Hi all, after several discussions we believe that we now have a proposal for moving forward on this topic. We plan to update the expired draft <draft-ietf-oauth-pop-key-distribution-03> and (1) remove the audience parameter and replace it with a separately-specified resource parameter, (2) remove the alg parameter, (3) update the procedures for requesting and obtaining keying material, (4) Synchronize with the ACE and WebRTC work to make sure that their use cases are appropriately covered.
Regarding (1): The meeting participants have decided to standardize an audience-alike parameter (in the form of a requested resource identifier) at this weeks IETF OAuth meeting. For that purpose, working group adoption of draft-campbell-oauth-resource-indicators is under way. Only a reference to that document will be needed. Regarding (2): Removal of the alg parameter will simplify the document and does not appear to be necessary for the currently investigated use cases. This assumption will have to be verified. Regarding (3): Currently, the ACE-OAuth document and the <draft-ietf-oauth-pop-key-distribution-03> use different parameter names. Furthermore, those parameter names may be in conflict with other, already standardized parameter names. Hence, some parameters may need to be renamed. The plan is to focus on the following, minimal functionality only: server-side symmetric key generation and client-side public key registration to the AS. Furthermore, the encoding of the key transport will have to take the different token formats and protocols into account. This approach will allow the ACE and WebRTC work to reference the generic PoP key distribution document without having to specify their own duplicate functionality. We are planning to update <draft-ietf-oauth-pop-key-distribution-03> next week to have something to review. Ciao Hannes & Rifaat IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth