Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-mtls-10

Hi Rifaat, Berlin Group‘s Nextgen PSD2 Spec (https://docs.wixstatic.com/ugd/c2914b_5351b289bf844c6881e46ee3561d95bb.pdf) also refers to mTLS. kind regards, Torsten. > Am 21.07.2018 um 23:25 schrieb Rifaat Shekh-Yusef : > > All, > > The following is the shepherd write-up for the

[OAUTH-WG] Shepherd write-up for draft-ietf-oauth-mtls-10

All, The following is the shepherd write-up for the draft-ietf-oauth-mtls-10 document: https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/shepherdwriteup/ Please, take a look and let us know if you have any comments. Regards, Rifaat & Hannes ___

[OAUTH-WG] regarding draft-ietf-oauth-jwsreq

Hello, about the mentioned content-types in the current draft *jwsreq-16* in *section-10.4.1* - says to check the content type of the response is "application/jose" I believe this should be application/jwt instead in *section-10.4.2* - says to check the content type of the response is

Re: [OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"

+1 Hans. On Sat, Jul 21, 2018 at 7:12 PM, Filip Skokan wrote: > I support the adoption or this document by the WG. > > Filip Skokan > > Odesláno z iPhonu > > 19. 7. 2018 v 19:43, Rifaat Shekh-Yusef : > > Hi all, > > This is the call for adoption of the 'JWT Response for OAuth Token >

Re: [OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"

I support the adoption or this document by the WG. Filip Skokan Odesláno z iPhonu 19. 7. 2018 v 19:43, Rifaat Shekh-Yusef : > Hi all, > > This is the call for adoption of the 'JWT Response for OAuth Token > Introspection' document following the presentation by Torsten at the Montreal >

Re: [OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"

Hi Mark, > Am 20.07.2018 um 17:47 schrieb Mark Dobrinic : > > I +1 this, thanks > > but at the same time, I'm wondering what happened with the argument that > this should be solved by Token Exchange instead of Introspect? We presented two use case in London, (1) providing evidence for the

Re: [OAUTH-WG] updated Distributed OAuth ID

Hi Dick, Am 19.07.2018 um 15:46 schrieb Dick Hardt : >> I think any scenario with multiple resource servers relying on the same AS >> for authorization where the client acts on behalf of the resource owner >> qualifies for grant type code and distributed OAuth. >> >> Let’s assume a user

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

Hi Dick, > Am 20.07.2018 um 19:46 schrieb Dick Hardt : > > There are a few places where multiple resources could be used: > > One is in the code flow where it is desirable to optimize the user experience > so that the user is granting authorization once, and not multiple times. > I agree.

Re: [OAUTH-WG] MTLS - IPR Disclosure

I am not aware of any IPR. Sent from Mail for Windows 10 From: Rifaat Shekh-Yusef Sent: Tuesday, July 17, 2018 10:06 AM To: oauth Subject: [OAUTH-WG] MTLS - IPR Disclosure Authors, As part of the write-up for the OAuth MTLS document, we need an IPR disclosure from all of you.. Are you aware