
> Author(s)   : T. Lodderstedt, B. Campbell, N. Sakimura, D. Tonge, F. 
> Skokan
> Category: PROPOSED STANDARD
> Source  : Web Authorization Protocol
> Area: Security
> Stream  : IETF
> Verifying Party : IESG
> 

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for adoption: Cross-Device Flows

2022-11-21 Thread Dima Postnikov 
+1 for adoption

On Wed, Nov 16, 2022 at 1:43 AM Rifaat Shekh-Yusef 
wrote:

> All,
>
> During the IETF meeting last week, there was a strong support for
> the adoption of the following document as a WG document:
> https://datatracker.ietf.org/doc/draft-kasselman-cross-device-security/
>
> This is to start a call for adoption for this document.
> Please, provide your feedback on the mailing list on whether you support
> the adoption of this document as a WG or not, by *Nov 29th*.
>
> Regards,
>  Rifaat & Hannes
>
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for adoption: Cross-Device Flows

2022-11-21 Thread Warren Parad 
I support the adoption of this document.

On Tue, Nov 15, 2022 at 3:43 PM Rifaat Shekh-Yusef 
wrote:

> All,
>
> During the IETF meeting last week, there was a strong support for
> the adoption of the following document as a WG document:
> https://datatracker.ietf.org/doc/draft-kasselman-cross-device-security/
>
> This is to start a call for adoption for this document.
> Please, provide your feedback on the mailing list on whether you support
> the adoption of this document as a WG or not, by *Nov 29th*.
>
> Regards,
>  Rifaat & Hannes
>
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for adoption: Cross-Device Flows

2022-11-21 Thread Amir Sharif 
I support the adoption of this document.
Amir

On Mon, Nov 21, 2022 at 10:23 AM Karsten Meyer zu Selhausen <
karsten.meyerzuselhau...@hackmanit.de> wrote:

> I support adoption of this document.
>
> Karsten
> On 17.11.2022 02:50, Kristina Yasuda wrote:
>
> I support adoption of this document too.
>
>
>
> Kristina
>
>
>
> *From:* OAuth   *On
> Behalf Of * Aaron Parecki
> *Sent:* Wednesday, November 16, 2022 5:16 PM
> *To:* OAuth WG  
> *Subject:* Re: [OAUTH-WG] Call for adoption: Cross-Device Flows
>
>
>
> I support adoption of this document.
>
>
>
> Aaron
>
>
>
> On Wed, Nov 16, 2022 at 7:52 AM Mike Jones  40microsoft@dmarc.ietf.org> wrote:
>
> I support adoption of the cross-device flows document.
>
>
>
>-- Mike
>
>
>
> *From:* OAuth  *On Behalf Of *Joseph Heenan
> *Sent:* Wednesday, November 16, 2022 4:34 AM
> *To:* oauth 
> *Subject:* Re: [OAUTH-WG] Call for adoption: Cross-Device Flows
>
>
>
> Hi all
>
>
>
> I support adoption of this document.
>
>
>
> Thanks
>
>
>
> Joseph
>
>
>
>
>
> On 15 Nov 2022, at 14:43, Rifaat Shekh-Yusef 
> wrote:
>
>
>
> All,
>
>
>
> During the IETF meeting last week, there was a strong support for
> the adoption of the following document as a WG document:
>
> https://datatracker.ietf.org/doc/draft-kasselman-cross-device-security/
> 
>
>
>
> This is to start a call for adoption for this document.
>
> Please, provide your feedback on the mailing list on whether you support
> the adoption of this document as a WG or not, by *Nov 29th*.
>
>
>
> Regards,
>
>  Rifaat & Hannes
>
>
>
>
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 
>
>
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
> 
>
>
> ___
> OAuth mailing listOAuth@ietf.orghttps://www.ietf.org/mailman/listinfo/oauth
>
> --
> Karsten Meyer zu Selhausen
> Senior IT Security Consultant
> Phone:+49 (0)234 / 54456499
> Web:  https://hackmanit.de | IT Security Consulting, Penetration Testing, 
> Security Training
>
> API security is crucial for secure modern applications. Learn what the most 
> critical risks are and how to mitigate them in your 
> APIs:https://www.hackmanit.de/en/blog-en/155-how-to-secure-apis
>
> Hackmanit GmbH
> Universitätsstraße 60 (Exzenterhaus)
> 44789 Bochum
>
> Registergericht: Amtsgericht Bochum, HRB 14896
> Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. 
> Christian Mainka, Prof. Dr. Marcus Niemietz
>
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>


-- 
*Amir Sharif*
*Researcher*
*Security and Trust Research Unit*
*Cybersecurity Center*
*Fondazione Bruno Kessler, Trento, Italy*
personal page:https://ict.fbk.eu/people/detail/amir-sharif/
FBK web: www.fbk.eu
Security  web: st.fbk.eu

-- 
--
Le informazioni contenute nella presente comunicazione sono di natura 
privata e come tali sono da considerarsi riservate ed indirizzate 
esclusivamente ai destinatari indicati e per le finalità strettamente 
legate al relativo contenuto. Se avete ricevuto questo messaggio per 
errore, vi preghiamo di eliminarlo e di inviare una comunicazione 
all’indirizzo e-mail del mittente.

--
The information transmitted is 
intended only for the person or entity to which it is addressed and may 
contain confidential and/or privileged material. If you received this in 
error, please contact the sender and delete the material.
___
OAuth mailing list
OAuth@ietf.org

Re: [OAUTH-WG] Call for adoption: Cross-Device Flows

2022-11-21 Thread Karsten Meyer zu Selhausen 

I support adoption of this document.

Karsten

On 17.11.2022 02:50, Kristina Yasuda wrote:


I support adoption of this document too.

Kristina

*From:* OAuth  *On Behalf Of * Aaron Parecki
*Sent:* Wednesday, November 16, 2022 5:16 PM
*To:* OAuth WG 
*Subject:* Re: [OAUTH-WG] Call for adoption: Cross-Device Flows

I support adoption of this document.

Aaron

On Wed, Nov 16, 2022 at 7:52 AM Mike Jones 
 wrote:


I support adoption of the cross-device flows document.

-- Mike

*From:* OAuth  *On Behalf Of *Joseph Heenan
*Sent:* Wednesday, November 16, 2022 4:34 AM
*To:* oauth 
*Subject:* Re: [OAUTH-WG] Call for adoption: Cross-Device Flows

Hi all

I support adoption of this document.

Thanks

Joseph

On 15 Nov 2022, at 14:43, Rifaat Shekh-Yusef
 wrote:

All,

During the IETF meeting last week, there was a strong support
for the adoption of the following document as a WG document:

https://datatracker.ietf.org/doc/draft-kasselman-cross-device-security/



This is to start a call for adoption for this document.

Please, provide your feedback on the mailing list on whether
you support the adoption of this document as a WG or not, by
*Nov 29th*.

Regards,

 Rifaat & Hannes

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth




___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone:  +49 (0)234 / 54456499
Web:https://hackmanit.de  | IT Security Consulting, Penetration Testing, 
Security Training

API security is crucial for secure modern applications. Learn what the most 
critical risks are and how to mitigate them in your APIs:
https://www.hackmanit.de/en/blog-en/155-how-to-secure-apis

Hackmanit GmbH
Universitätsstraße 60 (Exzenterhaus)
44789 Bochum

Registergericht: Amtsgericht Bochum, HRB 14896
Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. 
Christian Mainka, Prof. Dr. Marcus Niemietz
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth