[OAUTH-WG] OAuth WG Virtual Office Hours cancelled

All, The OAuth WG Virtual Office Hours meeting is cancelled for today, because we have some issues with Webex and the meeting is in conflict with the IIW which is happening this week. Regards, Rifaat & Hannes ___ OAuth mailing list OAuth@ietf.org https

Re: [OAUTH-WG] OAuth WG Agenda @ IETF116

All, The IESG raised some concerns around the side meetings. For this reason, we are unfortunately *canceling* these meetings at this time, and we will discuss ways to address the IESG concerns in future meetings. Regards, Rifaat & Hannes On Tue, Mar 21, 2023 at 9:05 AM Rifaat Shekh-Y

Re: [OAUTH-WG] OAuth WG Agenda @ IETF116

gt; > -Daniel > Am 21.03.23 um 13:35 schrieb Rifaat Shekh-Yusef: > > > > *Tuesday * > Chairs update – Rifaat/Hannes (10 min) > > https://datatracker.ietf.org/meeting/116/materials/slides-116-oauth-chairs-update-01 > > SD-JWT – Kristina/Daniel – (20 min) > https://datatrac

[OAUTH-WG] OAuth WG Agenda @ IETF116

*Tuesday* Chairs update – Rifaat/Hannes (10 min) https://datatracker.ietf.org/meeting/116/materials/slides-116-oauth-chairs-update-01 SD-JWT – Kristina/Daniel – (20 min) https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/ Browser-based Apps – Aaron (20 min) https://datatra

Re: [OAUTH-WG] Draft OAuth WG Agenda @ Yokohama

other patterns that we can look at to address the >> concerns in terms of performance penalty? >> (b) Is there a need to provide clear guidelines on how to restore the >> previous state of the client application to ensure a seamless user >> experience in upcoming RFCs? &

Re: [OAUTH-WG] Draft OAuth WG Agenda @ Yokohama

m can be added to discuss > the use of the "state" parameter design pattern for preserving the current > state and the impact it may have on performance of the oauth. > > Regards > Jaimandeep Singh > > On Wed, 15 Mar, 2023, 7:34 pm Rifaat Shekh-Yusef, > wrote: > &

[OAUTH-WG] Draft OAuth WG Agenda @ Yokohama

All, The following is the agenda for the official two sessions scheduled for the OAuth WG: *Tuesday* - *Chairs update –* Rifaat/Hannes (10 min) - *SD-JWT *– Kristina/Daniel – (20 min) - *Browser-based Apps* – Aaron (20 min) - *OAuth 2.1* – Aaron (20 min) - *Client/Trust Management

Re: [OAUTH-WG] IETF 116 Preliminary Agenda

We have also scheduled two *side meetings *on Wednesday and Thursday, 10:00-11:30 at G301 room. Regards, Rifaat On Fri, Feb 24, 2023 at 6:01 PM Rifaat Shekh-Yusef wrote: > Based on the preliminary agenda, we have two official sessions: > *Tuesday *and *Friday*, both at *9:30

[OAUTH-WG] Fwd: IETF 116 Preliminary Agenda

Based on the preliminary agenda, we have two official sessions: *Tuesday *and *Friday*, both at *9:30-11:30*. Regards, Rifaat -- Forwarded message - From: IETF Agenda Date: Fri, Feb 24, 2023 at 5:50 PM Subject: IETF 116 Preliminary Agenda To: IETF Announcement List Cc: , <116.

Re: [OAUTH-WG] IETF-116: Client/Trust Management

Hi Torsten, Sounds good. I will add this topic to the list. Regards, Rifaat On Tue, Jan 31, 2023 at 11:18 AM Torsten Lodderstedt < tors...@lodderstedt.net> wrote: > Hi Rifaat, > > Kristina and I would like to give an update to the WG about challenges and > developments on client/trust managem

Re: [OAUTH-WG] OAUTH for Web Proxy authentication

Hi Markus, As Goerge mentioned, there is no such document that covers this. What use case(s) do you have in mind for this? Regards, Rifaat On Sat, Jan 28, 2023 at 7:50 PM Markus wrote: > Thank you. > > Regards > Markus > *From:* George Fletcher > *Sent:* Saturday, January 28, 2023 1:43 PM >

Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metadata

I added both to the list of topics to discuss in Yokohama. Let's have that discussion first, before calling for any adoption. Regards, Rifaat & Hannes On Sat, Jan 28, 2023 at 8:35 PM Aaron Parecki wrote: > There is significant overlap between this draft and the concepts brought > to the OAuth

Re: [OAUTH-WG] Implementations - OAuth 2.0 Step-up Authentication Challenge Protocol

een added for v6.3.0 being released this summer. >> >> https://duendesoftware.com/ >> <https://urldefense.com/v3/__https://duendesoftware.com/__;!!PwKahg!_QqcL9hmzoBR8DK13nAEH18tSGzXNWCtB-fwB994SSlW5a9xTT07XjbAovAQZ6R6ywOpY_LdQCFxbnCkRFA$> >> >> Thanks. >> >> &

[OAUTH-WG] Publication has been requested for draft-ietf-oauth-step-up-authn-challenge-08

Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-step-up-authn-challenge-08 as Proposed Standard on behalf of the OAUTH working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-oauth-step-up-authn-chal

[OAUTH-WG] OAuth WG Virtual Office Hours is cancelled for today

All, Because of the holidays, the OAuth WG Virtual Office Hours is cancelled for today. Happy holidays! Regards, Rifaat & Hannes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] JWT Embedded Tokens

All, Dick, Giuseppe, and I submitted a new version of JWT Embedded Tokens (previously known as Multi-Subject JWT). https://www.ietf.org/archive/id/draft-yusef-oauth-nested-jwt-06.html We would appreciate any feedback on this document. Regards, Rifaat (as individual)

Re: [OAUTH-WG] Implementations - OAuth 2.0 Step-up Authentication Challenge Protocol

website that explains the specification > in detail with many diagrams. > > OAuth 2.0 Step-up Authentication Challenge Protocol > https://www.authlete.com/developers/stepup_authn/ > > Best Regards, > Takahiko Kawasaki > > > On Tue, Dec 20, 2022 at 10:15 PM Rifaat S

Re: [OAUTH-WG] Implementations - OAuth 2.0 Step-up Authentication Challenge Protocol

tes the max_age and acr_values parameters at the authorization endpoint. > > > > On Tue, Dec 20, 2022 at 6:44 AM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > >> Thanks Brian! >> >> Any links to public documents that cover this that you could s

Re: [OAUTH-WG] Implementations - OAuth 2.0 Step-up Authentication Challenge Protocol

> > On Tue, Dec 20, 2022 at 6:16 AM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > >> All, >> >> As part of the shepherd write-up for the OAuth 2.0 Step-up Authentication >> Challenge Protocol document, >> we are looking for informati

[OAUTH-WG] Implementations - OAuth 2.0 Step-up Authentication Challenge Protocol

All, As part of the shepherd write-up for the OAuth 2.0 Step-up Authentication Challenge Protocol document, we are looking for information about implementations of this draft. https://www.ietf.org/archive/id/draft-ietf-oauth-step-up-authn-challenge-08.html Please, reply to this email, on the mai

[OAUTH-WG] IPR Disclosure - OAuth 2.0 Step-up Authentication Challenge Protocol

Authors, As part of the shepherd write-up, all authors of OAuth 2.0 Step-up Authentication Challenge Protocol must confirm that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have been filed. https://www.ietf.org/archive/id/draft-iet

Re: [OAUTH-WG] Step-up Authentication Shepherd Review

ttempt at a reply is > below. > > No worries :) > On Sun, Dec 18, 2022 at 1:42 PM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > >> >> On Fri, Dec 16, 2022 at 5:50 PM Brian Campbell < >> bcampb...@pingidentity.com> wrote: >> >>> &

Re: [OAUTH-WG] Step-up Authentication Shepherd Review

On Fri, Dec 16, 2022 at 5:50 PM Brian Campbell wrote: > Thanks for the review and shepherding Rifaat, > > Please see inline below where I've endeavored to reply to your comments. A > -07 draft with the respective changes is forthcoming. > > > On Tue, Dec 13, 2022 at

[OAUTH-WG] Step-up Authentication Shepherd Review

Vittorio, Brian, The following is my document shepherd review for the step-up authentication document: https://www.ietf.org/archive/id/draft-ietf-oauth-step-up-authn-challenge-06.html *Comments* * Section 4, first sentence: You might have a reason for using MAY, instead of SHOULD, but it is n

Re: [OAUTH-WG] Call for adoption: Cross-Device Flows

niel Fett wrote: > I support adoption of this document. > > -Daniel > Am 15.11.22 um 15:43 schrieb Rifaat Shekh-Yusef: > > All, > > During the IETF meeting last week, there was a strong support for > the adoption of the following document as a WG document: > http

Re: [OAUTH-WG] Tuesday side meeting agenda

/slides-115-oauth-identity-chaining-using-oauth-token-exchange Regards, Rifaat On Wed, Nov 16, 2022 at 2:37 AM Kai Lehmann wrote: > Hi Rifaat, > > > > the ones regarding the Fine Grained Authorization discussion. > > > > Regards, > > Kai > > > >

[OAUTH-WG] OAuth WG Virtual Office Hours is cancelled for today

All, Hannes and I have a conflict today, and we will not be able to host the OAuth WG Virtual Office Hours meeting. Regards, Rifaat ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Tuesday side meeting agenda

t; Thanks, > > Kai > > > > > > *From: *OAuth on behalf of Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> > *Date: *Tuesday, 15. November 2022 at 00:44 > *To: *Dmitry Telegin > *Cc: *oauth > *Subject: *Re: [OAUTH-WG] Tuesday side meeting agenda

[OAUTH-WG] NomCom: Selecting IETF Leadership

All, The NomCom is tasked with selecting the IETF leadership, like the IESG and the IAB. For the NomCom to be able to make an informed decision, they need feedback from the wider IETF community. Please, allocate some time to provide feedback on people that you interacted with to help the NomCom w

[OAUTH-WG] Call for adoption: Cross-Device Flows

All, During the IETF meeting last week, there was a strong support for the adoption of the following document as a WG document: https://datatracker.ietf.org/doc/draft-kasselman-cross-device-security/ This is to start a call for adoption for this document. Please, provide your feedback on the mail

Re: [OAUTH-WG] DPoP - Impementations

ies: > - JavaScript: https://github.com/inrupt/solid-client-authn-js/ > - Java: https://github.com/janeirodigital/sai-authentication-java > > Thanks! > Dmitry > > On Wed, Aug 10, 2022 at 10:39 PM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > > > &g

Re: [OAUTH-WG] Tuesday side meeting agenda

ks, > Dmitry > > On Tue, Nov 8, 2022 at 11:16 AM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > >> The side meeting is at 2:00pm at Richmond 6. >> >> Regards, >> Rifaat >> >> >> On Tue, Nov 8, 2022 at 10:14 AM Rifaat Shekh-Yuse

Re: [OAUTH-WG] Tuesday side meeting agenda

The side meeting is at 2:00pm at Richmond 6. Regards, Rifaat On Tue, Nov 8, 2022 at 10:14 AM Rifaat Shekh-Yusef wrote: > All, > > The agenda for today's side meeting is the following: > 1. WG Github, OAuth 2.1/Browser-based App - 30 minutes > 2. DPoP - AD and FAPI f

[OAUTH-WG] Tuesday side meeting agenda

All, The agenda for today's side meeting is the following: 1. WG Github, OAuth 2.1/Browser-based App - 30 minutes 2. DPoP - AD and FAPI feedback - 30 minutes We only have 1 hour today because of a conflict with the COSE WG. Regards, Rifaat ___ OAuth m

[OAUTH-WG] OAuth WG Agenda @ IETF115

All, Here is our agenda for the two official sessions in London next week: Monday Nov 7th == Chairs Update - Rifaat/Hannes - 15 minutes Browser-based apps and OAuth 2.1- Aaron - 30 minutes SD-JWT - Daniel - 30 Step-up Authentication - Brian - 15 Interactive Authentication of Non-I

Re: [OAUTH-WG] WGLC for Step-up Authentication

gt;>>>>>>>> >>>>>>>>>>> Item No 4: How much “Freshness” is fresh? >>>>>>>>>>> >>>>>>>>>>> Explanation. The use of the word “Freshness” is not quantified >>>>>>>>>>> and does not convey any

Re: [OAUTH-WG] OAuth WG Sessions @ IETF115

Oct 18, 2022 at 5:06 AM Rifaat Shekh-Yusef wrote: > All, > > We have two official sessions: > >- Monday at 9:30am >- Wednesday at 1:00pm > > > We also have two side sessions: > >- Tuesday at 2:00pm >- Thursday at 1

