entional?
S pozdravem,
*Filip Skokan*
On Wed, 10 Jan 2024 at 09:37, Karsten Meyer zu Selhausen |
Hackmanit wrote:
Hello Filip,
our draft covers and is compatible to what's called "simple
mode" (both with and without prompt) in
draft-sakimura-o
ture is not the same as in
draft-sakimura-oauth-wmrm. Is that an omission or intentional?
S pozdravem,
*Filip Skokan*
On Wed, 10 Jan 2024 at 09:37, Karsten Meyer zu Selhausen | Hackmanit
wrote:
Hello Filip,
our draft covers and is compatible to what's called "simple mode&qu
think it would be very helpful for implementers and developers
to specify a secure standard for a postMessage API-based response
mode.
Best regards,
Karsten*
*
On 23.11.2023 10:11, Karsten Meyer zu Selhausen | Hackmanit wrote:
Hi everyone,
at the last OSW the
e standard for a postMessage API-based response mode.
Best regards,
Karsten*
*
On 23.11.2023 10:11, Karsten Meyer zu Selhausen | Hackmanit wrote:
Hi everyone,
at the last OSW the topic of a response mode based on the postMessage
API came up. This approach is already used by multiple parties (e.g
However, there have not been any changes to its contents. What are the
plans of the authors for this draft?
Best regards
Karsten
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Secu
please contact the sender and delete the
material from your computer.
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:
Evert
[1]: https://github.com/badgateway/oauth2-client
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:
arsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
Save the date: 11.-12.5.2023. Join us in celebrating the 5th anniversary of
RuhrSec - the IT security conf
7.1-3.2.1>
The referenced draft has, however, expired:
https://www.ietf.org/archive/id/draft-bradley-oauth-jwt-encoded-state-09.txt
Ciao
Hannes
--
Yannick Majoros
Valuya sprl
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
W
hat stored information more
than the redirect_uri, both needing validation anyway?
Could be me, but I'm not seeing a solution for my problem yet.
Le mar. 7 mars 2023 à 09:55, Karsten Meyer zu Selhausen
a écrit :
- In a context where all redirect URIs are under our control, how
is pas
.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
Save the date: 11.-12.5.2023. Join us in celebrating the
t
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
API security is crucial for secure modern applications. Learn w
mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Regards and Best Wishes
Jaimandeep Singh
LinkedIn <http://www.linkedin.com/in/jaimandeep-singh-07834b1b7>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.
internet-dra...@ietf.org:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Authorization Server Issuer Identification
Authors : Karsten Meyer
a consideration in the way that the rest of the section is.
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
Is your OAuth or OpenID Connect application
; so section 6 should be deleted (if there were acksm they
should go into an unnumbered section at the end of the document)
We added missing Acks and moved them to the appendix.
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | I
%7C1000=CDskCHwXxJxGdmudTW33gUT5f3%2B835uZDxyNEmKkiFc%3D=0>
Kind regards,
Neil
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______
OAuth mailing list
OAuth@ietf.org
https://www.ietf.or
org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
Is your OAuth or OpenID Connect application vulnerable to mix-up attacks? Find
o
https://www.ietf.org/mailman/listinfo/oauth
--
https://danielfett.de
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web
of the draft to
allow me to progress it?
Regards,
Rifaat
On Mon, Sep 6, 2021 at 6:50 AM Karsten Meyer zu Selhausen
<mailto:karsten.meyerzuselhau...@hackmanit.de>> wrote:
Hi Rifaat,
thank you for the shepherd's review.
Those are valid comments. We will have a se
lready been filed.
Please, reply to this email on the mailing list and indicate if
you are aware of any IPRs associated with this document.
Regards,
Rifaat
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Se
h mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49 (0)234 / 54456499
Web:https://hackmanit.de | IT Security Consulting, Penetration Testing,
Security Training
Is your OAuth or OpenID Connect applic
Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.
Title : OAuth 2.0 Authorization Server Issuer Identification
Authors : Karsten Meyer zu Selhausen
no concerns.
Regards,
Rifaat & Hannes
On Thu, Apr 15, 2021 at 3:04 AM Karsten Meyer zu Selhausen
mailto:karsten.meyerzuselhau...@hackmanit.de>> wrote:
Hi all,
the latest version of the security BCP references
draft-ietf-oauth-iss-auth-resp-00 as
the WG if there are any comments on or concerns with
the current draft version.
Otherwise I hope we can move forward with the next steps and hopefully
finish the draft before/with the security BCP.
Best regards,
Karsten
--
Karsten Meyer zu Selhausen
Senior IT Security Consultant
Phone: +49
__
OAuth mailing list
OAuth@ietf.org <mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
<https://www.ietf.org/mailman/listinfo/oauth>
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer
in
Authorization Response
Authors : Karsten Meyer zu Selhausen
Daniel Fett
Filename: draft-ietf-oauth-iss-auth-resp-00.txt
Pages : 10
Date: 2021-01-06
Abstract:
This document specifies a new parameter &quo
aft-meyerzuselhausen-oauth-iss-auth-resp/>
Please, provide your feedback on the mailing list by Dec 22nd.
Regards,
Rifaat & Hannes
___
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
--
Karsten Meyer zu Selhausen
I
Subject: New Version Notification for
draft-meyerzuselhausen-oauth-iss-auth-resp-02.txt
Date: Tue, 17 Nov 2020 03:42:02 -0800
From: internet-dra...@ietf.org
To: Karsten zu Selhausen ,
Daniel Fett , Karsten Meyer zu Selhausen
A new version of I-D, draft-meyerzuselhausen-oauth-iss-auth
Sun, 01 Nov 2020 23:31:42 -0800
From: internet-dra...@ietf.org
To: Karsten Meyer zu Selhausen ,
Karsten zu Selhausen , Daniel
Fett
A new version of I-D, draft-meyerzuselhausen-oauth-iss-auth-resp-01.txt
has been successfully submitted by Karsten Meyer zu Selhausen and posted
to
;mix-up" attacks.
The need for a proper specification of the "iss" parameter was discussed
in this thread:
https://mailarchive.ietf.org/arch/msg/oauth/DQR2ZXtGKfa-8UGtuPYyZoAaBIc/
Best regards,
Karsten
--
Karsten Meyer zu Selhausen
IT Security Consultant
Phone: +49 (0)234 / 544564
at 08:20, Karsten Meyer zu Selhausen
>> wrote:
>>
>> Hi all,
>>
>> I think we all agree that proper countermeasures of mix-up attacks should
>> definitely be part of the BCP and 2.1 due to the severe impact successful
>> mix-up attacks have.
>&
ocument:
> https://www.ietf.org/id/draft-ietf-oauth-par-03.html
>
> Please, take a look and provide feedback on the list by *August 25th.*
>
> Regards,
> Rifaat & Hannes
>
>
> ___
> OAuth mailing list
> OAuth@ietf.org
&
tf.org>
> https://www.ietf.org/mailman/listinfo/oauth
>
>
> */CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly
> prohi
authorization request to and bind this information to the user agent and
check that the authorization request was received from the correct
authorization server." -> "Clients MUST store the authorization server
they sent an authorization request to and bind this information to the
user a
in the BCP
(adding an AS identifier and the client_id of the intended recipient to
AS's responses) should be used to prevent Mix-Up attacks. If the
involved entities use the OIDC hybrid flow this countermeasure is
automatically applied.
Do we miss anything? Or what is your opinion about this?
B
36 matches
Mail list logo