Re: [OAUTH-WG] Meeting Minutes

Happy holidays! > > From: Torsten Lodderstedt > Sent: Saturday, December 21, 2019 10:59 AM > To: Hannes Tschofenig > Cc: oauth@ietf.org > Subject: Re: [OAUTH-WG] Meeting Minutes > > With respect to Rich Authorization Requests, the minutes state that a call > for

Re: [OAUTH-WG] Meeting Minutes

, December 21, 2019 10:59 AM To: Hannes Tschofenig Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Meeting Minutes With respect to Rich Authorization Requests, the minutes state that a call for adoption will be sent to the list. When will this call for adoption being sent to the list? Am 03.12.2019 um 09

Re: [OAUTH-WG] Meeting Minutes

With respect to Rich Authorization Requests, the minutes state that a call for adoption will be sent to the list. When will this call for adoption being sent to the list? > Am 03.12.2019 um 09:26 schrieb Hannes Tschofenig : > >  > Here are the meeting minutes from the Singapore IETF meeting:

Re: [OAUTH-WG] Meeting Minutes

+1 to adopting PAR. For RAR I have a number of questions myself with the approach and with some of the ramifications. I’m most concerned with the coupling of business-specific presentation, process validation and workflow within the AS, but also with the mixing of single transactional approval

Re: [OAUTH-WG] Meeting Minutes

>> – >> >> Annabelle Richard Backman >> >> AWS Identity >> >> >> >> >> >> *From:* OAuth on behalf of Justin Richer < >> jric...@mit.edu> >> *Date:* Monday, December 16, 2019 at 12:36 PM >> *To:* Brian Ca

Re: [OAUTH-WG] Meeting Minutes

abelle Richard Backman > > AWS Identity > > > > > > *From:* OAuth on behalf of Justin Richer < > jric...@mit.edu> > *Date:* Monday, December 16, 2019 at 12:36 PM > *To:* Brian Campbell > *Cc:* "oauth@ietf.org" > *Subject:* Re: [OAUTH-WG] Meeting Minute

Re: [OAUTH-WG] Meeting Minutes

onday, December 16, 2019 at 12:36 PM > *To: *Brian Campbell > *Cc: *"oauth@ietf.org" > *Subject: *Re: [OAUTH-WG] Meeting Minutes > > > > +1 to this. My take away was that PAR was pretty clear for adoption right > now, RAR had interest but more question/debate. >

Re: [OAUTH-WG] Meeting Minutes

+1 to this. My take away was that PAR was pretty clear for adoption right now, RAR had interest but more question/debate. FWIW I’m in favor of both of them. — Justin > On Dec 16, 2019, at 11:26 AM, Brian Campbell > wrote: > > With respect to the Pushed Authorization Requests (PAR) draft

Re: [OAUTH-WG] Meeting Minutes

With respect to the Pushed Authorization Requests (PAR) draft the minutes do capture an individual comment that it's a "no brainer to adopt this work" but as I recall there was also a hum to gauge the room's interest in adoption, which was largely in favor of such. Of course, one hum in Singapore

[OAUTH-WG] Meeting Minutes

Here are the meeting minutes from the Singapore IETF meeting: https://datatracker.ietf.org/meeting/106/materials/minutes-106-oauth-03 Tony was our scribe. Thanks! IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the

[OAUTH-WG] Meeting minutes from IETF106

Are the meeting minutes posted anywhere? I haven’t been able to find a link to them yet. Thanks! Aaron -- Aaron Parecki aaronparecki.com @aaronpk ___ OAuth mailing list OAuth@ietf.org

[OAUTH-WG] Meeting Minutes (IETF#103)

Here are the meeting minutes from the last IETF OAuth WG meeting from IETF#103: https://datatracker.ietf.org/meeting/103/materials/minutes-103-oauth-00 Thanks to Chris & Mike for taking notes. If you have comments, please let me know. Ciao Hannes IMPORTANT NOTICE: The contents of this email

[OAUTH-WG] Draft OAuth WG meeting minutes for 3:20-4:20 16-Nov-16 in Seoul

Rich Salz helped Hannes Tschofenig run the meeting as a guest facilitator Brian Campbell discussed the status of Token Exchange Hannes: The consensus during the Monday meeting was to gain more implementation experience before WGLC Hannes asked who is implementing or

[OAUTH-WG] Draft OAuth WG meeting minutes for 9:30-noon 14-Nov-16 in Seoul

Hannes gave an OAuth WG status update AMR Values spec sent to the IESG Request by JWS spec sent to the IESG Native apps specification Recently updated to make it more readable Hannes is working on a

[OAUTH-WG] Meeting Minutes

Hi all, here are the meeting minutes from the OAuth session: https://www.ietf.org/proceedings/96/minutes/minutes-96-oauth Please take a look at them to see whether they reflect the discussions and decisions made during the meeting. Email confirmations will follow. Ciao Hannes signature.asc

Re: [OAUTH-WG] Meeting Minutes

, 2016 5:17 PM To: hannes.tschofe...@gmx.net; bcampb...@pingidentity.com Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Meeting Minutes Different people, different perceptions :-) But anyway, the discussion on the list has already started, right? Originalnachricht Betreff: Re

Re: [OAUTH-WG] Meeting Minutes

On 04/19/2016 10:17 AM, tors...@lodderstedt.net wrote: > But anyway, the discussion on the list has already started, right? I triggered the discussion since I believe it is a worthwhile topic to think about and, given that it is a bigger decision, we should be mindful about the direction we

Re: [OAUTH-WG] Meeting Minutes

Different people, different perceptions :-) But anyway, the discussion on the list has already started, right? Originalnachricht Betreff: Re: [OAUTH-WG] Meeting Minutes Von: Hannes Tschofenig <hannes.tschofe...@gmx.net> An: Brian Campbell <bcampb...@pingidentity.com

Re: [OAUTH-WG] Meeting Minutes

Hi Torsten, On 04/19/2016 12:34 AM, Brian Campbell wrote: > > I felt some consensous around the topic that in the end, there must be > normative chances to the core protocol and the respective security > considerations. > > Barry gave his advice regarding updates in this context. There was no

Re: [OAUTH-WG] Meeting Minutes

There were multiple options discussed in the meeting and on the emails. I noticed there was strong support for consolidation if there is an opportunity to reduce the number of RFCs developers have to pay attention to. This is where Barry commented that there are differences between a 6749bis,

Re: [OAUTH-WG] Meeting Minutes

I recall +1’ing that idea in the chat. It’s an “updates” to 6819 at least. — Justin > On Apr 18, 2016, at 6:34 PM, Brian Campbell > wrote: > > Yeah, as I recall, there was at least some support around the idea of an > "enhanced OAuth security" document. > > On

Re: [OAUTH-WG] Meeting Minutes

Yeah, as I recall, there was at least some support around the idea of an "enhanced OAuth security" document. On Sun, Apr 17, 2016 at 2:46 AM, Torsten Lodderstedt < tors...@lodderstedt.net> wrote: > Hi all, > > the security discussion started with mix up and cut and paste, but we had > a much

Re: [OAUTH-WG] Meeting Minutes

Hi all, the security discussion started with mix up and cut and paste, but we had a much broader discussion including further issues, such as open redirector. I suggested to merge all threats we are currently discussing into a single document in order to come up with a consolidated view on

Re: [OAUTH-WG] Meeting Minutes

That’s correct, we’ve filed an issue in our project to track its eventual implementation: https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/1055 — Justin > On Apr 11, 2016, at 8:21

Re: [OAUTH-WG] Meeting Minutes

Under the Token Exchange part it says, "Jim Fenton: we have implmentation that could be adapted to this." but, as I recall, Jim was not speaking for himself there but rather on behalf of Justin via the Jabber room. On Wed, Apr 6, 2016 at 11:43 AM, Hannes Tschofenig < hannes.tschofe...@gmx.net>

Re: [OAUTH-WG] Meeting Minutes

>> John Bradley sang a few notes from the Sound of Music to end the meeting. Were the hills alive? :) -gil -Original Message- From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Thursday, April 7, 2016 3:14 AM To: oauth@ietf.org Subject: [OAUTH-WG] M

[OAUTH-WG] Meeting Minutes

Leif was so nice to take meeting notes during the OAuth meeting today and they have been uploaded to: https://www.ietf.org/proceedings/95/minutes/minutes-95-oauth Please take a look at them and let me know if they are incorrect or need to be extended. Ciao Hannes signature.asc Description:

Re: [OAUTH-WG] IETF 93 OAuth WG Meeting Minutes

nig <hannes.tschofe...@gmx.net> wrote: > > Here are the meeting minutes from the f2f. Please drop us a message if > there is something missing or incorrect. > > ----- > > IETF 93 OAuth WG Meeting Minutes > > Room 301 > Time: 15:20-17:20 > Date: Thursda

Re: [OAUTH-WG] aud, JAR, PoP key distro, etc. (was Re: IETF 93 OAuth WG Meeting Minutes)

l message From: Brian Campbell <bcampb...@pingidentity.com> Date: 11/7/2015 7:56 AM (GMT+09:00) To: Hannes Tschofenig <hannes.tschofe...@gmx.net> Cc: oauth@ietf.org Subject: [OAUTH-WG] aud, JAR, PoP key distro, etc. (was Re: IETF 93 OAuth WG Meeting Minutes) That's right,

[OAUTH-WG] IETF 93 OAuth WG Meeting Minutes

Here are the meeting minutes from the f2f. Please drop us a message if there is something missing or incorrect. - IETF 93 OAuth WG Meeting Minutes Room 301 Time: 15:20-17:20 Date: Thursday, November 5, 2015 (JST) Chairs: Hannes Tschofenig + Derek Atkins (absent) Minute Taker: Kepeng Li

[OAUTH-WG] (was Re: IETF 93 OAuth WG Meeting Minutes)

Adding those security considerations is probably a good idea but it doesn't actually address the question from my WGLC comments on draft-ietf-oauth-jwsreq-06 . The question was about what from an encrypted only Request Object

Re: [OAUTH-WG] Meeting Minutes

@ietf.org Subject: [OAUTH-WG] Meeting Minutes Here are the notes from our meeting yesterday: https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fproceedings%2f93%2fminutes%2fminutes-93-oauthdata=01%7c01%7cMichael.Jones%40microsoft.com

Re: [OAUTH-WG] Meeting Minutes

-- Mike -Original Message- From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Thursday, July 23, 2015 7:19 AM To: oauth@ietf.org Subject: [OAUTH-WG] Meeting Minutes Here are the notes from our meeting yesterday: https://na01

Re: [OAUTH-WG] Meeting Minutes

Of Hannes Tschofenig Sent: Thursday, July 23, 2015 7:19 AM To: oauth@ietf.org Subject: [OAUTH-WG] Meeting Minutes Here are the notes from our meeting yesterday: https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fproceedings%2f93%2fminutes%2fminutes-93-oauthdata=01%7c01

[OAUTH-WG] Meeting Minutes

Here are the notes from our meeting yesterday: https://www.ietf.org/proceedings/93/minutes/minutes-93-oauth Thanks to Erik for taking notes. Please let me know if something is missing or incorrect within the next 2 weeks. Ciao Hannes signature.asc Description: OpenPGP digital signature

[OAUTH-WG] Meeting Minutes

The minutes from our OAuth f2f meeting have been uploaded to http://www.ietf.org/proceedings/92/minutes/minutes-92-oauth Thanks to Tony for taking notes. Ciao Hannes Derek - OAUTH WG WG STATUS Oauth Assertion Framework – RFC Editor Queue JWT - RFC Editor JWT