[OAUTH-WG] OAuth WG Sessions @ IETF115

All, We have two official sessions: - Monday at 9:30am - Wednesday at 1:00pm We also have two side sessions: - Tuesday at 2:00pm - Thursday at 10:00am Regards, Rifaat & Hannes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/

[OAUTH-WG] OAuth WG Virtual Office Hours cancelled this week

All, Hannes and I are both traveling this week, and cannot host the OAuth WG virtual office hours meeting. Regards, Rifaat ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] Fwd: IETF 115 Preliminary Agenda

We have two official sessions: the first one is *Monday morning *and the second one is *Wednesday afternoon*. Regards, Rifaat -- Forwarded message - From: IETF Agenda Date: Fri, Oct 7, 2022 at 5:49 PM Subject: IETF 115 Preliminary Agenda To: Working Group Chairs IETF 115 Lo

Re: [OAUTH-WG] WGLC for Step-up Authentication

*Correction:* Please, review the document and provide your feedback on the mailing list by *Oct 7th, 2022*. On Thu, Sep 22, 2022 at 9:52 AM Rifaat Shekh-Yusef wrote: > All, > > This is to start a *WG Last Call *for the *Step-up Authentication * > document: > > https://www.i

[OAUTH-WG] WGLC for Step-up Authentication

All, This is to start a *WG Last Call *for the *Step-up Authentication *document: https://www.ietf.org/archive/id/draft-ietf-oauth-step-up-authn-challenge-03.html Please, review the document and provide your feedback on the mailing list by *Sep 30th, 2022*. Regards, Rifaat & Hannes

Re: [OAUTH-WG] DPoP - Impementations

litaseurope.com > 0032 483 59 24 15 > > *Agilitas Europe SRL* > *Rue Wiertz 4* > *1050 Bruxelles* > > > Il giorno ven 12 ago 2022 alle ore 14:15 Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> ha scritto: > >> Thank you all for these implementation details!

Re: [OAUTH-WG] DPoP - Impementations

Thanks Itai! I have updated the shepherd write-up to include this implementation. Regards, Rifaat On Sun, Aug 14, 2022 at 12:55 PM Itai Zilbershtein wrote: > Hi Rifaat, > > > > Synamedia has implemented DPoP in OTT ServiceGuard > - Advanc

Re: [OAUTH-WG] Call for adoption - SD-JWT

tant >> extension to JWT which is a product of this WG and meets some of the >> use-cases that we left out years ago with relatively simple cryptographic >> techniques. >> >> On Fri, Jul 29, 2022 at 9:17 AM Rifaat Shekh-Yusef < >> rifaat.s.i...@gmail.com

Re: [OAUTH-WG] DPoP - Impementations

> https://connect2id.com/products/nimbus-oauth-openid-connect-sdk/examples/oauth/dpop > > In the c2id server: > > https://connect2id.com/products/server/docs/datasheet#dpop > > Vladimir Dzhuvinov > > On 11/08/2022 00:39, Rifaat Shekh-Yusef wrote: > > All, > > A

[OAUTH-WG] Publication has been requested for draft-ietf-oauth-dpop-11

Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-dpop-11 as Proposed Standard on behalf of the OAUTH working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ ___ OAuth mailing

[OAUTH-WG] DPoP - Impementations

All, As part of the shepherd write-up for the *DPoP* document, we are looking for information about implementations of this draft. https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ Please, reply to this email on the mailing list with any implementations that you are aware of to support this

[OAUTH-WG] DPoP - IPR Disclosure

Daniel, Brian, John, Torsten, Mike, and David, As part of the shepherd write-up for the *DPoP* document, there is a need for an IPR disclosure from the authors. https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ Are you aware of any IPRs associated with this document? Regards, Rifaat & Han

Re: [OAUTH-WG] DPoP - Document Shepherd Review

#1. >>> >>> The slides that I used to try and help guide the discussions are >>> attached. They are admittedly rather suboptimal but I'm including them for >>> the sake of transparency (and because they have a couple of photos). >>> >>> >>&

[OAUTH-WG] Call for adoption - SD-JWT

All, This is a call for adoption for the *SD-JWT* document https://datatracker.ietf.org/doc/draft-fett-oauth-selective-disclosure-jwt/ Please, provide your feedback on the mailing list by *August 12th*. Regards, Rifaat & Hannes ___ OAuth mailing list

Re: [OAUTH-WG] DPoP - Document Shepherd Review

being overly vibrant at times > > > > > On Wed, Jul 6, 2022 at 4:32 PM Brian Campbell > wrote: > >> Thanks Rifaat! >> I will make those changes in the document source and come to Philly >> prepared to discuss the other items. One of the side meetings seems like

[OAUTH-WG] Meetecho for side meetings

All, We will be using Meetecho for today's and tomorrow's meeting. Hopefully that will help make the remote experience better than yesterday. Wed: https://meetings.conf.meetecho.com/interim/?short=4558043e-bafb-4746-9a87-3e5af7486bca Thu: https://meetings.conf.meetecho.com/interim/?short=82e0d98

Re: [OAUTH-WG] [Technical Errata Reported] RFC9126 (6711)

+ Roman and Paul On Mon, Jul 18, 2022 at 12:25 PM Brian Campbell wrote: > I believe this should be verified. I'm also the one that reported it > though. But it's been sitting in reported status for a while now. > > On Fri, Oct 15, 2021 at 1:38 PM RFC Errata System < > rfc-edi...@rfc-editor.org>

[OAUTH-WG] OAuth WG Agenda @ IETF114

All, We have one *scheduled session *on *Monday *at* 10:00-12:00.* Here is the full IETF114 agenda: https://datatracker.ietf.org/meeting/114/agenda/ We also have *3 side sessions* as follows: *Tuesday* at *10:00-11:30* *Wednesday* at *10:00-11:30* *Thursday* at* 2:00-3:30* Here is the list of al

Re: [OAUTH-WG] SD-JWT - New version - Call for adoption?

Just to be clear, the chairs agree that the OAuth WG is the right place to discuss this. Regards, Rifaat & Hannes On Mon, Jul 11, 2022 at 12:58 PM Rifaat Shekh-Yusef wrote: > Thanks Daniel! > > Hannes and I discuss this. > Let's have this document first presented an

Re: [OAUTH-WG] SD-JWT - New version - Call for adoption?

Thanks Daniel! Hannes and I discuss this. Let's have this document first presented and discussed in Philly, which is two weeks from now, before making an adoption call. Regards, Rifaat & Hannes On Mon, Jul 11, 2022 at 12:42 PM Daniel Fett wrote: > Hi all, > > Kristina and I have just uploaded

Re: [OAUTH-WG] DPoP - Document Shepherd Review

at 11:55 AM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > >> The following is my review as a document shepherd: >> >> Section 4.3 >> >> Last sentence >> >> Since the document uses “SHOULD”, this implies that there are some valid >>

Re: [OAUTH-WG] New OAuth2 library for javascript/typescript

Thanks for sharing, Evert! Regards, Rifaat On Tue, Jun 21, 2022 at 2:19 PM Evert Pot wrote: > I hope this is not inappropriate for this list, but I wrote a new OAuth2 > library for JS/TS: > > https://github.com/badgateway/oauth2-client > > Some highlights: > > * 3KB compressed / 0 dependencies

Re: [OAUTH-WG] Multi-Subject JWT draft

enabling access. And perhaps we are taking some inspiration from that, the > trouble is here, we would need the JWT to contain both (all) signatures not > just the audit trail to be of value. > > So I would recommend we scope the draft to either solve *multi-party* > problems (which is

Re: [OAUTH-WG] Multi-Subject JWT draft

Yes to both questions. On Tue, Jun 14, 2022 at 2:22 PM Warren Parad wrote: > Is it helpful to challenge this implementation? (and is this email thread > the right place to do it?) > > On Tue, Jun 14, 2022 at 5:27 PM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: &g

Re: [OAUTH-WG] Multi-Subject JWT draft

Or maybe we want to talk about the value: > >- Delegating Authorization using Nested Subject Claims in JWTs > > > > On Tue, Jun 14, 2022 at 5:05 PM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > >> Hi Dick, >> >> The initial scope of th

Re: [OAUTH-WG] Multi-Subject JWT draft

it would be an array of > identifiers. "aka" => Also Known As > > /Dick > > On Tue, Jun 14, 2022 at 5:25 AM Rifaat Shekh-Yusef < > rifaat.s.i...@gmail.com> wrote: > >> I have just submitted an updated version of the *Multi-Subject JWT* >> draf

