Any progress on naming on this thing? Didn't see any reply to my previous
comment, but that might have been because I replied to the -02 publication
notice and it might have gotten filtered.
Similarly, the question of extending the error registry to allow the server
tofeed back a failure if
I agree that changing the name could avoid a lot of unnecessary confusion
(and said as much in Sept
https://www.ietf.org/mail-archive/web/oauth/current/msg13361.html).
On Wed, Nov 12, 2014 at 9:46 AM, Bill Mills wmills_92...@yahoo.com wrote:
Any progress on naming on this thing? Didn't see
The OAuth meeting is today.
We ran into the publication deadline for the IETF meeting during IIW so haven't
published a update yet.
We do have text on defining error codes that we will discuss today.
I expect the name discussion will also happen today.Changing the draft name
is annoying
If you guys aren’t participating remotely today, I’ll try to bring this up in a
couple hours.
— Justin
On Nov 12, 2014, at 6:56 AM, Brian Campbell bcampb...@pingidentity.com wrote:
I agree that changing the name could avoid a lot of unnecessary confusion
(and said as much in Sept
Forwarding this to the WG.
There is a word missing in the sentence noted below as well as in the
similar sentence in the SAML draft. However, I believe it should be to the
client rather than about the client.
What is the most appropriate way to handle a minor fix like this at this
stage? A note
I don't actually care if we change the document tracking name from
...-oauth-spop as long as we change the name of the thing in the text.
Agreed doc name changing is annoying, it's survivable though. Having done it
once I'd do it differently if I had to do it again, submitting the last
Yes we would do that, but it is a WG document now so the authors shouldn't just
do it on our own.
On Nov 12, 2014, at 7:11 AM, Bill Mills wmills_92...@yahoo.com wrote:
I don't actually care if we change the document tracking name from
...-oauth-spop as long as we change the name of the thing
Title change can wait till towards the end, I guess.
Title change does not necessarily mean the filename change either, I
suppose.
The presso that I plan to use today is available here:
http://www.slideshare.net/nat_sakimura/1112-spoppresso
On Thu Nov 13 2014 at 2:18:48 John Bradley
Hi Brian,
If you could make a quick update, that would be easier to prevent it
from getting lost. The shepherd and I will recheck the draft and then
I'll move it forward.
Thanks for all of your work on this!
Kathleen
On Wed, Nov 12, 2014 at 12:05 PM, Brian Campbell
bcampb...@pingidentity.com
As discussed at F2F today at IETF 91 OAuth WG, there has been some request
to have a more fine grained machine readable error messages.
Currently, it only returns the error defined in RFC6749 and any more
details is supposed to be returned in error_descripton and error_uri.
So, I came up with
Is S256_unsupported or algorithm_unsupported the better error description? I’m
asking because I also expect that at some point in the approval process for
this document you’ll be asked to support algorithm agility (for instance, being
able to use SHA-3-256).
I've thought about that, and I thought we could just add the error message
when we add new alg.
e.g., when we add SHA-3-256, we can add SHA-3-256_unsupported.
On Thu Nov 13 2014 at 5:56:38 Mike Jones michael.jo...@microsoft.com
wrote:
Is S256_unsupported or algorithm_unsupported the better
A new version (-12) has been submitted for draft-ietf-oauth-jwt-bearer:
http://www.ietf.org/internet-drafts/draft-ietf-oauth-jwt-bearer-12.txt
The IETF datatracker page for this Internet-Draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/
Diff from previous version:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : JSON Web Token (JWT) Profile for OAuth 2.0 Client
Authentication and Authorization Grants
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : SAML 2.0 Profile for OAuth 2.0 Client Authentication
and Authorization Grants
Authors
Sure thing, new drafts have just been posted.
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and
Authorization Grants
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bearer/
http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-12
SAML 2.0 Profile for OAuth 2.0 Client
Let's not enumerate all possible failure paths as error messages. Simply
putting unsupported_hash is best. The client then needs a way to discover
allowed hashes. You could register something like supported_hashes to allow
that to be returned.
We really need to figure out if discovery will
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : Symmetric Proof of Possession for the OAuth
Authorization Code Grant
Authors : Nat
This is the update with the flow diagram that we talked about in the meeting
this morning.
It was caught in the submission tool, and I just released it.
John B.
On Nov 12, 2014, at 3:32 PM, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : Symmetric Proof of Possession for the OAuth
Authorization Code Grant
Authors : Nat
This is the update with the error message.
After discussing with John this afternoon considering input during the F2F this
morning as well as in the list, this level of granurality seems to be a
sensible starting point.
Nat
On Wed, 12 Nov 2014 19:48:51 -0800
internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : Request by JWS ver.1.0 for OAuth 2.0
Authors : Nat Sakimura
This is just a copy edit.
It is a very short spec, which gives you integrity for the request.
It has been used in OpenID Connect.
The real text is only 4 pages long. Please read and comment.
Nat
On Wed, 12 Nov 2014 20:07:29 -0800
internet-dra...@ietf.org wrote:
A New Internet-Draft is
23 matches
Mail list logo
