Hello
My name is Omer, and I am working at Soluto. We wanted to find a way to
authenticate our mobile application, without any user interaction - as this
will affect the user experience. We developed a new authentication flow,
similar to JWT client assertion. I've gave a talk about this flow in a
; Hi Omer and welcome to the Oauth WG,
>
> On 14/02/18 22:48, Omer Levi Hevroni wrote:
> > Hello
> > My name is Omer, and I am working at Soluto. We wanted to find a way to
> > authenticate our mobile application, without any user interaction - as
> this
> > will affe
Hey
New version of the draft published. Looking forward to hear feedback about
it.
-- Forwarded message -
From:
Date: Thu, Aug 2, 2018 at 12:15 PM
Subject: New Version Notification for
draft-hevroni-oauth-seamless-flow-01.txt
To: Omer Levi Hevroni
A new version of I-D, draft
evroni-oauth-seamless-flow-00.txt
To: Omer Levi Hevroni <ome...@gmail.com>
A new version of I-D, draft-hevroni-oauth-seamless-flow-00.txt
has been successfully submitted by Omer Hevroni and posted to the
IETF repository.
Name: draft-hevroni-oauth-seamless-flow
Revision:
Hey
After presenting the flow yesterday, I've submitted the first draft:
https://tools.ietf.org/html/draft-seamless-flow-00
I tried to answer all the question that raised during the session.
Looking forward to hear your feedback.
Omer
___
OAuth mailing
Hey and Good Morning
I've created a first version of the draft, hope to finish it and send a
draft soon. This is the protocol I'm going to present on Wednesday OAuth WG
meeting. Feedback is highly appreciated - this is the first time I'm
writing a draft.
You can find it here:
Yes, that is correct.
I'm sorry the confusion, I think this confusion is built into
oauth framework itself.
You understood well the scenario - I have an application running on an
untrusted device in an untrusted network. I looked for a way to
authenticate the requests from the device to AS.
Does
ll
> their data. Also, IMHO, I don't think the private key protections you have
> in place are a net positive.
>
>
>
>
> On Mon, Nov 12, 2018 at 3:08 AM Omer Levi Hevroni
> wrote:
>
>> Ok, let me try.
>>
>> At the company where I work, we have an app tha
One-Time Password System <https://tools.ietf.org/html/rfc2289>
>
> Are you actually using the referenced RFC2289 (that seems to use
> H(H(H(H(…H(password + challenge + stuff)…)?
>
> I don’t think so. I think you are using normal crypto signing keys, plus a
> random non
Nope, device flow still requires interactive login flow from the user, just
on another device. My flow aims for strong device authentication, without
any user interaction. My flow has some similarity to oauth client assertion
flow - https://tools.ietf.org/html/rfc7523, with modifications for
Hey
My name is Omer, and I want to ask a time to present a draft I'm working on
at IETF 103. This is a new oauth extension, that suppose to allows devices
to authenticate without any user interaction. There are many use cases,
especially in IoT world, where there are devices which need a strong
11 matches
Mail list logo