Re: [OAUTH-WG] Meeting Minutes

hi Hannes , thanks for sharing the minutes. about == John reported a security problem where a 302 redirect without user interaction causes security problems. Do we want to say somthing about this? Implementation guidance somewhere? Chairs: Is this written up? John: Yes, on mailing

Re: [OAUTH-WG] Meeting Minutes

: Thursday, November 13, 2014 5:05 PM To: oauth@ietf.org Subject: [OAUTH-WG] Meeting Minutes Hi all, here is a draft version of the meeting minutes: http://www.ietf.org/proceedings/91/minutes/minutes-91-oauth Thanks to Brian Rosen for taking notes. Comments are welcome! Ciao Hannes

Re: [OAUTH-WG] Meeting Minutes

My question was not really about the status of draft-bradley-oauth-stateless-client-id but rather about draft-ietf-oauth-dyn-reg-management allowing for the kind of stateless client id that Bradley described in his draft. And draft-ietf-oauth-dyn-reg-management still has text that says, 'The

Re: [OAUTH-WG] Meeting Minutes

together. -- Justin / Sent from my phone / Original message From: Brian Campbell bcampb...@pingidentity.com Date:11/14/2014 4:26 AM (GMT-10:00) To: Hannes Tschofenig hannes.tschofe...@gmx.net Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Meeting Minutes My question

Re: [OAUTH-WG] Meeting Minutes

...@pingidentity.com Date:11/14/2014 4:26 AM (GMT-10:00) To: Hannes Tschofenig hannes.tschofe...@gmx.net Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Meeting Minutes My question was not really about the status of draft-bradley-oauth-stateless-client-id but rather about draft-ietf-oauth-dyn-reg-management

Re: [OAUTH-WG] Meeting Minutes

[mailto:oauth-boun...@ietf.org] On Behalf Of Hannes Tschofenig Sent: Thursday, November 13, 2014 5:05 PM To: oauth@ietf.org Subject: [OAUTH-WG] Meeting Minutes Hi all, here is a draft version of the meeting minutes: http://www.ietf.org/proceedings/91/minutes/minutes-91-oauth Thanks to Brian Rosen

[OAUTH-WG] Meeting Minutes

Hi all, please have a look at the meeting minutes from last week: http://www.ietf.org/proceedings/85/minutes/minutes-85-oauth Thanks to Amanda Jean for taking notes. Ciao Hannes Derek ___ OAuth mailing list OAuth@ietf.org

[OAUTH-WG] Meeting Minutes

I have uploaded the meeting minutes: http://www.ietf.org/proceedings/84/minutes/minutes-84-oauth Have a look at them and let me know if there is something missing or incorrect. Thanks to Melinda for taking notes. ___ OAuth mailing list OAuth@ietf.org

[OAUTH-WG] Meeting Minutes - IETF#83

Hey guys, Derek took notes during the meeting and I polished them a bit. Have a look at them and let us know if there is something missing: http://www.ietf.org/proceedings/83/minutes/minutes-83-oauth.txt Ciao Hannes Derek ___ OAuth mailing list

Re: [OAUTH-WG] Meeting Minutes - IETF#83

Also, FYI, the audio recording of the meeting is available here: http://www.ietf.org/audio/ietf83/ietf83-252a-20120329-1256-pm.mp3 -derek On Wed, April 4, 2012 12:01 pm, Hannes Tschofenig wrote: Hey guys, Derek took notes during the meeting and I polished them a bit. Have a look at them

[OAUTH-WG] Meeting minutes from IETF 82

The chairs have posted minutes to the meeting materials page. Find them here: http://www.ietf.org/proceedings/82/minutes/oauth.txt A few messages will follow soon, with action items from the meeting. Barry, as chair ___ OAuth mailing list