A big thanks to the UMA team for this contribution. I am looking forward to the
presentation and discussion at the next IETF meeting.
Ciao
Hannes
From: OAuth On Behalf Of Eve Maler
Sent: Mittwoch, 13. Februar 2019 23:01
To: oauth@ietf.org
Subject: [OAUTH-WG] New User-Managed Access (UMA) drafts
A short reminder to submit your paper and/or tutorial for the upcoming OAuth
Security workshop.
From: OAuth On Behalf Of Daniel Fett
Sent: Donnerstag, 7. Februar 2019 16:03
To: oauth@ietf.org
Subject: [OAUTH-WG] 4th OAuth Security Workshop - Registration now open!
All,
The registration for th
Hi all,
Since neither Rifaat nor I are available for the "OAuth WG Virtual Office
Hours" we unfortunately have to cancel the call.
Ciao
Hannes & Rifaat
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended reci
may feel
quite unnatural. It must have felt unnatural already to the group when working
on the token exchange spec…
Ciao
Hannes
From: George Fletcher
Sent: Donnerstag, 7. Februar 2019 17:06
To: Hannes Tschofenig ; Ludwig Seitz
; a...@ietf.org; oauth@ietf.org
Subject: Re: [Ace] [OAUTH-WG
token exchange
spec)”?
From: Filip Skokan
Sent: Donnerstag, 7. Februar 2019 16:38
To: Hannes Tschofenig
Cc: a...@ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] Resource, Audience, and req_aud
To add to that,
3. If a device uses HTTP Token Exchange it can use both resource and audience
protocol the information is exchanged.
Which route is better? I don't care.
Ciao
Hannes
-Original Message-
From: Ludwig Seitz
Sent: Donnerstag, 7. Februar 2019 16:29
To: Hannes Tschofenig ; a...@ietf.org; oauth@ietf.org
Subject: Re: [OAUTH-WG] [Ace] Shepherd write-up for
draft
Hi all,
after re-reading token exchange, the resource indicator, and the
ace-oauth-params drafts I am wondering whether it is really necessary to have
different functionality in ACE vs. in OAuth for basic parameters.
Imagine I use an Authorization Server and I support devices that use CoAP and
Hi George,
* I believe that since the latest draft of the resource indicators spec [1]
allows for abstract identifiers, and since a URN is also a URI, you could
easily use a URN syntax to accomplish the use case outlined in your email.
After re-reading the token exchange draft I realized t
Hi Ludwig,
> My interpretation of this is that "resource" refers to a single resource
No. Here is the text from token exchange (see last sentence):
resource
OPTIONAL. Indicates the location of the target service or
resource where the client intends to use the requested security
Hi all,
in https://mailarchive.ietf.org/arch/msg/oauth/KVzyK3ROQuuMWkZIZ5PqIM3ol8Y we
started a call for adoption and we only received positive feedback.
Hence, we have asked the draft authors (after discussion with the AD) to
re-submit it as draft-ietf-oauth-browser-based-apps-00 version.
Than
Rifaat noticed that the distributed Outlook calendar invite was incorrect.
Here is the corrected version.
Ciao
Hannes
-Original Message-
From: Hannes Tschofenig
Sent: Montag, 14. Januar 2019 18:24
To: oauth
Subject: Updated "OAuth WG Virtual Office Hours" Conference Brid
Hi all,
Please update your meeting invite for the "OAuth WG Virtual Office Hours"
conference call.
Ciao
Hannes & Rifaat
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender
Hi all,
If you are planning to give a presentation at IETF#104 please drop us an email.
We started planning for the meeting already.
Ciao
Hannes & Rifaat
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended rec
We implement the resource indicator as part of our Pelion Secure Device Access
(SDA) product.
Here is the link:
https://cloud.mbed.com/docs/v1.2/device-management/secure-device-access.html
From: OAuth On Behalf Of Rifaat Shekh-Yusef
Sent: Freitag, 4. Januar 2019 16:39
To: oauth
Subject: [OAUTH
I am not aware of any IPRs regarding this document.
From: OAuth On Behalf Of Rifaat Shekh-Yusef
Sent: Freitag, 4. Januar 2019 16:43
To: draft-ietf-oauth-resource-indicat...@ietf.org; oauth
Subject: [OAUTH-WG] Resource Indicators - IPR Disclosure
Authors,
As part of the write-up for the Resourc
From: David Waite
Sent: Dienstag, 18. Dezember 2018 12:59
To: Hannes Tschofenig
Cc: oauth
Subject: Re: [OAUTH-WG] expires_in
My understanding was that this parameter was advisory to the client - it
neither mandated the client discard the token after the expires_in time, nor
has a requirement
Hi all,
In a recent email conversation on the IETF ACE mailing list Ludwig Seitz
suggested that the expires_in claim in an access token should actually be
mandatory.
Intuitively it feels like access tokens shouldn't have an unrestricted
lifetime. I am curious whether recommendations would be us
Hi all,
We would like to get a confirmation on the mailing list for the adoption of
https://tools.ietf.org/html/draft-parecki-oauth-browser-based-apps-02 as a
starting point for a BCP document about *OAuth 2.0 for Browser-Based Apps*.
Please, let us know if you support or object to the adoption
draft:
https://tools.ietf.org/html/draft-parecki-oauth-browser-based-apps-02
Ciao
Hannes & Rifaat
PS: We would like to remind you about the upcoming OAuth Security Workshop in
Stuttgart/Germany (March 20-22, 2019) where we will speak about the
above-mentioned topics and much more. H
I am happy to get corrected.
Ciao
Hannes
From: n-sakimura
Sent: Saturday, December 1, 2018 10:44 AM
To: Hannes Tschofenig ; Aaron Parecki
; Torsten Lodderstedt
Cc: Daniel Fett ; IETF oauth WG
Subject: Re: [OAUTH-WG] OAuth Security Topics -- Recommend authorization code
instead of implicit
document we should have been working on for along time already.
Ciao
Hannes
From: Vittorio Bertocci
Sent: Monday, December 3, 2018 5:14 AM
To: Torsten Lodderstedt
Cc: Daniel Fett ; Hannes Tschofenig
; IETF oauth WG
Subject: Re: [OAUTH-WG] OAuth Security Topics -- Recommend authorization code
I share the concern Brian has, which is also the conclusion I came up with in
my other email sent a few minutes ago.
From: OAuth On Behalf Of Brian Campbell
Sent: Friday, November 30, 2018 11:43 PM
To: Torsten Lodderstedt
Cc: oauth
Subject: Re: [OAUTH-WG] draft-parecki-oauth-browser-based-apps
t; このメールには、本来の宛先の方のみに限定された機密情報が含まれている場合がございます。お心あたりのない場合は、誠に申し訳ございませんが、送信者までお知らせ頂き、また受信されたメールは削除してくださいますようお願い申し上げます。
> >
> > PLEASE READ :This e-mail is confidential and intended for the named
> > recipient only.
> > If you are not an intended recipient, please noti
Hi all,
Token exchange registers the 'resource' parameter, at least to a large extend,
and draft-ietf-oauth-resource-indicators indicates this in the IANA
consideration section.
What isn't mentioned in draft-ietf-oauth-resource-indicators is that token
exchange also defines the audience parame
Hi all,
The authors of the OAuth Security Topics draft came to the conclusion that it
is not possible to adequately secure the implicit flow against token injection
since potential solutions like token binding or JARM are in an early stage of
adoption. For this reason, and since CORS allows bro
Here are the meeting minutes from the last IETF OAuth WG meeting from IETF#103:
https://datatracker.ietf.org/meeting/103/materials/minutes-103-oauth-00
Thanks to Chris & Mike for taking notes.
If you have comments, please let me know.
Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and
Hi all,
Today we were not able to talk about draft-parecki-oauth-browser-based-apps-00,
which describes "OAuth 2.0 for Browser-Based Apps".
Aaron put a few slides together, which can be found here:
https://datatracker.ietf.org/meeting/103/materials/slides-103-oauth-sessa-oauth-2-for-browser-bas
Hi all,
I refreshed the PoP key distribution document today, see
https://tools.ietf..org/html/draft-ietf-oauth-pop-key-distribution-04, in an
attempt to get the document inline with the agreements we made at the Montreal
IETF meeting, the Resource Indicators draft, and the work happening in ACE
Adding to the post from Rifaat: I will be at the Identity Identity Workshop and
happy to chat with you.
Ciao
Hannes
From: Rifaat Shekh-Yusef
Sent: Monday, October 22, 2018 7:57 AM
To: Hannes Tschofenig
Cc: oauth
Subject: Re: Meeting Invite for the OAuth WG Virtual Office Hours
Meeting is
Hi all,
Rifaat and I have a conflict today and cannot attend our OAuth Virtual Office
Hour call. Hence, we have to cancel it.
Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please
Hi all,
after several discussions we believe that we now have a proposal for moving
forward on this topic.
We plan to update the expired draft
and
(1) remove the audience parameter and replace it with a separately-specified
resource parameter,
(2) remove the alg parameter,
(3) update the proce
There are companies doing token introspection by the client already, see
https://backstage.forgerock.com/docs/am/6/oauth2-guide/#sec-standards
What security implications do you see?
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Anthony Nadalin
Sent: 20 July 2018 10:07
To: Rifaat Shekh
I also support the adoption. I had been pushing for this work in OAuth for a
long time and now we also need it for the work in ACE as well.
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Rifaat Shekh-Yusef
Sent: 19 July 2018 16:02
To: oauth
Subject: [OAUTH-WG] Call for adoption for "Res
Hi William,
that was the idea.
Ciao
Hannes
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of William Denniss
Sent: 19 July 2018 16:32
To: Mike Jones
Cc: oauth
Subject: Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth
2.0"
Question: if this is adopted along with
https
Jones [mailto:michael.jo...@microsoft.com]
Sent: 19 July 2018 10:33
To: Rifaat Shekh-Yusef; Hannes Tschofenig
Cc: oauth@ietf.org
Subject: Request for adoption of draft-campbell-oauth-resource-indicators as a
working group document
https://tools.ietf.org/html/draft-campbell-oauth-resource-indicato
Hi Ben, Hi Ekr,
We tried to find an agreement of which group defines parameters needed for ACE
to support the PoP token functionality.
Unfortunately, we didn't manage to find an agreement in which group the work
should be done.
The ACE working group wants to start a working group last call on
Hi all,
Here is the shepherd write-up for draft-ietf-oauth-jwt-bcp-03:
https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/shepherdwriteup/
Feedback appreciated.
Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If
Hi Yaron, Dick, Mike,
Please confirm that any and all appropriate IPR disclosures required for full
conformance with the provisions of BCP 78 and BCP 79 have already been filed
for draft-ietf-oauth-jwt-bcp-03.
Ciao
Hannes
IMPORTANT NOTICE: The contents of this email and any attachments are
con
Hi all,
we have been working on an update for the draft-ietf-oauth-pop-key-distribution
document in time for the deadline but we noticed several issues that are
worthwhile to bring to your attention.
draft-ietf-oauth-pop-key-distribution defines a mechanism that allows the
client to talk to th
[mailto:l...@cisco.com]
Sent: 22 June 2018 07:02
To: Hannes Tschofenig; oauth@ietf.org
Cc: Laurence Lundblade; e...@ietf.org
Subject: Re: [OAUTH-WG] Standardizing Attestation Tokens
By the way, a lot *has* changed. If we can use the TEE to get signed
information out... if *it* is the attester, that
That’s a good question, Eliot. Let me put something together for the IETF
meeting
From: Eliot Lear [mailto:l...@cisco.com]
Sent: 21 June 2018 20:17
To: Hannes Tschofenig; oauth@ietf.org
Cc: Laurence Lundblade; e...@ietf.org
Subject: Re: [OAUTH-WG] Standardizing Attestation Tokens
Hi Hannes
Hi all,
I would like to make you aware of work that will be discussed on attestation on
the EAT mailing list. Here is the link to the list:
https://www.ietf.org/mailman/listinfo/eat
Here is a document describing the idea:
https://tools.ietf.org/html/draft-mandyam-eat-00
The work is relevant for
Rifaat was on the call for 30mins but nobody joined. I couldn’t make it due to
a delayed flight.
Write-ups are in progress.
Ciao
Hannes
From: Brian Campbell [mailto:bcampb...@pingidentity.com]
Sent: 18 June 2018 18:47
To: Hannes Tschofenig
Cc:
Subject: Re: [OAUTH-WG] Meeting Invite for the
Hi all,
Today is a public holiday in Canada and also in Austria. Hence, we have to skip
today's call. The next one is in 2 weeks.
For anything urgent, please drop us an email.
Ciao
Hannes & Rifaat
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also b
Hi Brock,
there have been several attempts to start writing some guidance but so far we
haven’t gotten too far.
IMHO it would be great to have a document.
Ciao
Hannes
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Brock Allen
Sent: 17 May 2018 14:57
To: oauth@ietf.org
Subject: [OAUTH-
Hi all,
Rifaat and I will again dial into the Webex next Monday to hear whether someone
of you has anything to discuss/report/suggest/
Ciao
Hannes & Rifaat
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intend
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose the contents to any
other person, use it for any purpose, or store or copy the informatio
Richer [mailto:jric...@mit.edu]
Sent: 07 May 2018 17:31
To: Hannes Tschofenig
Cc:
Subject: Re: [OAUTH-WG] Virtual Office Hours
I had this on my calendar but no call-in information, is this happening today?
— Justin
> On Apr 16, 2018, at 11:29 AM, Hannes Tschofenig
> wrote:
>
> Hi all
Rifaat and I are also OK with not having to organize a conference call on that
topic if you and the group think that no such meeting is necessary.
From: Dick Hardt [mailto:dick.ha...@gmail.com]
Sent: 18 April 2018 16:29
To: Hannes Tschofenig
Cc: n-sakimura; oauth
Subject: Re: [OAUTH-WG] Call for
Hardt [mailto:dick.ha...@gmail.com]
Sent: 18 April 2018 16:15
To: Hannes Tschofenig
Cc: n-sakimura; oauth
Subject: Re: [OAUTH-WG] Call for agenda items
F2F side/author meeting at Montreal
Ad hock author meeting call prior
Unclear to me the value of a WG intern meeting
On Wed, Apr 18, 2018 at 3:59
e draft
agenda, but I'd like to add my support to keeping both sessions, there's always
a lot to discuss and in the past we've been able to use any spare time to
discuss the security topics of the day.
Regards,
William
On Tue, Jan 30, 2018 at 4:40 AM Hannes Tschofenig
Hi all,
this is a last call for comments on
https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-01
Please have your comments in no later than April 30th.
Do remember to send a note in if you have read the document and have no other
comments other than "its ready to go" - we need those as much
Hi all,
Rifaat and I had the idea to offer folks the possibility to discuss current
issues with us on a regular basis. Starting with Monday, May 7th we will dial
into a conference bridge at 8:30 PDT and stay on the bridge for 1 hour.
Everyone who has something to discuss with us can join and we
Hi all,
we had gotten positive feedback from the group on Reciprocal OAuth at the
virtual interim meeting earlier this year and also at the London IETF meeting.
We would therefore like to get a final confirmation on the mailing list for the
adoption of the *Reciprocal OAuth* as a WG document
ht
I could do that, if it helps.
From: Rifaat Shekh-Yusef [mailto:rifaat.i...@gmail.com]
Sent: 06 March 2018 16:23
To: Nat Sakimura
Cc: Hannes Tschofenig; William Denniss; oauth
Subject: Re: [OAUTH-WG] Call for agenda items
Nat,
During the interim meeting, 3 drafts mentioned in the context of
ndazione Bruno Kessler)
- Hannes Tschofenig (IETF OAuth Working Group Co-Chair)
Members
- Michael Jones (Microsoft)
- Ralf Kuesters (University of Stuttgart)
- Torsten Lodderstedt (YES Europe AG)
- Chris Mitchell (Royal Holloway, University of London)
- Anthony Nadalin (Microsoft)
- Nat Sakimura
field and they are repeated in the newly defined parameter.
Ciao
Hannes
-Original Message-
From: Dave Thaler [mailto:dtha...@microsoft.com]
Sent: 07 February 2018 17:27
To: Göran Selander; Hannes Tschofenig; OAuth@ietf.org
Cc: draft-ietf-core-object-secur...@ietf.org
Subject: RE: [OAUTH
[mailto:goran.selan...@ericsson.com]
Sent: 07 February 2018 15:37
To: Hannes Tschofenig; OAuth@ietf.org
Cc: draft-ietf-core-object-secur...@ietf.org
Subject: [OAUTH-WG] OSCORE
Hi Hannes, and all
Thanks for the announcement.
To be a little bit more precise, the statement is that a CoAP-mappable HTTP
Hi guys,
You may be interested to hear that a group of people working on Internet of
Things security believe they have found a solution to deal with the challenges
we had in protecting HTTP requests/responses.
Here is the draft:
https://tools.ietf.org/html/draft-ietf-core-object-security-07
(T
Hi all,
It is time already to think about the agenda for the next IETF meeting. Rifaat
and I were wondering whether we need one or two sessions. We would like to make
the decision based on the topics we will discuss. Below you can find a first
version of the agenda with a few remarks. Let us kn
We have extended the submission deadline to January 26 for our 3rd OAuth
Security workshop, which will take place in March the week before the IETF
meeting. More info about the workshop can be found here:
https://st.fbk.eu/osw2018
Please consider contributing your experience with OAuth-related
Hi Dick,
maybe you can re-submit the document with a new filename that matches
the updated title.
Ciao
Hannes
On 01/16/2018 03:39 PM, Dick Hardt wrote:
> I have made changes based on feedback on the call this morning. Updated
> version at:
___
OAuth
Rifaat, do we have these links already?
https://developers.google.com/identity/protocols/OAuth2ForDevices
Some time ago we were also made aware of the work of the European Broadcasting
Union (EBU), see
https://tech.ebu.ch/groups/CPA
https://www.ietf.org/mail-archive/web/oauth/current/msg15969.htm
We ran a Doodle poll and that's the preferred time folks indicated. We cannot
do more than ask.
Ciao
Hannes
From: Mike Jones [mailto:michael.jo...@microsoft.com]
Sent: 05 January 2018 20:52
To: Hannes Tschofenig; oauth@ietf.org
Subject: RE: Webex details for upcoming OAuth interim mee
Hi all,
In the upcoming conference calls we will continue the conversation from the
Singapore IETF meeting where Dick presented his documents about mutual and
distributed OAuth.
There was a fair amount of interest in addressing the problems raised in the
two documents (namely
https://datatrack
Here is the webex info for the two upcoming OAuth interim meetings.
Ciao
Hannes & Rifaat
IMPORTANT NOTICE: The contents of this email and any attachments are
confidential and may also be privileged. If you are not the intended recipient,
please notify the sender immediately and do not disclose t
Below is a small typo: the virtual interim meeting is on 2018-01-15 from 14:00
to **15:00** Europe/Berlin.
-Original Message-
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of IESG Secretary
Sent: 05 January 2018 16:02
To: IETF-Announce
Cc: oauth@ietf.org
Subject: [OAUTH-WG] Web Au
I am not aware of any IPRs.
From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Rifaat Shekh-Yusef
Sent: 04 January 2018 14:31
To: draft-ietf-oauth-device-flow.auth...@ietf.org; oauth
Subject: [OAUTH-WG] Device Flow - IPR Disclosure
Authors,
As part of the write-up for the Device Flow docum
esponsible for obtaining
appropriate publication clearances.
== Workshop Chair ==
- Silvio Ranise (Security & Trust, Fondazione Bruno Kessler)
== Program Committee ==
Chairs
- Roberto Carbone (Security & Trust, Fondazione Bruno Kessler)
- Hannes Tschofenig (IETF OAuth Working Gr
Hi all,
Here are the meeting minutes from the last IETF meeting in Singapore:
https://datatracker.ietf.org/doc/minutes-100-oauth/
Feedback welcome. Also note that some of you volunteered to review some drafts.
Thanks to Tony & Torsten for taking notes.
