Re: [OAUTH-WG] OAuth 2.0 Token Exchange: An STS for the REST of Us

Hi Mike, In section 2.2.1 Successful Response, the text states that refresh_token is NOT RECOMMENDED, but it does not explain the reason behind this. Can you please elaborate on this point and explain the rational behind this choice? Another question is around the impact of the new token on the

Re: [OAUTH-WG] OAuth 2.0 Token Exchange: An STS for the REST of Us

> mean the doing the exchange makes it no longer usable. But that would be a > specific detail of the particular kind of token. > > > > On Wed, Dec 16, 2015 at 11:17 PM, Rifaat Shekh-Yusef < > rifaat.i...@gmail.com> wrote: > >> Hi Mike, >> >>

Re: [OAUTH-WG] Chair volunteers

bject:* Re: [OAUTH-WG] Chair volunteers > > > > I am pleased to (somewhat belatedly) announce that Rifaat Shekh-Yusef has > agreed to > > serve as chair. Thanks to Derek for his service and Rifaat for being > willing to step up! > > > > -Ekr > > > > &

[OAUTH-WG] Meetings Minutes

Hi, We have uploaded the minutes to the following link: https://www.ietf.org/proceedings/98/minutes/minutes-98-oauth-00 Thanks to Jeff Hodges for taking the notes. Please, let us know if you have any feedback. Regards, Rifaat & Hannes ___ OAuth

Re: [OAUTH-WG] (no subject)

Use the following link to subscribe: https://www.ietf.org/mailman/listinfo/oauth Regards, Rifaat On Wednesday, August 2, 2017, Bone Bizz wrote: > Hello, id like to join the mailing list for Android. Thanks alot. > ___ OAuth

[OAUTH-WG] Agenda for IETF99

All, We have just uploaded the agenda for the two OAuth sessions next week: https://www.ietf.org/proceedings/99/agenda/agenda-99-oauth-01 Please, take a look and let us know if you have any comments or if we missed anything. Regards, Rifaat & Hannes. P.S., I unfortunately will not be a

Re: [OAUTH-WG] Agenda for IETF99

5 PM, Rifaat Shekh-Yusef <rifaat.i...@gmail.com> wrote: > All, > > We have just uploaded the agenda for the two OAuth sessions next week: > https://www.ietf.org/proceedings/99/agenda/agenda-99-oauth-01 > > Please, take a look and let us know if you have any comment

[OAUTH-WG] Call for Adoption: JSON Web Token Best Current Practices

All, We would like to get a confirmation on the mailing list for the adoption of the *JSON Web Token Best Current Practices* as a WG document https://datatracker.ietf.org/doc/draft-sheffer-oauth-jwt-bcp/ Please, let us know if you support or object to the adoption of this document. Regards,

Re: [OAUTH-WG] WGLC for draft-ietf-oauth-token-exchange-08

Thanks Brian. See my replies inline... On Fri, Jun 30, 2017 at 4:08 PM, Brian Campbell <bcampb...@pingidentity.com> wrote: > Thanks for the review, Rifaat. Replies are inline below... > > > On Mon, Jun 26, 2017 at 6:40 AM, Rifaat Shekh-Yusef <rifaat.i...@gmail.c

Re: [OAUTH-WG] WGLC draft-ietf-oauth-device-flow-06

On Wed, Jun 28, 2017 at 4:45 PM, Justin Richer <jric...@mit.edu> wrote: > > On Jun 28, 2017, at 2:35 PM, Rifaat Shekh-Yusef <rifaat.i...@gmail.com> > wrote: > > > On Wed, Jun 28, 2017 at 11:33 AM, Justin Richer <jric...@mit.edu> wrote: > >> This

Re: [OAUTH-WG] WGLC draft-ietf-oauth-device-flow-06

gain to get the token. Thoughts? Regards, Rifaat On Thu, Jun 1, 2017 at 8:32 AM, Rifaat Shekh-Yusef <rifaat.i...@gmail.com> wrote: > All, > > We are starting a WGLC on the Device Flow document: > https://tools.ietf.org/html/draft-ietf-oauth-device-flow-06 > > Please, rev

