Re: [OAUTH-WG] Scoring OAuth authorization servers on best practices

2023-04-06 Thread Joseph Heenan
Hi It’s not exactly what you asked for, but https://oauch.io/ was aiming to do this - although the online site currently seems to give a 500 error after logging in for me. I’m sure the team behind it were planning to publish the results of the tool, but I can’t remember if they did yet.

Re: [OAUTH-WG] Scoring OAuth authorization servers on best practices

2023-04-06 Thread Amir Sharif
Hi, As Joseph already mentioned oauch tool aims to do that and their results have been published in a paper available here . In addition to OAuch, another example of a tool that can be used for the same purpose is Micro-ID-Gym (MIG) that you

[OAUTH-WG] [IANA #1270467] expert review for draft-ietf-oauth-dpop (oauth-parameters)

2023-04-06 Thread David Dong via RT
Dear Hannes, As the designated expert for the OAuth Access Token Types, OAuth Extensions Error and OAuth Parameters registries, can you review the proposed registration in draft-ietf-oauth-dpop for us? Please see: https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ The due date is

Re: [OAUTH-WG] [IANA #1270471] expert review for draft-ietf-oauth-dpop (jwt)

2023-04-06 Thread Brian Campbell
Thanks David, I approve the JWT claims registrations. On Thu, Apr 6, 2023 at 9:39 AM David Dong via RT < drafts-expert-review-comm...@iana.org> wrote: > Dear John, Brian, Michael and Chuck (cc: oauth WG), > > As the designated experts for the JSON Web Token Claims registry, can you > review the

[OAUTH-WG] [IANA #1270470] expert review for draft-ietf-oauth-dpop (jwt)

2023-04-06 Thread David Dong via RT
Dear John and Hannes (cc: oauth WG), As the designated experts for the JWT Confirmation Methods registry, can you review the proposed registration in draft-ietf-oauth-dpop for us? Please see: https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ The due date is Wednesday April 12th, 2023.

[OAUTH-WG] [IANA #1270471] expert review for draft-ietf-oauth-dpop (jwt)

2023-04-06 Thread David Dong via RT
Dear John, Brian, Michael and Chuck (cc: oauth WG), As the designated experts for the JSON Web Token Claims registry, can you review the proposed registration in draft-ietf-oauth-dpop for us? Please see: https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ The due date is Wednesday April

Re: [OAUTH-WG] [IANA #1270471] expert review for draft-ietf-oauth-dpop (jwt)

2023-04-06 Thread Mike Jones
I likewise approve. -- Mike From: Brian Campbell Sent: Thursday, April 6, 2023 9:50 AM To: drafts-expert-review-comm...@iana.org Cc: ve7...@ve7jtb.com; Mike Jones ; charliemortim...@gmail.com; jwt-reg-rev...@ietf.org;

[OAUTH-WG] [IANA #1270468] expert review for draft-ietf-oauth-dpop (oauth-parameters)

2023-04-06 Thread David Dong via RT
Dear Justin (cc: oauth WG), As the designated expert for the OAuth Dynamic Client Registration Metadata registry, can you review the proposed registration in draft-ietf-oauth-dpop for us? Please see: https://datatracker.ietf.org/doc/draft-ietf-oauth-dpop/ The due date is Wednesday April 12th,

[OAUTH-WG] Scoring OAuth authorization servers on best practices

2023-04-06 Thread M Hickford
Has anyone tried scoring how well public OAuth authorization servers follow tbe best practices described in https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics ? I scored some software forges including GitHub, GitLab, BitBucket on a subset of best practices