Re: [OAUTH-WG] Token Binding Presentations?

2017-03-17 Thread Jim Manico 
Brian (and John),

Thank you both for the references. Perfect.

Aloha, Jim


On 3/17/17 12:10 PM, Brian Campbell wrote:
> Dirk gave this preso nearly 2 years ago
> https://www.slideshare.net/CloudIDSummit/cis-2015-intro-to-token-binding-over-http-cis-2015
> 
> which is out of date but has the main concepts, I think. There's also
> this http://www.browserauth.net/token-binding
>  page by him.
>
> I'm planing on a doing a presentation on Token Binding at CIS
>  this summer. But that's not
> until June and none of the content exists yet.
>
> Otherwise the draft specs are probably the best bet at this point. And
> they are all still in draft, though some are more stable than others,
> they may still change.
>
> Token Binding:
> https://tools.ietf.org/html/draft-ietf-tokbind-https-08
> https://tools.ietf.org/html/draft-ietf-tokbind-protocol-13
> https://tools.ietf.org/html/draft-ietf-tokbind-negotiation-07
>
> Application in OAuth:
> https://tools.ietf.org/html/draft-ietf-oauth-token-binding-02
>
> Application in OpenID Connect:
> http://openid.net/specs/openid-connect-token-bound-authentication-1_0.html
>
>
>
>
> On Fri, Mar 17, 2017 at 9:09 AM, Jim Manico  > wrote:
>
> Hello OAuthers,
>
> I'm trying to get my head around token binding beyond the RFC. Are
> there any presentations or other media on token binding that any
> of you are aware of? My google-fu is coming up empty.
>
> Thanks and Aloha,
> - Jim
> ___
> OAuth mailing list
> OAuth@ietf.org 
> https://www.ietf.org/mailman/listinfo/oauth
> 
>
>

-- 
Jim Manico
Manicode Security
https://www.manicode.com

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Token Binding Presentations?

2017-03-17 Thread Brian Campbell 
Dirk gave this preso nearly 2 years ago https://www.slideshare.net/
CloudIDSummit/cis-2015-intro-to-token-binding-over-http-cis-2015 which is
out of date but has the main concepts, I think. There's also this
http://www.browserauth.net/token-binding page by him.

I'm planing on a doing a presentation on Token Binding at CIS
 this summer. But that's not until
June and none of the content exists yet.

Otherwise the draft specs are probably the best bet at this point. And they
are all still in draft, though some are more stable than others, they may
still change.

Token Binding:
https://tools.ietf.org/html/draft-ietf-tokbind-https-08
https://tools.ietf.org/html/draft-ietf-tokbind-protocol-13
https://tools.ietf.org/html/draft-ietf-tokbind-negotiation-07

Application in OAuth:
https://tools.ietf.org/html/draft-ietf-oauth-token-binding-02

Application in OpenID Connect:
http://openid.net/specs/openid-connect-token-bound-authentication-1_0.html




On Fri, Mar 17, 2017 at 9:09 AM, Jim Manico  wrote:

> Hello OAuthers,
>
> I'm trying to get my head around token binding beyond the RFC. Are there
> any presentations or other media on token binding that any of you are aware
> of? My google-fu is coming up empty.
>
> Thanks and Aloha,
> - Jim
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Token Binding Presentations?

2017-03-17 Thread John Bradley 
Yes I was referring to support for token binding at the TLS level in Edge & IE 
and perhaps other HTTP API support. for token binding negotiation on TLS 
connections.  

Not support for things built on top of token binding.   

IIS being updated to token bind cookies is another matter that I haven't seen 
any timing on.

Chrome on most if not all platforms and Edge on RS2 i believe should all 
support servers token binding cookies in the 3 to 6 month timeframe to be 
conservative.

I know Google has already turned on token binding negotiation for some web 
parts of Google.

John B.




> On Mar 17, 2017, at 2:59 PM, Anthony Nadalin  wrote:
> 
> I’m unaware of any support for “OAuth” Token Binding from Microsoft, so I 
> assume you are talking just about Token Binding cookies
>   <>
> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley
> Sent: Friday, March 17, 2017 10:43 AM
> To: Jim Manico 
> Cc: IETF OAUTH 
> Subject: Re: [OAUTH-WG] Token Binding Presentations?
>  
> This has some of the basic info, but needs some updating.   
> http://www.browserauth.net/ <http://www.browserauth.net/>
>  
> Other than that there are the specs in the Token binding WG and the one we 
> just updated for OAuth.
>  
> With Microsoft supporting it in RS2 coming out in a month or so I would hope 
> to see some developer documentation from them soon.
>  
> John B.
>  
> On Mar 17, 2017, at 12:09 PM, Jim Manico  <mailto:j...@manicode.com>> wrote:
>  
> Hello OAuthers,
> 
> I'm trying to get my head around token binding beyond the RFC. Are there any 
> presentations or other media on token binding that any of you are aware of? 
> My google-fu is coming up empty.
> 
> Thanks and Aloha,
> - Jim
> ___
> OAuth mailing list
> OAuth@ietf.org <mailto:OAuth@ietf.org>
> https://www.ietf.org/mailman/listinfo/oauth 
> <https://www.ietf.org/mailman/listinfo/oauth>


smime.p7s
Description: S/MIME Cryptographic Signature
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Token Binding Presentations?

2017-03-17 Thread Anthony Nadalin 
I'm unaware of any support for "OAuth" Token Binding from Microsoft, so I 
assume you are talking just about Token Binding cookies

From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of John Bradley
Sent: Friday, March 17, 2017 10:43 AM
To: Jim Manico 
Cc: IETF OAUTH 
Subject: Re: [OAUTH-WG] Token Binding Presentations?

This has some of the basic info, but needs some updating.   
http://www.browserauth.net/

Other than that there are the specs in the Token binding WG and the one we just 
updated for OAuth.

With Microsoft supporting it in RS2 coming out in a month or so I would hope to 
see some developer documentation from them soon.

John B.

On Mar 17, 2017, at 12:09 PM, Jim Manico 
mailto:j...@manicode.com>> wrote:

Hello OAuthers,

I'm trying to get my head around token binding beyond the RFC. Are there any 
presentations or other media on token binding that any of you are aware of? My 
google-fu is coming up empty.

Thanks and Aloha,
- Jim
___
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Token Binding Presentations?

2017-03-17 Thread John Bradley 
This has some of the basic info, but needs some updating.   
http://www.browserauth.net/ 

Other than that there are the specs in the Token binding WG and the one we just 
updated for OAuth.

With Microsoft supporting it in RS2 coming out in a month or so I would hope to 
see some developer documentation from them soon.

John B.

> On Mar 17, 2017, at 12:09 PM, Jim Manico  wrote:
> 
> Hello OAuthers,
> 
> I'm trying to get my head around token binding beyond the RFC. Are there any 
> presentations or other media on token binding that any of you are aware of? 
> My google-fu is coming up empty.
> 
> Thanks and Aloha,
> - Jim
> ___
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth



smime.p7s
Description: S/MIME Cryptographic Signature
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] Token Binding Presentations?

2017-03-17 Thread Jim Manico 
Hello OAuthers,

I'm trying to get my head around token binding beyond the RFC. Are there any 
presentations or other media on token binding that any of you are aware of? My 
google-fu is coming up empty.

Thanks and Aloha,
- Jim
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth