[OAUTH-WG] Canceled Webex meeting: OAuth WG Virtual Office Hours

;CN="oauth@ietf.org";ROLE=REQ-PARTICIPANT;RSVP=TRUE:MAILTO:oauth@ietf.org ORGANIZER;CN="Rifaat Shekh-Yusef":MAILTO:oauth-cha...@ietf.org DTSTART;TZID=America/New_York:20240814T12 DTEND;TZID=America/New_York:20240814T123000 LOCATION:https://ietf.webex.com/ietf TRANSP:OPAQUE

[OAUTH-WG] Canceled Webex meeting: OAuth WG Virtual Office Hours

;CN="oauth@ietf.org";ROLE=REQ-PARTICIPANT;RSVP=TRUE:MAILTO:oauth@ietf.org ORGANIZER;CN="Rifaat Shekh-Yusef":MAILTO:oauth-cha...@ietf.org DTSTART;TZID=America/New_York:20240828T12 DTEND;TZID=America/New_York:20240828T123000 LOCATION:https://ietf.webex.com/ietf TRANSP:OPAQUE

[OAUTH-WG] WGLC for SD-JWT

All, As per the discussion in Vancouver, this is a WG Last Call for the *SD-JWT * document. https://www.ietf.org/archive/id/draft-ietf-oauth-selective-disclosure-jwt-11.html Please, review this document and reply on the mailing list if you have any comments or concerns, by *Sep 17th*. Regards,

[OAUTH-WG] Call for adoption - First Party Apps

All, As per the discussion in Vancouver, this is a call for adoption for the First Party Apps draft: https://datatracker.ietf.org/doc/draft-parecki-oauth-first-party-apps/ Please, reply on the mailing list and let us know if you are in favor or against adopting this draft as WG document, by *Sep

[OAUTH-WG] Call for adoption - PIKA

All, As per the discussion in Vancouver, this is a call for adoption for the *Proof of Issuer Key Authority (PIKA) *draft: https://datatracker.ietf.org/doc/draft-barnes-oauth-pika/ Please, reply on the mailing list and let us know if you are in favor or against adopting this draft as WG document,

[OAUTH-WG] Resource Indicators Implementations

All, As part of the write-up for the Resource Indicators document, we are looking for information about implementations for this document. https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/ Please, let us know if you are aware of any implementation for this draft. Regards, R

[OAUTH-WG] Resource Indicators - IPR Disclosure

Authors, As part of the write-up for the Resource Indicators document, we need an IPR disclosure from all of you. Are you aware of any IPR related to the following Resource Indicators document? https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/ Regards, Rifaat __

[OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

All, The following is the first shepherd write-up for the draft-ietf-oauth-resource-indicators-01 document. https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/shepherdwriteup/ Please, take a look and let me know if I missed anything. Regards, Rifaat __

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

node-oidc-provider/blob/master/docs/configuration.md#featuresresourceindicators > > Sorry if my message caused confusion before. > > S pozdravem, > *Filip Skokan* > > > On Wed, 16 Jan 2019 at 22:33, Rifaat Shekh-Yusef > wrote: > >> All, >> >> The following is

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

ownership check, prevention of token forwarding etc). > Same for Auth0, the audience parameter is a logical identifier rather than > a location. > > > > On Wed, Jan 16, 2019 at 6:32 PM Rifaat Shekh-Yusef > wrote: > >> All, >> >> The following is the fi

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

e AT. >> >> From a security point of view once the client starts asking for logical >> resources it can be tricked into asking for the wrong one as a bad resource >> can always lie about what logical resource it is. >> >> If we were to change it, how

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

e the draft is okay as is? > > Or perhaps that's too much to be left as an exerciser to the reader? And > some text should be added and/or adjusted so the resource-indicators draft > would be a little more open/clear about the parameter value potentially > being more of a logi

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

f * John Bradley >>>> *Sent:* Saturday, January 19, 2019 9:01 AM >>>> *To:* Brian Campbell >>>> *Cc:* Vittorio Bertocci ; IETF >>>> oauth WG >>>> *Subject:* Re: [OAUTH-WG] Shepherd write-up for >>>> draft-ietf-oauth-resourc

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

rs, > V. > > On Mon, Jan 21, 2019 at 9:35 AM Rifaat Shekh-Yusef > wrote: > >> Brian, Vittorio, >> >> To move this discussion forward, can you guys suggest some text to make >> the logical identifier usage clearer? >> >> Regards, >> Rifaat &

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-01

u have the meeting organizer update the > calendar entry? > > > > Thanks, > > -- Mike > > > > *From:* Rifaat Shekh-Yusef > *Sent:* Thursday

Re: [OAUTH-WG] OAuth Digest, Vol 123, Issue 56

gt; > oauth-requ...@ietf.org >> > >> > You can reach the person managing the list at >> > oauth-ow...@ietf.org >> > >> > When replying, please edit your Subject line so it is more specific >> > than "Re: Contents of OAuth digest..." >> > >

Re: [OAUTH-WG] Fixed "OAuth WG Virtual Office Hours" Conference Bridge

All, Unfortunately, Hannes and I cannot attend this meeting today, so we are canceling the meeting for this week. Regards, Rifaat On Wed, Jan 16, 2019 at 10:19 AM Hannes Tschofenig < hannes.tschofe...@arm.com> wrote: > Rifaat noticed that the distributed Outlook calendar invite was incorrect.

Re: [OAUTH-WG] Resource Indicators - IPR Disclosure

, Rifaat On Mon, Jan 7, 2019 at 8:01 AM Brian Campbell wrote: > I am not aware of any IPR related to this document. > > On Fri, Jan 4, 2019 at 8:43 AM Rifaat Shekh-Yusef > wrote: > >> Authors, >> >> As part of the write-up for the Resource Indicators document,

[OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-02

All, The following is the updated shepherd write-up for the draft-ietf-oauth-resource-indicators-02 document. https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indicators/shepherdwriteup/ Please, take a look and let me know if I missed anything. Regards, Rifaat

Re: [OAUTH-WG] Shepherd write-up for draft-ietf-oauth-resource-indicators-02

833b704f5cc59ce48f96d >> >> >> >> On Tue, Feb 26, 2019 at 6:29 AM Rifaat Shekh-Yusef >> wrote: >> >>> All, >>> >>> The following is the updated shepherd write-up for the >>> draft-ietf-oauth-resource-indicators-02 document. &

[OAUTH-WG] Publication has been requested for draft-ietf-oauth-resource-indicators-02

Rifaat Shekh-Yusef has requested publication of draft-ietf-oauth-resource-indicators-02 as Proposed Standard on behalf of the OAUTH working group. Please verify the document's state at https://datatracker.ietf.org/doc/draft-ietf-oauth-resource-indic

[OAUTH-WG] OAuth WG Virtual meeting this week

All, The meeting time for this week has not changed, which means it will be one hour later for people that moved to Daylight Savings Time (1:00pm Eastern Time). Regards, Rifaat ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo

[OAUTH-WG] Nested JWT draft

Hi, I have just submitted the following short draft with some *initial thoughts *on extending the Nested JWT concept defined in the RFC7519, to allow the enclosing JWT to have its own Claims Set. https://www.ietf.org/id/draft-yusef-oauth-nested-jwt-00.txt I would appreciate any reviews and commen

[OAUTH-WG] Draft Agenda for IETF104 OAuth WG meetings

All, The following links have our draft agenda for the two sessions: https://datatracker.ietf.org/meeting/104/materials/agenda-104-oauth-sessa-00 https://datatracker.ietf.org/meeting/104/materials/agenda-104-oauth-sessb-00 Please, take a look and let us know if you have any comments. Regards,

Re: [OAUTH-WG] Draft Agenda for IETF104 OAuth WG meetings

Use the following links instead: https://datatracker.ietf.org/doc/agenda-104-oauth-sessa/ https://datatracker.ietf.org/doc/agenda-104-oauth-sessb/ Regards, Rifaat On Wed, Mar 13, 2019 at 1:37 PM Rifaat Shekh-Yusef wrote: > All, > > The following links have our draft agenda fo

[OAUTH-WG] WGLC on draft-ietf-oauth-jwt-introspection-response-02

All, As discussed during the meeting in Prague, we are starting a WGLC on the *JWT Response for OAuth Token Introspection* document: https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-introspection-response/ Please, review the document and provide feedback on any issues you see with the docume

[OAUTH-WG] IETF104 OAuth WG Minutes

All, Thanks to Tony Nadalin for taking the minutes for the OAuth sessions: https://datatracker.ietf.org/meeting/104/materials/minutes-104-oauth-00 Please, take a look and let us know if you have any comments. Regards, Rifaat & Hannes ___ OAuth mailin

Re: [OAUTH-WG] Call for adoption: JWT Usage in OAuth2 Access Tokens

Thanks you all for your comments. Based on this feedback, we think that there is good support for this to become a WG document. *Vittorio*, Please, go ahead and submit a new WG draft. Regards, Rifaat & Hannes On Tue, Apr 16, 2019 at 4:13 AM Schanzenbach, Martin < martin.schanzenb...@aisec.

Re: [OAUTH-WG] WGLC on draft-ietf-oauth-jwt-introspection-response-02

All, We have not received any comment during this WGLC, so we assume that WG agrees with moving this forward. Regards, Rifaat On Mon, Apr 8, 2019 at 2:05 PM Rifaat Shekh-Yusef wrote: > All, > > As discussed during the meeting in Prague, we are starting a WGLC on the *JWT > Respon

[OAUTH-WG] JWT Response for OAuth Token Introspection implementations

All, As part of the shepherd write-up for the *JWT Response for OAuth Token Introspection* draft, we are looking for information about implementations for this document: https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-introspection-response/ Are you aware of any implementations? Regards,

Re: [OAUTH-WG] JWT Response for OAuth Token Introspection implementations

t; > Best, > Filip > > Odesláno z iPhonu > > 2. 5. 2019 v 22:46, Rifaat Shekh-Yusef : > > All, > > As part of the shepherd write-up for the *JWT Response for OAuth Token > Introspection* draft, we are looking for information about > implementations for this doc

Re: [OAUTH-WG] JWT Response for OAuth Token Introspection implementations

Thanks Vladimir! On Mon, May 6, 2019 at 2:40 PM Vladimir Dzhuvinov wrote: > Hi Rifaat, > > On 02/05/2019 23:46, Rifaat Shekh-Yusef wrote: > > All, > > > > As part of the shepherd write-up for the *JWT Response for OAuth Token > > Introspection* draft, we

Re: [OAUTH-WG] JWT Response for OAuth Token Introspection implementations

lter > We might move that to a different service within the platform at a later > stage. > > HTH > > Steffo > > > On 2. May 2019, at 22:46, Rifaat Shekh-Yusef > wrote: > > > > All, > > > > As part of the shepherd write-up for the JWT Response for OA

[OAUTH-WG] OAuth WG Virtual Office

All, Unfortunately Hannes and I have conflicts and will not be able to join the meeting today. Regards, Rifaat & Hannes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] OAuth WG Sessions in Montreal

All, Please, let us know if you have any topics that you would like to discuss in Montreal. Regards, Rifaat & Hannes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

[OAUTH-WG] JWT Response for OAuth Token Introspection - IPR Disclosure

Torsten and Vladimir, As part of the shepherd write-up for the *JWT Response for OAuth Token Introspection* document, we need an IPR disclosure from you. Are you aware of any IPRs related to this document? https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-introspection-response/ Regards, Ri

[OAUTH-WG] Shepherd write-up for draft-ietf-oauth-jwt-introspection-response-03

All, The following is the shepherd write-up for the draft-ietf-oauth-jwt-introspection-response-03 document: https://datatracker.ietf.org/doc/draft-ietf-oauth-jwt-introspection-response/shepherdwriteup/ Please, take a look and let us know if you have any comments. Regards, Rifaat __

[OAUTH-WG] Fwd: New Version Notification for draft-yusef-oauth-nested-jwt-01.txt

-oauth-nested-jwt-01.txt To: Rifaat Shekh-Yusef A new version of I-D, draft-yusef-oauth-nested-jwt-01.txt has been successfully submitted by Rifaat Shekh-Yusef and posted to the IETF repository. Name: draft-yusef-oauth-nested-jwt Revision: 01 Title: Nested JSON Web Token

[OAUTH-WG] IETF105 OAuth WG Draft Agenda

All, Here is our draft agenda for the two sessions we have planned for Montreal: https://datatracker.ietf.org/meeting/105/materials/agenda-105-oauth-00 Please, take a look and let us know if you have any comments. Regards, Rifaat & Hannes ___ OAuth ma

[OAUTH-WG] OAuth WG Presentations

Presenters, The datatracker tool now allows you to upload your slides to meeting materials page. After you login to datatracker, go to the following link, and you should see a Propose Slides button in the slides section to allow you to upload your slides. https://datatracker.ietf.org/meeting/105/s

Re: [OAUTH-WG] IETF105 OAuth WG Draft Agenda

t; overview of AWS SigV4 signing and some of the lessons that went into its > design. > > > > Thoughts? > > > > -- > > Annabelle Richard Backman > > AWS Identity > > > > > > *From: *OAuth on behalf of Dick Hardt < > dick.ha...@gma

[OAUTH-WG] IETF105 OAuth Meetings Minutes

All, Thanks to Aaron, Phil, and Tony we have the following notes for our two sessions: Tuesday session: https://datatracker.ietf.org/meeting/105/materials/minutes-105-oauth-201907231520-00 Friday session: https://datatracker.ietf.org/meeting/105/materials/minutes-105-oauth-201907261000-01 Pleas

[OAUTH-WG] Fwd: New Version Notification for draft-yusef-oauth-nested-jwt-02.txt

-yusef-oauth-nested-jwt-02.txt To: Rifaat Shekh-Yusef A new version of I-D, draft-yusef-oauth-nested-jwt-02.txt has been successfully submitted by Rifaat Shekh-Yusef and posted to the IETF repository. Name: draft-yusef-oauth-nested-jwt Revision: 02 Title: Nested JSON Web

Re: [OAUTH-WG] Help

I have unsubscribed and banned this person from the list. Regards, Rifaat On Thu, Sep 5, 2019 at 11:18 AM Vanessa Andor wrote: > >1. Re: Benjamin Kaduk's No Objection on > draft-ietf-oauth-resource-indicators-05: (with COMMENT) > (Benjamin Kaduk) >2. Re: Benjamin Kaduk's N

[OAUTH-WG] WGLC on draft-ietf-oauth-reciprocal-04

All, We are starting a WGLC on the Reciprocal OAuth document: https://datatracker.ietf.org/doc/draft-ietf-oauth-reciprocal/ Please, review the document and provide feedback on any issues you see with the document. The WGLC will end 20-September-2019. Regards, Rifaat and Hannes

[OAUTH-WG] Fwd: New Version Notification for draft-yusef-oauth-nested-jwt-03.txt

draft-yusef-oauth-nested-jwt-03.txt To: Rifaat Shekh-Yusef A new version of I-D, draft-yusef-oauth-nested-jwt-03.txt has been successfully submitted by Rifaat Shekh-Yusef and posted to the IETF repository. Name: draft-yusef-oauth-nested-jwt Revision: 03 Title: Nested JSON

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt

You might want to look at RFC7239, which is trying to address the issue of the loss of information by proxies. https://tools.ietf.org/html/rfc7239 The document does not have a parameter to carry the client certificate information, but it allows for new parameters to be defined. Would that help in

Re: [OAUTH-WG] client certs and TLS Terminating Reverse Proxies (was Re: I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt)

estration tools, e.g. Istio, that easily allows you to establish an MTLS channel between the reverse proxy/load balancer/API GW and the backend servers. Why is that not sufficient? Which part is cumbersome? Regards, Rifaat > > > On Fri, Oct 25, 2019 at 8:02 AM Rifaat Shekh-Yusef >

Re: [OAUTH-WG] client certs and TLS Terminating Reverse Proxies (was Re: I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt)

the client certificate information? You seem suggest that the answer is yes. If so, can you please elaborate on why is that? Regards, Rifaat On Mon, Oct 28, 2019 at 8:42 AM Brian Campbell wrote: > > > On Sat, Oct 26, 2019 at 3:55 PM Rifaat Shekh-Yusef > wrote: > >> &g

Re: [OAUTH-WG] client certs and TLS Terminating Reverse Proxies (was Re: I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt)

;t think there's anything beyond defining something to carry the > client certificate information (including the format and encoding). And it > could well be a new RFC7239 parameter. Or it might just be a new HTTP > header on its own. > > On Mon, Oct 28, 2019 at 9:05 AM Rifaat Shekh

Re: [OAUTH-WG] client certs and TLS Terminating Reverse Proxies (was Re: I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt)

On Mon, Oct 28, 2019 at 12:48 PM Salz, Rich wrote: > Sorry for jumping into this late. > > > > Client <--> proxy <--> backend > > > > The C/P side is protected by TLS. There must be similar protection on the > P/B side, such as client-cert, or a signature over the certificate being > forwarded,

Re: [OAUTH-WG] client certs and TLS Terminating Reverse Proxies (was Re: I-D Action: draft-ietf-oauth-jwt-introspection-response-08.txt)

Maybe I misunderstood what you meant by "client-cert". If you meant the proxy client certificate, then that is obviously not enough. You seem to suggest that you meant the remote client certificate to be installed on the proxy to be used with the backend system; if this is the case, then this would

Re: [OAUTH-WG] oauth - New Meeting Session Request for IETF 106

chofenig, a Chair of the oauth working group. >>>> >>>> >>>> - >>>> Working Group Name: Web Authorization Protocol >>>> Area Name:

Re: [OAUTH-WG] oauth - New Meeting Session Request for IETF 106

ore anima > > Technology Overlap: ace secevent teep suit core tokbind saag > > > > > > > > People who must be present: > > Roman Danyliw > > Hannes Tschofenig > > Rifaat Shekh-Yusef > > > > Resources Requested: > > > > Speci

Re: [OAUTH-WG] oauth - New Meeting Session Request for IETF 106

atracker.ietf.org/meeting/106/important-dates/ > > On Fri, Nov 1, 2019 at 5:37 PM Rifaat Shekh-Yusef > wrote: > > > > Hi Spencer > > > > Sure. When are yo planning on submitting the draft? > > > > Regards, > > Rifaat > > > > > >

[OAUTH-WG] OAuth WG Draft Agenda

All, The following is our draft agenda for the two sessions in Singapore: *Wednesday’s Agenda* Chairs Update (15 min) Security Topics – Torsten (15 min) Browser-based Apps – Aaron (30 min) TXAuth update – Dick/Justin (15 min) DPoP – Brian (15 min) *Thursday’s Agenda* Rich Authorization – Tors

[OAUTH-WG] OAuth WG Agenda

All, We did not receive any comments about the draft agenda. Here is the agenda for next week: https://datatracker.ietf.org/doc/agenda-106-oauth/ *Wednesday’s Agenda* Chairs Update (15 min) Security Topics – Torsten (15 min) Browser-based Apps – Aaron (30 min) TXAuth update – Dick/Justin (15 m

Re: [OAUTH-WG] OAuth WG Agenda

uncated due to time constraints and/or overrun. Can I > make a preemptive request for use of that buffer time on Thursday at the > top of that session, if needed, to finish up? > > On Mon, Nov 11, 2019 at 10:23 AM Rifaat Shekh-Yusef > wrote: > >> All, >> >> We did not rec

Re: [OAUTH-WG] OAuth WG Agenda

Authorization – Torsten (20 min) Client Intermediary Metadata – Aaron (20 min) Authorization Framework: Claims – Travis (20 min) Regards, Rifaat On Mon, Nov 11, 2019 at 12:22 PM Rifaat Shekh-Yusef wrote: > All, > > We did not receive any comments about the draft agenda. > > Her

Re: [OAUTH-WG] Recent spam

Thanks Neil, The chairs are aware of the issue, as we receive notifications to approve these messages sent by non-members. We have been receiving these emails for few weeks now, and Glen from IETF IT is also aware of the issue and he took some measures to try to address this. Glen also contacted t

Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: New Version Notification for draft-fett-oauth-dpop-03.txt

On Mon, Dec 2, 2019 at 4:35 PM Richard Backman, Annabelle wrote: > > Session cookies serve the same purpose in web apps as access tokens for > APIs but there are much more web apps than APIs. I use the analogy to > illustrate that either there are security issues with cloud deployments of > web a

Re: [OAUTH-WG] [UNVERIFIED SENDER] Re: [UNVERIFIED SENDER] Re: New Version Notification for draft-fett-oauth-dpop-03.txt

the enterprise’s legitimate > traffic looks just like questionable traffic. > > > > – > > Annabelle Richard Backman > > AWS Identity > > > > > > *From: *Rifaat Shekh-Yusef > *Date: *Tuesday, December 3, 2019 at 5:21 AM > *To: *"Richard Backman, Annabe

[OAUTH-WG] Call for Adoption: OAuth 2.0 Pushed Authorization Requests

All, This is a call for adoption of for the OAuth 2.0 Pushed Authorization Requests document. https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-par/ There was a good support for this document during the Singapore meeting, and on the mailing list in the Meeting Minutes thread. Please, let

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Pushed Authorization Requests

; > - Justin > > On Dec 17, 2019, at 7:59 AM, Rifaat Shekh-Yusef > wrote: > > All, > > This is a call for adoption of for the OAuth 2.0 Pushed Authorization > Requests document. > https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-par/ > > There was a go

[OAUTH-WG] Call for Adoption: OAuth 2.0 Rich Authorization Requests

All, This is a call for adoption for the *OAuth 2.0 Rich Authorization Requests* document. https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-rar/ Please, let us know if you support or object to the adoption of this document as a working group document by Jan 20th. Regards, Rifaat & Hanne

[OAUTH-WG] OAuth Topics for Vancouver

All, Please, let us know if you have any topics that you would like to present and discuss in Vancouver. Regards, Rifaat & Hannes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] Call for Adoption: OAuth 2.0 Rich Authorization Requests

All, Based on the feedback received, we believe that the WG has decided to adopt this draft as a WG document. Authors, please submit a new WG draft. Regards, Rifaat & Hannes On Mon, Jan 6, 2020 at 2:37 PM Rifaat Shekh-Yusef wrote: > All, > > This is a call for adoption for t

Re: [OAUTH-WG] OAuth Topics for Vancouver

the activities at the FAPI working group. > > -Daniel > > Am 20.01.20 um 16:32 schrieb Rifaat Shekh-Yusef: > > All, > > Please, let us know if you have any topics that you would like to present > and discuss in Vancouver. > > Regards, > Rifaat & Hanne

Re: [OAUTH-WG] OAuth 2.0 DPoP for the Implicit Flow

Mike, What was the reason for creating a separate draft for this? Why cannot this be folded into the exiting DPoP draft? Regards, Rifaat On Mon, Mar 9, 2020 at 8:12 PM Mike Jones wrote: > As I previously described , members of > the OAuth working group have

[OAUTH-WG] Fwd: IETF 107 Vancouver In-Person Meeting Cancelled

I am forwarding this to the list, just in case people do not follow the announcement and IETF lists. Regards, Rifaat -- Forwarded message - From: The IESG Date: Tue, Mar 10, 2020 at 3:11 PM Subject: IETF 107 Vancouver In-Person Meeting Cancelled To: IETF Announcement List Cc:

Re: [OAUTH-WG] OAuth Digest, Vol 137, Issue 41

> > draft-ietf-oauth-jwt-introspection-response-08: (with DISCUSS and >> > COMMENT) (Benjamin Kaduk) >> >2. Re: OAuth 2.0 Token Introspection in RFC7662 : Refresh token? >> > (David Waite) >> >3. Re: OAuth 2.0 Token Introspectio

Re: [OAUTH-WG] OAuth WG Virtual Meeting During IETF 107?

We are actually considering scheduling a *series of interim meetings *and discuss one or two subject in each one of these meetings to give each topic the time it deserves, similar to the last interim meeting we did around the PoP topic. This will allow us to choose the right time for most people, a

Re: [OAUTH-WG] OAuth WG Virtual Meeting During IETF 107?

After we send the minutes to list. We will do that soon. Regards, Rifaat On Sat, Mar 14, 2020 at 6:11 AM Torsten Lodderstedt wrote: > > > > Am 13.03.2020 um 18:53 schrieb Rifaat Shekh-Yusef >: > > > > similar to the last interim meeting we did around the PoP top

[OAUTH-WG] Call for Adoption: DPoP

All, As per the conclusion of the PoP interim meeting, this is a call for adoption for the *OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer (DPoP)* document: https://datatracker.ietf.org/doc/draft-fett-oauth-dpop/ Please, let us know if you support or object to the adoptio

Re: [OAUTH-WG] Meeting Notes (9th March 2020)

