On 13/12/2018 15:42, Stefanie Gerdes wrote:
Hi Ludwig,
On 12/12/2018 10:47 AM, Ludwig Seitz wrote:
The value of checking the iss field is indeed limited, but if present I
feel it MUST be checked.
The text does say that the RS must check the integrity of the token (see
5.8.1.1.)
"Since the
Hi Ludwig,
On 12/12/2018 10:47 AM, Ludwig Seitz wrote:
> The value of checking the iss field is indeed limited, but if present I
> feel it MUST be checked.
>
> The text does say that the RS must check the integrity of the token (see
> 5.8.1.1.)
>
> "Since the cryptographic wrapper of the token
On 12/12/2018 10:27, Stefanie Gerdes wrote:
Hi Jim,
thank you for your quick response.
On 12/11/2018 09:38 PM, Jim Schaad wrote:
C may receive keying material for the communication with RS from AS.
Unfortunately, the AS does not inform C how long the keying material is
valid. C
therefore
On 11/12/2018 21:38, Jim Schaad wrote:
-Original Message-
From: Ace On Behalf Of Stefanie Gerdes
Sent: Tuesday, December 11, 2018 4:11 AM
To: Ludwig Seitz ; ace@ietf.org
Subject: Re: [Ace] Fwd: New Version Notification for
draft-ietf-ace-oauth-authz-
17.txt and draft-ietf-ace-oauth
Hi Jim,
thank you for your quick response.
On 12/11/2018 09:38 PM, Jim Schaad wrote:
>>
>> C may receive keying material for the communication with RS from AS.
>> Unfortunately, the AS does not inform C how long the keying material is
> valid. C
>> therefore may use outdated keying material for
Hi,
I looked through the document again. Many issues have been fixed, but I
still have some comments:
I still think that Section 5.8.1, in particular 5.8.1.1 should point out
that RS must check the integrity of the token und validate that it stems
from an authorized AS. Checking the iss field
rg
> Subject: [Ace] Fwd: New Version Notification for
draft-ietf-ace-oauth-authz-
> 17.txt and draft-ietf-ace-oauth-params-01.txt
>
> Hello ACE,
>
> I have just submitted new versions for draft-ietf-ace-oauth-authz and
draft-ietf-
> ace-oauth-params addressing the WGLC review co
Hello ACE,
I have just submitted new versions for draft-ietf-ace-oauth-authz and
draft-ietf-ace-oauth-params addressing the WGLC review comments and the
discussions from the IETF 103 meeting.
I would encourage the reviewers to check if they feel that I have
sufficiently addressed their