Ciao
Hannes & Rifaat
IMPORTANT NOTICE: T
Hi all,
the first set of meeting notes are available for review at
https://datatracker.ietf.org/doc/minutes-99-oauth/00/
I will upload the second part asap.
Ciao
Hannes
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
Hi all,
there will be a side meeting of the distributed internet infrastructure
group at IETF 99.
The agenda for the meeting (see
https://trac.ietf.org/trac/irtf/wiki/blockchain-federation) lists also
dezentralized OAuth).
This meeting will take place on Monday, July 17, from 18:50 to 20:50 in
t
Hi all,
RFC 7800 defines how to communicate Proof of Possession (PoP) keys for
JSON Web Tokens (JWTs) [RFC 7519]. The CBOR Web Token (CWT)
draft-ietf-ace-cbor-web-token spec defines the CBOR/COSE equivalent of
the JSON/JOSE JWT spec.
The ACE working group is planning to also define a CBOR/COSE eq
Hi authors,
based on the feedback at the last IETF meeting and the response from the
mailing list there is good support for adopting this document.
Please submit a -00 version of the WG document as a starting point for
future work in the OAuth WG.
Ciao
Hannes & Rifaat
signature.asc
Descriptio
Sorry; this was the wrong email. I had sent a mail around to confirm the
call for adoption and it turns out that this email got lost somewhere
On 05/09/2017 03:32 PM, Hannes Tschofenig wrote:
> resending
>
>
> Forwarded Message
> Subject: Call for Adopt
resending
Forwarded Message
Subject: Call for Adoption: Mutual TLS Profiles for OAuth Clients
Date: Thu, 20 Apr 2017 18:32:55 +0200
From: Hannes Tschofenig
To: oauth@ietf.org
Hi all,
based on the strong support for this document at the Chicago IETF
meeting we are issuing a
Hi all,
based on the strong support for this document at the Chicago IETF
meeting we are issuing a call for adoption of the "Mutual TLS Profiles
for OAuth Clients" document, see
https://tools.ietf.org/html/draft-campbell-oauth-mtls-01
Please let us know by May 4th whether you accept / object to t
Hi all,
I met Manu after the OAuth meeting on Monday and he pointed me to his
work on HTTP signing, as described in this document:
https://tools.ietf.org/html/draft-cavage-http-signatures-06
I believe there is some synergy of work going on elsewhere in the IETF.
Since we have had challenges with
mentations
listed at http://openid.net/certification/ that implement metadata
compatible with the AS metadata specification.
(See the "Config OP" and "Config RP" columns.)
Microsoft and Google are using this specification in deployment.
Personnel
Who is the Document Shepherd
On 03/21/2017 06:39 PM, Kathleen Moriarty wrote:
> A big thank you to Derek for his work in OAuth and we hope to have his
> continued participation in the working group!
Big thanks to Derek for doing the job for such a long time. It has been
a pleasure to work with you!
Ciao
Hannes
signature
Here is the latest snapshot of the agenda:
https://datatracker.ietf.org/doc/agenda-98-oauth/
Let me know if there are any changes needed.
Ciao
Hannes
signature.asc
Description: OpenPGP digital signature
___
OAuth mailing list
OAuth@ietf.org
https://w
Hi Mike
thanks for the quick response and for the wording suggestions.
Regarding the implementations are OpenID Connect implementations
required to implement this functionality?
On 03/07/2017 07:58 PM, Mike Jones wrote:
> 1) Implementation & deployment status of the spec
>
> Microsoft has at le
Hi all,
here is the write-up:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_Metadata.txt
I need your feedback on the following issues:
1) Implementation & deployment status of the spec
2) Working group summary (see below)
(Particularly asking Phi
Hi John, Mike, Nat,
I am working on the shepherd writeup for the "OAuth 2.0 Authorization
Server Metadata" document:
https://tools.ietf.org/html/draft-ietf-oauth-discovery-05
One item in the template requires me to indicate whether each document
author has confirmed that any and all appropriate I
k on the Windows examples that are pointed to by the
> spec, since it's not a simple case on Windows
>
> -Original Message-
> From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig
> Sent: Monday, March 6, 2017 8:00 AM
> To: oauth@ietf.org
> Su
Hi William, Hi John,
I just re-read version -8 of the document again.
Two minor remarks only.
Editorial issue: Why do you need to introduce a single sub-section
within Section 7.1. (namely Section 7.1.1)?
Background question: You note that embedded user agents have the
disadvantage that the app
Here is the shepherd write-up:
https://github.com/hannestschofenig/tschofenig-ids/blob/master/shepherd-writeups/Writeup_OAuth_NativeApps.txt
Feedback appreciated. I will also do another shepherd review.
Ciao
Hannes
signature.asc
Description: OpenPGP digital signature
__
ote:
> Per working group feedback, the document now reflects the singular mission of
> documenting OAuth Authorization Server Metadata as it is actually used in
> practice. I believe that the document today accomplishes this mission and is
> ready for publication.
>
>
nsistent with your expectation?
>
> kind regards,
> Torsten.
>
>> Am 20.02.2017 um 12:02 schrieb Hannes Tschofenig :
>>
>> Hi all,
>>
>> earlier this month we issued a call for adoption of the OAuth security
>> topics draft, see draft-lodderstedt-oauth-security
Hi all,
earlier this month we issued a call for adoption of the OAuth security
topics draft, see draft-lodderstedt-oauth-security-topics-00, and the
response was quite positive on the list (as well as during the last f2f
meeting).
For this reason, we ask the authors to submit a WG version of the
needed.
>>>
>>> --
>>> -jim
>>> Jim Willeke
>>>
>>> On Thu, Feb 2, 2017 at 4:33 PM, John Bradley
>>> mailto:ve7...@ve7jtb.com>> wrote:
>>>
>>> I am in favour
Hi all,
after the working group last call of the "OAuth 2.0 for Native Apps"
document July last year (see
https://www.ietf.org/mail-archive/web/oauth/current/msg16534.html) I
had, as a shepherd, collected IPR confirmations (see
https://www.ietf.org/mail-archive/web/oauth/current/msg16672.html) and
Hi all,
it was roughly a year ago when we issued a working group last call on
draft-ietf-oauth-discovery, see
https://www.ietf.org/mail-archive/web/oauth/current/msg15796.html. Lots
of feedback resulted in a significant restructuring of the document.
The authors of the draft now believe it is rea
Hi all,
this is the call for adoption of the 'OAuth Security Topics' document
following the positive call for adoption at the last IETF
meeting in Seoul.
Here is the document:
https://tools.ietf.org/html/draft-lodderstedt-oauth-security-topics-00
The intention with this document is to have a pla
Hi Denis
draft-campbell-oauth-resource-indicators gives the authorization server
information about the resource server the access token will be used with.
Without this information there is the risk that the access token is
replayed at other resource servers and with the proof-of-possession /
toke
session?
>
> I plan to publish the draft after the IETF submission tool has re-opened.
>
> best regards,
> Torsten.
>
> Am 06.11.2016 um 12:42 schrieb Hannes Tschofenig:
>> Hi all,
>>
>> here is a first draft of the agenda for the upcoming meeting:
>>
Hi all,
here is a first draft of the agenda for the upcoming meeting:
https://datatracker.ietf.org/doc/agenda-97-oauth/
Feedback welcome
Ciao
Hannes
signature.asc
Description: OpenPGP digital signature
___
OAuth mailing list
OAuth@ietf.org
https://w
Hi all,
the device flow document outlines the case when an OAuth interaction
gets "outsourced" to a separate device in order to allow user
authentication and collecting the consent.
The exchange is described in Section 1 of
https://tools.ietf.org/html/draft-ietf-oauth-device-flow-03.
Here is the
Hi all,
at the last IETF meeting we got lots of good feedback regarding the
device flow document. Here is the link to the device flow draft:
https://tools.ietf.org/html/draft-ietf-oauth-device-flow-03
Four main issues got captured in the minutes, namely
1) Alternative to polling
2) Missing securi
Hi all,
I need the feedback from the group on one of our working group items,
namely https://tools.ietf.org/html/draft-ietf-oauth-discovery-04
Despite the name (discovery) the document really only describes
configuration information about an authorization server in a machine
readable form, which
101 - 200 of 854 matches
Mail list logo