Barry Leiba has entered the following ballot position for
draft-ietf-oauth-assertions-17: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to h
Pete Resnick has entered the following ballot position for
draft-ietf-oauth-jwt-bearer-10: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to
Pete Resnick has entered the following ballot position for
draft-ietf-oauth-saml2-bearer-21: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer t
Pete Resnick has entered the following ballot position for
draft-ietf-oauth-assertions-17: No Objection
When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)
Please refer to
I agree with Phil on this one (hey, it happens!): this is a classic example of
having one piece of software and many instances of it talking to many different
service providers. Each of those pairings is going to need to agree on a client
ID, and one would hope a client secret or equivalent. It'
On Oct 14, 2014, at 7:53 AM, Mike Jones wrote:
> The proposed resolution below has been applied to the -28 draft.
Thanks!
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
The proposed resolution below has been incorporated in the -28 draft.
Hopefully you can clear your DISCUSS on that basis.
Thanks again,
-- Mike
> -Original Message-
> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of
The proposed resolution below has been applied to the -28 draft.
Thanks again,
-- Mike
> -Original Message-
> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Mike Jones
> Sent: Tuesday, October 07, 2014 6:06 PM
> To:
The proposed resolutions below have been included in the -28 draft. Hopefully
you'll be able to clear your DISCUSSes on that basis.
The String Comparison Rules in Section 7.3 have been expanded to talk about
when the application may need canonicalization rules.
The proposed resolutions have been applied to the -28 draft. Hopefully this
will enable to clear your DISCUSSes. Thanks again for the careful read!
-- Mike
> -Original Message-
> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Mike Jones
> Sent:
These resolutions have been incorporated in the -28 draft. Thanks again for
your review.
-- Mike
From: Kathleen Moriarty [mailto:kathleen.moriarty.i...@gmail.com]
Sent: Thursday, October 02, 2014 8:21 AM
To: Mike Jones
Cc: Alissa Coope
From: Mike Jones
Sent: Tuesday, October 14, 2014 5:39 AM
To: j...@ietf.org
Subject: JOSE -34 and JWT -28 drafts addressing IESG review comments
Updated JOSE and JWT specifications have been published that address the IESG
review comments received. The one set of normative changes was to change
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : JSON Web Token (JWT)
Authors : Michael B. Jones
John Bradley
hi Hannes,
thanks for the link. It is interesting.
Said that I think the attack shown there are a bit “academic” and do not
reflect the real life situation. Moreover it still mention the MAC flow when
AFAIK the OAuth working group decided to deviate from it.
IMHO the majority of real life attack
Sorry for the noise,
On 14/10/14 10:25, Sergey Beryozkin wrote:
Hi Phil, All,
Thanks for your positive feedback and further comments below.
My goal was really about trying to make a clear picture in my mind about
what OIDC is with respect to OAuth2, and specifically supporting the
point about OI
In his mail, Mike asked whether code verifier is
a value that is sendable without trnasformation
as a http parameter value, or if it needs to be
% encoded when it is being sent.
We have several options here:
1) Require that the code verifier to be a base64url encoded string of a binary
rand
Hi Phil, All,
Thanks for your positive feedback and further comments below.
My goal was really about trying to make a clear picture in my mind about
what OIDC is with respect to OAuth2, and specifically supporting the
point about OIDC not being just OAuth2.
As such, the idea of a specific OID
In his mail, Hannes suggested to include more explicit reference to a feature
in the OpenID Connect Discovery spec in section 3.1.
My response to it was that we could define a parameter here
and ask the implementers to implement it. Questions remains whether
we want to define it here or leave i
Hi Eduardo,
I have accepted all the "Suggestions" in the forthcoming
version. You can see my private editing copy at
https://bitbucket.org/Nat/oauth-spop/commits/f0f8599
to see how it has been incorporated.
Best,
Nat
On Wed, 03 Sep 2014 01:57:31 -0600
Eduardo Gueiros wrote:
> -BEGI
19 matches
Mail list logo