[OAUTH-WG] Multi-Subject JWT draft

I have just submitted an updated version of the *Multi-Subject JWT* draft (formerly known as Nested JWT) with more details. I would appreciate any reviews and feedback on this version. https://datatracker.ietf.org/doc/html/draft-yusef-oauth-nested-jwt Regards, Rifaat _

[OAUTH-WG] DPoP - Document Shepherd Review

The following is my review as a document shepherd: Section 4.3 Last sentence Since the document uses “SHOULD”, this implies that there are some valid cases where this is not needed. Should a text be added to explain when this is not needed? Section 6.1 1. First sentence - what is the r

Re: [OAUTH-WG] Last Call: (JWK Thumbprint URI) to Proposed Standard

s not have the > specified hash value. My interpretation would be that these behaviors go > against the spirit of RFC 6920. > > -DW > > On May 6, 2022, at 6:27 AM, Rifaat Shekh-Yusef > wrote: > > Mike, > > RFC6920 defines an optional query parameter, in section 3: >

Re: [OAUTH-WG] Last Call: (JWK Thumbprint URI) to Proposed Standard

my lawn” provisions of > https://datatracker.ietf.org/doc/html/rfc7320. > > > > For several reasons, I believe we’re better off staying with the syntax we > have. > > > >Best wishes, > >

Re: [OAUTH-WG] Call for adoption - Step-up Authentication

; > > *From:* OAuth *On Behalf Of * Vladimir Dzhuvinov > *Sent:* Monday, May 2, 2022 5:30 PM > *To:* oauth@ietf.org > *Subject:* Re: [OAUTH-WG] Call for adoption - Step-up Authentication > > > > +1 for adoption > > Vladimir Dzhuvinov > > On 26/04/2022 13:46,

Re: [OAUTH-WG] Last Call: (JWK Thumbprint URI) to Proposed Standard

Mike, RFC6920 defines an optional query parameter, in section 3: https://www.rfc-editor.org/rfc/rfc6920.html#section-3 I guess you could have added a query parameter to add that specificity. Regards, Rifaat On Tue, May 3, 2022 at 10:04 AM Mike Jones wrote: > Hi James. Thanks for your revie

[OAUTH-WG] Call for adoption - Step-up Authentication

This is a call for adoption for the *Step-up Authentication* document https://datatracker.ietf.org/doc/draft-bertocci-oauth-step-up-authn-challenge/ Please, provide your feedback on the mailing list by *May 10th*. Regards, Rifaat & Hannes ___ OAuth mai

Re: [OAUTH-WG] Security BCP Review

On Mon, Apr 11, 2022 at 11:13 AM Daniel Fett wrote: > Hi Rifaat, > Am 14.02.22 um 22:26 schrieb Rifaat Shekh-Yusef: > > As part of the preparation for the shepherd write-up, I reviewed the > document and have the following comments: > > https://www.ietf.org/archive/id/draf

[OAUTH-WG] Publication has been requested for draft-ietf-oauth-jwk-thumbprint-uri-01

Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-jwk-thumbprint-uri-01 as Proposed Standard on behalf of the OAUTH working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-oauth-jwk-thumbprin

Re: [OAUTH-WG] JWK Thumbprint URI - Implementations

tation. > > > >-- Mike > > > > *From:* OAuth *On Behalf Of * Rifaat Shekh-Yusef > *Sent:* Friday, April 1, 2022 4:42 AM > *To:* oauth > *Subject:* [OAUTH-WG] JWK Thumbprint URI - Implementations > > > > All, > > > > As part of the shepherd write

[OAUTH-WG] JWK Thumbprint URI - Implementations

All, As part of the shepherd write-up for the *JWK Thumbprint URI* document, we are looking for information about implementations of this draft. Please, reply to this email on the mailing list with any implementations that you are aware of to support this document. Regards, Rifaat & Hannes _

[OAUTH-WG] JWK Thumbprint URI - IPR Disclosure

Mike, Kristina, As part of the shepherd write-up for the *JWK Thumbprint URI* document, there is a need for an IPR disclosure from the authors. Are you aware of any IPRs associated with this document? Regards, Rifaat & Hannes ___ OAuth mailing list OAu

[OAUTH-WG] WGLC for DPoP Document

All, As discussed during the IETF meeting in *Vienna* last week, this is a *WG Last Call *for the *DPoP* document: https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ Please, provide your feedback on the mailing list by April 11th. Regards, Rifaat & Hannes __

Re: [OAUTH-WG] OAuth WG Agenda @ IETF113

All, For people in Vienna that are interested in the side meetings, both are at the *Grand Klimt Hall 3*. Regards, Rifaat On Fri, Mar 11, 2022 at 4:15 PM Rifaat Shekh-Yusef wrote: > All, > > The OAuth WG has two offical sessions > 1. *Monday* at 2:30-4:30 pm Vienna time > 2.