Re: [OAUTH-WG] WGLC for draft-ietf-oauth-token-exchange-08

nce stating that it "should not be used"? Would it not be more appropriate to state that it "must not be used" instead? Regards, Rifaat On Fri, Jun 2, 2017 at 3:05 PM, Rifaat Shekh-Yusef <rifaat.i...@gmail.com> wrote: > All, > > We are starting a WGLC on th

[OAUTH-WG] Agenda requests for Prague

All, If you have not done so already, please send us your agenda requests for the coming meeting in Prague. Regards, Rifaat & Hannes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] Plan for Prague

All, Hannes and I discuss the plan for Prague, and we think that the following documents would need to be discussed: 1. Device Flow 2. Mutual TLS Profile 3. PoP Key Distribution 4. Security Topics 5. Token Bindings 6. Token Exchange Does this sound like a reasonable plan? Any other

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-token-exchange-07.txt

or policy or auditing) to the token exchange >>>> event itself. When I wrote the "actor_token" text in section 2.1 some ~18 >>>> months ago I had the delegation scenario at the front of my mind and >>>> (clearly) intended to accommodate it. However, I didn't intend to

[OAUTH-WG] WGLC for draft-ietf-oauth-token-exchange-08

All, We are starting a WGLC on the Token Exchange document: https://www.ietf.org/id/draft-ietf-oauth-token-exchange-08 Please, review the document and provide feedback on any issues you see with the document. The WGLC will end in two weeks, on June 17, 2017. Regards, Rifaat and Hannes

[OAUTH-WG] WGLC draft-ietf-oauth-device-flow-06

All, We are starting a WGLC on the Device Flow document: https://tools.ietf.org/html/draft-ietf-oauth-device-flow-06 Please, review the document and provide feedback on any issues you see with the document. The WGCL will end in two weeks, on June 16, 2017. Regards, Rifaat and Hannes

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-token-exchange-07.txt

Hi All, The last email from Brian addresses the multiple audiences/resources issue with an error code, and we did not see any objection to this approach so far. *Authors,* Are there any other open issues with this draft? Do you believe it is ready for WGLC? Thanks, Rifaat & Hannes On Fri,

Re: [OAUTH-WG] oauth - New Meeting Session Request for IETF 100

lt; > session-requ...@ietf.org> wrote: > >> >> >> A new meeting session request has just been submitted by Rifaat >> Shekh-Yusef, a Chair of the oauth working group. >> >> >> - >> Working Gr

Re: [OAUTH-WG] oauth - New Meeting Session Request for IETF 100

Sure On Wed, Sep 27, 2017 at 4:10 PM, Dick Hardt <dick.ha...@gmail.com> wrote: > And secevent? > > On Wed, Sep 27, 2017 at 10:39 AM, Rifaat Shekh-Yusef < > rifaat.i...@gmail.com> wrote: > >> Sure, I will add that to the list. >> >> Regards, >&g

[OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices

All, As discussed in Singapore, we are starting a WGLC for the *draft-ietf-oauth-device-flow-07* document, starting today and ending on December 11, 2018. https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ Please, review the document and provide feedback on the list. Regards,

Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices

Sorry, I did not mean to drag it to December next year :) The WGLC ends on *December 11, 2017*. Regards, Rifaat On Mon, Nov 27, 2017 at 8:55 AM, Rifaat Shekh-Yusef <rifaat.i...@gmail.com> wrote: > All, > > As discussed in Singapore, we are starting a WGLC for the > *draft

[OAUTH-WG] Token Exchange - IPR Disclosure

Authors, As part of the write-up for the Token Exchange document, we need an IPR disclosure from all of you. Are you aware of any IPR related to the following Token Exchange document? https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/ Regards, Rifaat

[OAUTH-WG] Token Exchange Implementations

All, As part of the write-up for the Token Exchange document, we are looking for information about implementation for this document. We are aware of 3 implementations for this document by: Salesforce, Microsoft, and Box. Are people aware of any other implementation? Regards, Rifaat

[OAUTH-WG] Publication has been requested for draft-ietf-oauth-token-exchange-10

Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-token-exchange-10 as Proposed Standard on behalf of the OAUTH working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange

[OAUTH-WG] Interim Meetings Doodle Poll

All, We are looking to schedule *two* Virtual Interim Meetings to discuss the *Distributed OAuth* and *"Mutual" OAuth* documents presented by Dick in Singapore. https://datatracker.ietf.org/doc/draft-hardt-oauth-distributed/ https://datatracker.ietf.org/doc/draft-hardt-oauth-mutual/ It is a real

[OAUTH-WG] IETF100 Draft Agenda

All, We have just uploaded a draft agenda for the coming OAuth meetings: https://datatracker.ietf.org/meeting/100/materials/agenda-100-oauth/ Please, take a look and let us know if you have any comments or if we missed anything. Regards, Rifaat & Hannes.

Re: [OAUTH-WG] Working Group Last Call: JSON Web Token Best Current Practices

Thanks Mike! Hannes and I will review the document and get back to you on this next week. Regards, Rifaat On Tue, May 8, 2018 at 3:26 AM, Mike Jones wrote: > Dear OAuth chairs, > > The editors of the JWT BCP published https://tools.ietf.org/html/ >

Re: [OAUTH-WG] Meeting Invite for the OAuth WG Virtual Office Hours

Hmmm, I did open webex and waited for 10 minutes :) I will be traveling this week, but I will discuss it with Hannes in the coming few days and we will start working on the write-ups for the MTLS and JWT BCP documents soon. Regards, Rifaat On Mon, Jun 18, 2018 at 12:48 PM Brian Campbell

Re: [OAUTH-WG] Publication has been requested for draft-ietf-oauth-device-flow-07

, Hollenbeck, Scott <shollenb...@verisign.com > wrote: > > -Original Message- > > From: OAuth [mailto:oauth-boun...@ietf.org] On Behalf Of Rifaat Shekh- > > Yusef > > Sent: Friday, January 05, 2018 12:30 PM > > To: e...@rtfm.com > > Cc: oauth@ie

[OAUTH-WG] Publication has been requested for draft-ietf-oauth-device-flow-07

Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-device-flow-07 as Proposed Standard on behalf of the OAUTH working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ ___ OAuth

Re: [OAUTH-WG] Device Flow Implementations

1> > daniel.lin...@curity.io > https://curity.io > > tors 4 jan. 2018 kl 18:06 skrev Daniel Lindau <dan...@twobo.com>: > >> >> -- Vidarebefordrat meddelande - >> Från: Rifaat Shekh-Yusef <rifaat.i...@gmail.com> >> Dat

Re: [OAUTH-WG] Device Flow Implementations

of at least one active production > deployment that uses this flow with our server. > > — Justin > > On Jan 4, 2018, at 8:27 AM, Rifaat Shekh-Yusef <rifaat.i...@gmail.com> > wrote: > > All, > > As part of the write-up for the Device Flow document, we ar

Re: [OAUTH-WG] Webex details for upcoming OAuth interim meetings

Hi Mike, It is a real challenge to accommodate all time zones around the world. We posted a Doodle Poll with two time slots per day, as you can see here: https://doodle.com/poll/erqrc75gtcmdgtru#table Based on the result of that poll, these time slots seem to be the most convenient for the

Re: [OAUTH-WG] Device Flow Implementations

s. > > > > Ciao > > Hannes > > > > *From:* OAuth [mailto:oauth-boun...@ietf.org] *On Behalf Of *Rifaat > Shekh-Yusef > *Sent:* 04 January 2018 14:28 > *To:* oauth > *Subject:* [OAUTH-WG] Device Flow Implementations > > > > All, > > >

Re: [OAUTH-WG] Device Flow Implementations

devices > in some projects. > > Latest documentation available here - https://backstage.forgerock. > com/docs/am/5.5/oauth2-guide/#rest-api-oauth2-device-flow > > Regards Simon > > On 04/01/18 13:27, Rifaat Shekh-Yusef wrote: > > All, > > As part of the

Re: [OAUTH-WG] Device Flow Implementations

4, 2018, at 5:27 AM, Rifaat Shekh-Yusef <rifaat.i...@gmail.com> > wrote: > > All, > > As part of the write-up for the Device Flow document, we are looking for > information about implementation for this document. > https://datatracker.ietf.org/doc/draft-ietf-oaut

[OAUTH-WG] Mutual OAuth interim meeting minutes

*Attendees*:Dick Hardt, Aaron Parecki, Brian Campbell, Dave Tonge, Eve Maler, John Bradley, Justin Richer, Nat Sakimura, Samuel Erdtman, Tim, Cappalli, Denis Pinkas, Bjorn Hjelm, Hannes Tschofenig, and Rifaat Shekh-Yusef. Dick presented the attached Mutual OAuth slides, which is the same slides

Re: [OAUTH-WG] Interim Meetings Doodle Poll

Happy New Year! This is a reminder about our plan for an interim meeting during the Jan 15-19 week. Please, take a look and sign up if you are interested in these topics. Regards, Rifaat & Hannes On Wed, Dec 13, 2017 at 2:52 PM, Rifaat Shekh-Yusef <rifaat.i...@gmail.com> wrote: >

Re: [OAUTH-WG] WGLC for OAuth 2.0 Device Flow for Browserless and Input Constrained Devices

William, I will start working on the write-up soon. Regards, Rifaat On Tue, Jan 2, 2018 at 4:07 PM, William Denniss wrote: > > On Fri, Dec 15, 2017 at 11:12 PM, Vladimir Dzhuvinov < > vladi...@connect2id.com> wrote: > >> On 15/12/17 00:43, William Denniss wrote: >> >

[OAUTH-WG] Device Flow Implementations

All, As part of the write-up for the Device Flow document, we are looking for information about implementation for this document. https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ We are aware of 3 implementations for this document by: Google, Facebook, and Microsoft. Are people

[OAUTH-WG] Device Flow - IPR Disclosure

Authors, As part of the write-up for the Device Flow document, we need an IPR disclosure from all of you. Are you aware of any IPR related to the following Device Flow document? https://datatracker.ietf.org/doc/draft-ietf-oauth-device-flow/ Regards, Rifaat

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

t < >>> tors...@lodderstedt.net> wrote: >>> >>>> I support adoption of this document. >>>> >>>> I would like to point out (again) a single resource is not sufficient >>>> for most use cases I implemented in the last couple if year

Re: [OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"

that into consideration when you submit your draft. Regards, Rifaat & Hannes On Thu, Jul 19, 2018 at 1:51 PM William Denniss wrote: > I support adoption of this document by the working group. > > > On Thu, Jul 19, 2018 at 10:43 AM, Rifaat Shekh-Yusef < > rifaat.i...@gmail.c

[OAUTH-WG] Montreal Sessions Minutes

All, We have posted the minutes of the two sessions in Montreal: 1st Session Minutes (Thanks to Mike & Justin): https://datatracker.ietf.org/meeting/102/materials/minutes-102-oauth-201807171550-00 2nd Session Minutes (Thanks to Tony):

[OAUTH-WG] Publication has been requested for draft-ietf-oauth-mtls-10

Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-mtls-10 as Proposed Standard on behalf of the OAUTH working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/ ___ OAuth mailing list

Re: [OAUTH-WG] OAuth WG Final Agenda

(PoP) Security Architecture https://tools.ietf.org/html/draft-ietf-oauth-pop-architecture-08 * Distributed OAuth - Dick (30 min) https://datatracker.ietf.org/doc/draft-hardt-oauth-distributed/ Regards, Rifaat & Hannes On Thu, Jul 12, 2018 at 9:48 AM Rifaat Shekh-Yusef wrote: &

Re: [OAUTH-WG] OAuth WG Final Agenda

*Presenters*, Please, send us your slides as soon as possible. Regards, Rifaat & Hannes. On Sat, Jul 14, 2018 at 6:48 PM Rifaat Shekh-Yusef wrote: > All, > > Here is our latest agenda update (might not be the last one): > https://datatracker.ietf.org/doc/agenda-102-

[OAUTH-WG] MTLS - IPR Disclosure

Authors, As part of the write-up for the OAuth MTLS document, we need an IPR disclosure from all of you. Are you aware of any IPR related to the following OAuth MTLS document? https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/ Regards, ___ OAuth

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-reciprocal-00.txt

Hi Dick, I too reviewed the document, and had similar questions in mind. I agree with Torsten, a figure would make it easier to follow and understand. Regards, Rifaat On Tue, Jul 17, 2018 at 12:01 PM Dick Hardt wrote: > Thanks for the review Torsten. All good points to be clarified in the

[OAUTH-WG] Shepherd write-up for draft-ietf-oauth-mtls-10

All, The following is the shepherd write-up for the draft-ietf-oauth-mtls-10 document: https://datatracker.ietf.org/doc/draft-ietf-oauth-mtls/shepherdwriteup/ Please, take a look and let us know if you have any comments. Regards, Rifaat & Hannes ___

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-mtls-10

words (rather than "PingIdentity"). > > Otherwise, it looks great. Thanks Rifaat! > > On Sat, Jul 21, 2018 at 3:25 PM, Rifaat Shekh-Yusef > wrote: > >> All, >> >> The following is the shepherd write-up for the draft-ietf-oauth-mtls-10 >> document: >

[OAUTH-WG] Call for adoption of "JWT Response for OAuth Token Introspection"

Hi all, This is the call for adoption of the 'JWT Response for OAuth Token Introspection' document following the presentation by Torsten at the Montreal IETF meeting where we didn't have a chance to do a call for adoption in the meeting itself. Here is presentation by Torsten:

[OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

Hi all, This is the call for adoption of the 'Resource Indicators for OAuth 2.0' document following the positive call for adoption at the Montreal IETF meeting. Here is the document: https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02 Please let us know by August 2nd

[OAUTH-WG] Call for adoption for "Distributed OAuth"

Hi all, This is the call for adoption of the 'Distributed OAuth' document following the positive call for adoption at the Montreal IETF meeting. Here is the document: https://datatracker.ietf.org/doc/draft-hardt-oauth-distributed/ Please let us know by August 2nd whether you accept / object to

Re: [OAUTH-WG] Call for adoption for "Resource Indicators for OAuth 2.0"

gt; -- Mike >> >> >> >> *From:* OAuth *On Behalf Of * Rifaat Shekh-Yusef >> *Sent:* Thursday, July 19, 2018 4:02 PM >> *To:* oauth >> *Subject:* [OAUTH-WG] Call for adoption for "Resource Indicators fo

Re: [OAUTH-WG] OAuth WG Final Agenda

ots? I > could be a presenter for several of them but don’t know whether I am or > not. ;-) > > > >-- Mike > > > > *From:* OAuth *On Behalf Of * Rifaat Shekh-Yusef > *Sent:* Thursday, July 12, 2018 6:48 AM &

[OAUTH-WG] OAuth WG - Important Dates

All, The following is a subset of the important date for IETF103: Important Dates IETF 103 : 2018-11-03, Bangkok, TH 2018-09-17 (Monday): Early Bird registration and payment cut-off at UTC 23:59. 2018-09-21 (Friday): Cut-off date for requests to schedule Working Group Meetings at UTC 23:59.

Re: [OAUTH-WG] OAuth WG draft agenda

Here is a link to our final agenda: https://datatracker.ietf.org/meeting/102/materials/agenda-102-oauth-00 Regards, Rifaat On Mon, Jul 9, 2018 at 10:42 AM Rifaat Shekh-Yusef wrote: > The following is a draft agenda for next week. > Please, let us know if you have any comments. >

Re: [OAUTH-WG] OAuth WG draft agenda

:) These are the day's sessions. On Tue, Jul 10, 2018 at 12:49 AM Dick Hardt wrote: > Besides being the oddness that session I happens after session II ... > looks ok! > > > On Mon, Jul 9, 2018 at 7:42 AM, Rifaat Shekh-Yusef > wrote: > >> The following is a

Re: [OAUTH-WG] OAuth WG draft agenda

l 9, 2018 at 9:48 PM, Dick Hardt wrote: > >> Besides being the oddness that session I happens after session II ... >> looks ok! >> >> >> On Mon, Jul 9, 2018 at 7:42 AM, Rifaat Shekh-Yusef > > wrote: >> >>> The following is a draft agenda for next

[OAUTH-WG] OAuth WG Final Agenda

All, The following is our agenda for the two sessions next week: https://datatracker.ietf.org/doc/agenda-102-oauth/ Web Authorization Protocol (OAuth) Meeting -- ** Tuesday 15:50-17:20 ** (90 minutes) * Chairs Update (15 min) * OAuth 2.0 Incremental

[OAUTH-WG] OAuth WG draft agenda

The following is a draft agenda for next week. Please, let us know if you have any comments. Regards, Rifaat & Hannes Web Authorization Protocol Meeting -- ** 15:50-17:20 *Tuesday *Afternoon session II ** (90 minutes) * Chairs Update (15 min) * OAuth 2.0

[OAUTH-WG] IETF101 Draft Agenda

Here is the draft agenda for our two sessions: *Monday* https://datatracker.ietf.org/meeting/101/materials/agenda-101-oauth-sessa *Wednesday* *https://datatracker.ietf.org/meeting/101/materials/agenda-101-oauth-sessb *

[OAUTH-WG] IETF101 Agenda

Hi, Here is the updated agenda for our two sessions: https://datatracker.ietf.org/meeting/101/materials/agenda-101-oauth-sessa Please, take a look and let us know if you have any comments. Regards, Rifaat & Hannes. ___ OAuth mailing list

Re: [OAUTH-WG] Call for agenda items

day, March 07, 2018 1:31 AM > *To:* Rifaat Shekh-Yusef <rifaat.i...@gmail.com> > *Cc:* oauth <oauth@ietf.org> > *Subject:* Re: [OAUTH-WG] Call for agenda items > > > > I hadn't previously been planning on it but am happy to do so. > > > > On Tue, Mar 6,

Re: [OAUTH-WG] Call for agenda items

Nat, During the interim meeting, 3 drafts mentioned in the context of *Distributed OAuth*: https://tools.ietf.org/html/draft-sakimura-oauth-meta-08 https://tools.ietf.org/html/draft-campbell-oauth-resource-indicators-02 https://tools.ietf.org/html/draft-tschofenig-oauth-audience-00 *Brian,

[OAUTH-WG] IETF101 OAuth Meeting Minutes

Hi, Here are the meeting minutes from the last IETF101 meeting in London: https://datatracker.ietf.org/meeting/101/materials/minutes-101-oauth-03 Please, let us know if you have any comments. Thanks to *Tony *& *Phil *for taking notes. Regards, Rifaat & Hannes

Re: [OAUTH-WG] Conflict review for draft-young-entity-category-07.txt

Adding the OAuth mailing list. Regards, Rifaat On Thursday, April 5, 2018, Eric Rescorla wrote: > Hi folks, > > I have been asked to shepherd the 5742 conflict review for this > document. I believe that the right answer here is: > > The IESG has concluded that there is

[OAUTH-WG] Call for Adoption: OAuth 2.0 Incremental Authorization

All, We would like to get a confirmation on the mailing list for the adoption of the *OAuth 2.0 Incremental Authorization* as a WG document https://datatracker.ietf.org/doc/draft-wdenniss-oauth-incremental-auth/ Please, let us know if you support or object to the adoption of this document.

[OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

All, As discussed during the meeting today, we are starting a WGLC on the MTLS document: *https://tools.ietf.org/html/draft-ietf-oauth-mtls-07 * Please, review the document and provide feedback on any issues you see with the document. The

[OAUTH-WG] IETF103 OAuth Final Agenda

All, Here is our final agenda for Bangkok: https://datatracker.ietf.org/meeting/103/materials/agenda-103-oauth-02 9:00-11:00 Tuesday Morning session I Chairs Update 10min Torsten Lodderstedt - draft-ietf-oauth-security-topics 30min -

Re: [OAUTH-WG] IETF103 OAuth Final Agenda

-exchange 5min Dick Hardt - draft-ietf-oauth-reciprocal 10min - draft-hardt-oauth-distributed 10min Regards, Rifaat & Hannes On Fri, Oct 12, 2018 at 1:25 PM Rifaat Shekh-Yusef wrote: > All, > > Here is our final agend

[OAUTH-WG] Publication has been requested for draft-ietf-oauth-jwt-bcp-03

Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-jwt-bcp-03 as Best Current Practice on behalf of the OAUTH working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-bcp/ ___ OAuth

Re: [OAUTH-WG] Meeting Invite for the OAuth WG Virtual Office Hours

Meeting is cancelled today because of the IIW this week. Regards, Rifaat & Hannes On Wed, May 16, 2018 at 1:39 PM Hannes Tschofenig wrote: > Hi all, > > > > Rifaat and I will again dial into the Webex next Monday to hear whether > someone of you has anything to discuss/report/suggest/…. > > >

Re: [OAUTH-WG] IETF103 OAuth Final Agenda

5min Dick Hardt - draft-ietf-oauth-reciprocal 10min - draft-hardt-oauth-distributed 10min Omer Levi Hevroni (remote) - draft-hevroni-oauth-seamless-flow 15min Regards, Rifaat & Hannes On Fri, Oct 12, 2018 at 1:25 PM Rifaat S

Re: [OAUTH-WG] Mail regarding draft-ietf-oauth-mtls

You might want to look at RFC6125 which covers this topic and provides recommendations for representing application in certificates: https://tools.ietf.org/html/rfc6125 Regards, Rifaat On Tue, Nov 6, 2018 at 3:53 PM Evan Gilman wrote: > Response(s) inline > > On Mon, Nov 5, 2018 at 11:53 PM

[OAUTH-WG] OAuth WG draft agenda for Bangkok

All, Here is our draft agenda for the Bangkok meeting: * Chairs Update * Torsten Lodderstedt - draft-ietf-oauth-security-topics - draft-ietf-oauth-jwt-introspection-response - openid-financial-api-jarm-wd * Omer Levi Hevroni (remote) - draft-hevroni-oauth-seamless-flow * Brian Campbell -

Re: [OAUTH-WG] OAuth WG meeting in Bangkok

oauth-token-exchange/ to > provide a brief update on any relevant happenings as these two make their > way through IESG processing. > > Thanks, > > > On Wed, Sep 19, 2018 at 2:51 AM Rifaat Shekh-Yusef > wrote: > >> All, >> >> So far we received requests

[OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

All, The following is the first shepherd write-up for the draft-ietf-oauth-resource-indicators-01 document. https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/shepherdwriteup/ Please, take a look and let me know if I missed anything. Regards, Rifaat

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

node-oidc-provider/blob/master/docs/configuration.md#featuresresourceindicators > > Sorry if my message caused confusion before. > > S pozdravem, > *Filip Skokan* > > > On Wed, 16 Jan 2019 at 22:33, Rifaat Shekh-Yusef > wrote: > >> All, >> >> The following is

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

check, prevention of token forwarding etc). > Same for Auth0, the audience parameter is a logical identifier rather than > a location. > > > > On Wed, Jan 16, 2019 at 6:32 PM Rifaat Shekh-Yusef > wrote: > >> All, >> >> The following is the first shephe

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

> >> From a security point of view once the client starts asking for logical >> resources it can be tricked into asking for the wrong one as a bad resource >> can always lie about what logical resource it is. >> >> If we were to change it, how a client

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

ps that's too much to be left as an exerciser to the reader? And > some text should be added and/or adjusted so the resource-indicators draft > would be a little more open/clear about the parameter value potentially > being more of a logical or abstract identifier and not necessarily a &

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

AM >>>> *To:* Brian Campbell >>>> *Cc:* Vittorio Bertocci ; IETF >>>> oauth WG >>>> *Subject:* Re: [OAUTH-WG] Shepherd write-up for >>>> draft-ietf-oauth-resource-indicators-01 >>>> >>>> >>>> >>>&

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

gt; Cheers, > V. > > On Mon, Jan 21, 2019 at 9:35 AM Rifaat Shekh-Yusef > wrote: > >> Brian, Vittorio, >> >> To move this discussion forward, can you guys suggest some text to make >> the logical identifier usage clearer? >> >> Regards, >> Rifaat &

Re: [OAUTH-WG] OAuth Security Topics -- Recommend authorization code instead of implicit

Hi Torsten, I am assuming that these recommendations are mainly for Public Clients, not Confidential Clients; is that correct? Regards, Rifaat On Sun, Nov 25, 2018 at 12:33 PM Torsten Lodderstedt < tors...@lodderstedt.net> wrote: > Hi all, > > I would like to state again what the proposal of

Re: [OAUTH-WG] OAuth Security Topics -- Recommend authorization code instead of implicit

I suspect. Perhaps > a errata could be looked at. > > John B. > > > On Sun, Nov 25, 2018, 4:55 PM Rifaat Shekh-Yusef wrote: > >> RFC6749, Section 3.1.2.2, implies that Implicit is not limited to public >> clients: >> >> 3.1.2.2 <

[OAUTH-WG] WGLC: draft-ietf-oauth-resource-indicators-01

All, As discussed during the meeting in Bangkok, we are starting a WGLC on the Resource Indicators document: https://tools.ietf.org/html/draft-ietf-oauth-resource-indicators-01 Please, review the document and provide feedback on any issues you see with the document. The WGLC will end on

Re: [OAUTH-WG] OAuth Security Topics -- Recommend authorization code instead of implicit

> client. There were some posts about this topic on the list recently. > > Does this answer your question? > > kind regards, > Torsten. > > > Am 25.11.2018 um 19:22 schrieb Rifaat Shekh-Yusef >: > > > > Hi Torsten, > > > > I am assuming that thes

[OAUTH-WG] Resource Indicators - IPR Disclosure

Authors, As part of the write-up for the Resource Indicators document, we need an IPR disclosure from all of you. Are you aware of any IPR related to the following Resource Indicators document? https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/ Regards, Rifaat

[OAUTH-WG] Resource Indicators Implementations

All, As part of the write-up for the Resource Indicators document, we are looking for information about implementations for this document. https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/ Please, let us know if you are aware of any implementation for this draft. Regards,

[OAUTH-WG] OAuth WG meeting in Bangkok

All, So far we received requests for time-slots for the following topics: - draft-ietf-oauth-security-topics - draft-ietf-oauth-jwt-introspection-response - openid-financial-api-jarm-wd - draft-hevroni-oauth-seamless-flow The deadline for scheduling a WG meeting is this coming Friday. Any other

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

u have the meeting organizer update the > calendar entry? > > > > Thanks, > > -- Mike > > > > *From:* Rifaat Shekh-Yusef > *Sent:* Thursday

Re: [OAUTH-WG] OAuth Digest, Vol 123, Issue 56

qu...@ietf.org >> > >> > You can reach the person managing the list at >> > oauth-ow...@ietf.org >> > >> > When replying, please edit your Subject line so it is more specific >> > than "Re: Contents of OAuth digest..." >> > >> > >> > T

Re: [OAUTH-WG] Resource Indicators - IPR Disclosure

, Rifaat On Mon, Jan 7, 2019 at 8:01 AM Brian Campbell wrote: > I am not aware of any IPR related to this document. > > On Fri, Jan 4, 2019 at 8:43 AM Rifaat Shekh-Yusef > wrote: > >> Authors, >> >> As part of the write-up for the Resource Indicators document,

[OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-02

All, The following is the updated shepherd write-up for the draft-ietf-oauth-resource-indicators-02 document. https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/shepherdwriteup/ Please, take a look and let me know if I missed anything. Regards, Rifaat

[OAUTH-WG] Publication has been requested for draft-ietf-oauth-resource-indicators-02

Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-resource-indicators-02 as Proposed Standard on behalf of the OAUTH working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-02

833b704f5cc59ce48f96d >> >> >> >> On Tue, Feb 26, 2019 at 6:29 AM Rifaat Shekh-Yusef >> wrote: >> >>> All, >>> >>> The following is the updated shepherd write-up for the >>> draft-ietf-oauth-resource-indicators-02 document. &

[OAUTH-WG] OAuth WG Virtual meeting this week

All, The meeting time for this week has not changed, which means it will be one hour later for people that moved to Daylight Savings Time (1:00pm Eastern Time). Regards, Rifaat ___ OAuth mailing list OAuth@ietf.org

  1   2   3   4   5   >