[OAUTH-WG] OAuth WG Agenda @ IETF113

All, The OAuth WG has two offical sessions 1. *Monday* at 2:30-4:30 pm Vienna time 2. *Thursday* at 2:30-4:30 Vienna time We also have two side meetings available for in-person attendees: 1. *Tuesday* at 2:00-3:30 pm Vienna time 2. *Wednesday* at 6:00-7:30 pm Vienna time *Monday's agenda:* 1.

Re: [OAUTH-WG] Second WGLC for JWK Thumbprint URI document

wrote: > > I support publication. > > -- Original Message ------ > From: "Rifaat Shekh-Yusef" > To: "oauth" > Sent: 2/21/2022 10:12:00 AM > Subject: [OAUTH-WG] Second WGLC for JWK Thumbprint URI document > > All, > > Mike and Kristina ma

[OAUTH-WG] Fwd: IETF 113 Final Agenda

-- Forwarded message -- From: *IETF Agenda* Date: Friday, February 25, 2022 Subject: IETF 113 Final Agenda To: Working Group Chairs IETF 113 Vienna, Austria March 19-25, 2022 Hosted By: Huawei The IETF 113 Final Agenda is now available. At this point, only Area Directors may su

Re: [OAUTH-WG] Second WGLC for JWK Thumbprint URI document

istake). > > — Neil > > On 23 Feb 2022, at 08:59, Vladimir Dzhuvinov > wrote: > > +1 in support for publication. > > The Nimbus JWT lib was recently updated to match the 01 spec with the hash > alg in the URN. > > Vladimir Dzhuvinov > > On 21/02/2022 15:12, Rifaat S

[OAUTH-WG] Second WGLC for JWK Thumbprint URI document

All, Mike and Kristina made the necessary changes to address all the great comments received during the initial WGLC. This is a *second* WG Last Call for this document to make sure that the WG has a chance to review these changes: https://www.ietf.org/archive/id/draft-ietf-oauth-jwk-thumbprint-ur

[OAUTH-WG] Preliminary Meeting Agenda

As per the *preliminary* meeting agenda, we will be meeting on *Monday* and *Thursday *at *14:30-16:30* pm *Vienna* time. https://datatracker.ietf.org/meeting/113/agenda/ Regards, Rifaat ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman

[OAUTH-WG] Security BCP Review

As part of the preparation for the shepherd write-up, I reviewed the document and have the following comments: https://www.ietf.org/archive/id/draft-ietf-oauth-security-topics-19.html General comment The document refers to a number of drafts that are not active anymore, e.g., token binding, pop

[OAUTH-WG] Fwd: Day structure for IETF 113

-- Forwarded message - From: IETF Chair Date: Thu, Feb 10, 2022 at 11:32 AM Subject: Day structure for IETF 113 To: <113attend...@ietf.org>, <113...@ietf.org> Cc: IETF WG Chairs Hi, the IESG has decided on the following day structure for IETF 113 (all times in local time Vienna

[OAUTH-WG] WGLC for JWK Thumbprint URI document

All, The *JWK Thumbprint URI *document is a simple and straightforward specification. This is a WG Last Call for this document: https://www.ietf.org/archive/id/draft-ietf-oauth-jwk-thumbprint-uri-00.html Please, provide your feedback on the mailing list by *Feb 16th*. Regards, Rifaat & Hannes

Re: [OAUTH-WG] [EXTERNAL] Re: Call for adoption - JWK Thumbprint URI

port adoption. > > > > *From:* OAuth *On Behalf Of *George Fletcher > *Sent:* Friday 21 January 2022 21:22 > *To:* Rifaat Shekh-Yusef ; oauth > *Subject:* [EXTERNAL] Re: [OAUTH-WG] Call for adoption - JWK Thumbprint > URI > > > > +1 for adoption > >

[OAUTH-WG] Call for adoption - JWK Thumbprint URI

All, This is a call for adoption for the *JWK Thumbprint URI* draft: https://datatracker.ietf.org/doc/draft-jones-oauth-jwk-thumbprint-uri/ Please, provide your feedback on the mailing list by *Jan 27th*. Regards, Rifaat & Hannes ___ OAuth mailing lis

[OAUTH-WG] Fwd: Webex meeting changed: OAuth WG Virtual Office Hours

Sending this again to make sure that you can add it to your calendar. Regards, Rifaat -- Forwarded message - From: Web Authorization Protocol Working Group Date: Fri, Sep 24, 2021 at 9:23 AM Subject: [OAUTH-WG] Webex meeting changed: OAuth WG Virtual Office Hours To: Web A

Re: [OAUTH-WG] Virtual office hours

The virtual office hours are on Wednesday at 12:00pm Eastern Time. Regards, Rifaat On Mon, Jan 10, 2022 at 1:03 AM Mike Jones wrote: > Are the OAuth virtual hours happening 11 hours from now? > > Inquiring minds want to know. ;-) > > -- Mike > > ___

[OAUTH-WG] Fwd: IETF 113 will be a hybrid onsite/online meeting in Vienna, Austria

FYI -- Forwarded message - From: IETF Executive Director Date: Tue, Dec 21, 2021 at 8:43 PM Subject: IETF 113 will be a hybrid onsite/online meeting in Vienna, Austria To: IETF Announcement List IETF 113 will be held as a hybrid onsite/online meeting with the onsite element in

[OAUTH-WG] OAuth Redirection Attacks

All, An article was recently published discussing some OAuth Redirection Attacks to try to bypass phishing detection solutions. See the details of these attacks in the following link: https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lea

[OAUTH-WG] OAuth WG Virtual Office Hours is canceled for this week

All, We are canceling the OAuth WG Virtual Office Hours because of the conflict with the OAuth Security Workshop this week. Regards, Rifaat & Hannes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] OAuth WG Interim Meeting Minutes - Token Exchange Profile for Enterprise

All, Thanks to *Justin Richer *for taking the following notes during the meeting: https://datatracker.ietf.org/meeting/interim-2021-oauth-15/materials/minutes-interim-2021-oauth-15-202111031200-00 https://notes.ietf.org/s/notes-ietf-interim-2021-oauth-15-oauth Regards, Rifaat & Hannes __

[OAUTH-WG] OAuth WG Interim - Token Chaining

All, The following link has links to the *Token Chaining* slides and drafts to be discussed tomorrow: https://notes.ietf.org/notes-ietf-interim-2021-oauth-15-oauth Regards, Rifaat & Hannes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mail

[OAUTH-WG] DPoP Interim Meeting Minutes

All, Thanks to *Hannes* and *Dick* for taking the following notes during the DPoP Interim meeting today. https://notes.ietf.org/s/notes-ietf-interim-2021-oauth-14-oauth Regards, Rifaat ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/

Re: [OAUTH-WG] Call for Adoption - OAuth Proof of Possession Tokens with HTTP Message Signature

Message Signatures whether or not the >> OAuth WG picks up the work. The question is whether those applications are >> going to be isolated profiles and silos, like they are today, or whether >> there can be one way to use them together across different systems. >> >>

[OAUTH-WG] OAuth WG Interim Meeting Minutes - October 20

All, Thanks to *Aaron Parecki* for taking the following note for the interim meeting today: https://datatracker.ietf.org/meeting/interim-2021-oauth-13/materials/minutes-interim-2021-oauth-13-202110201200-00 https://notes.ietf.org/s/notes-ietf-interim-2021-oauth-13-oauth Regards, Rifaat & Hannes

[OAUTH-WG] OAuth Interim - RAR

All, The following link has links to the RAR document and slides that we will be discussing tomorrow during the interim meeting: https://notes.ietf.org/notes-ietf-interim-2021-oauth-13-oauth Regards, Rifaat & Hannes ___ OAuth mailing list OAuth@ietf.or

[OAUTH-WG] Fwd: Webex meeting changed: OAuth WG Interims - October 2021

All, We have extended this series by one more week, *until Nov 3rd*, for a session that will cover the *Token Exchange Profile for Enterprise* documents. Regards, Rifaat -- Forwarded message - From: Web Authorization Protocol Working Group Date: Wed, Oct 13, 2021 at 5:39 PM Su

<    1   2   3   4   5   6   >