The slides that Brian presented, and the minutes with a link to the recording of the meeting are now available on the following link: https://datatracker.ietf.org/meeting/interim-2020-oauth-02/session/oauth Regards, Rifaat On Tue, Mar 17, 2020 at 8:12 AM Hannes Tschofenig wrote: > Participant

Re: [OAUTH-WG] IETF 107 Virtual OAuth Sessions

Yes, these will "*official* interim meetings with all the bells and whistles" Regards, Rifaat On Fri, Mar 27, 2020 at 11:13 AM Brian Campbell wrote: > Sounds okay to me (though I'm lucky that it's convenient for my timezone). > > I assume these will be *official* interim meetings with all the

Re: [OAUTH-WG] IETF 107 Virtual OAuth Sessions

This will have no impact on the adoption of the DPoP document. Regards, Rifaat On Fri, Mar 27, 2020 at 11:22 AM Torsten Lodderstedt wrote: > Hi, > > assuming WG adoption of DPoP does not depend on the virtual interim, I’m > fine with the proposal. > > best regards, > Torsten. > > > On 26. Mar

Re: [OAUTH-WG] Call for Adoption: DPoP

mar. 2020 kl. 13:21 skrev Rifaat Shekh-Yusef < > rifaat.i...@gmail.com>: > >> All, >> >> As per the conclusion of the PoP interim meeting, this is a call for >> adoption for the *OAuth 2.0 Demonstration of Proof-of-Possession at the >> Application Layer (DPo

Re: [OAUTH-WG] Web Authorization Protocol (oauth) WG Virtual Meeting: 2020-04-06

All, You can find the slides for tomorrow's meeting at the following link: https://datatracker.ietf.org/meeting/interim-2020-oauth-03/session/oauth Regards, Rifaat On Thu, Apr 2, 2020 at 10:06 AM IESG Secretary wrote: > The Web Authorization Protocol (oauth) Working Group will hold > a virtu

[OAUTH-WG] Fwd: (Forward to others) Webex meeting invitation: OAuth WG Virtual Interim Meeting - April 13th

BEGIN:VCALENDAR PRODID:-//Microsoft Corporation//Outlook 10.0 MIMEDIR//EN VERSION:2.0 METHOD:REQUEST BEGIN:VTIMEZONE TZID:America/New_York TZURL:http://tzurl.org/zoneinfo-outlook/America/New_York X-LIC-LOCATION:America/New_York BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:1

[OAUTH-WG] Fwd: (Forward to others) Webex meeting invitation: OAuth WG Virtual Interim Meeting - April 20th

BEGIN:VCALENDAR PRODID:-//Microsoft Corporation//Outlook 10.0 MIMEDIR//EN VERSION:2.0 METHOD:REQUEST BEGIN:VTIMEZONE TZID:America/New_York TZURL:http://tzurl.org/zoneinfo-outlook/America/New_York X-LIC-LOCATION:America/New_York BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:1

[OAUTH-WG] Fwd: (Forward to others) Webex meeting invitation: OAuth WG Virtual Interim Meeting - April 27th

BEGIN:VCALENDAR PRODID:-//Microsoft Corporation//Outlook 10.0 MIMEDIR//EN VERSION:2.0 METHOD:REQUEST BEGIN:VTIMEZONE TZID:America/New_York TZURL:http://tzurl.org/zoneinfo-outlook/America/New_York X-LIC-LOCATION:America/New_York BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:1

[OAUTH-WG] Fwd: (Forward to others) Webex meeting invitation: OAuth WG Virtual Interim Meeting - May 4th

BEGIN:VCALENDAR PRODID:-//Microsoft Corporation//Outlook 10.0 MIMEDIR//EN VERSION:2.0 METHOD:REQUEST BEGIN:VTIMEZONE TZID:America/New_York TZURL:http://tzurl.org/zoneinfo-outlook/America/New_York X-LIC-LOCATION:America/New_York BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:1

[OAUTH-WG] Fwd: (Forward to others) Webex meeting invitation: OAuth WG Virtual Interim Meeting - May 11th

BEGIN:VCALENDAR PRODID:-//Microsoft Corporation//Outlook 10.0 MIMEDIR//EN VERSION:2.0 METHOD:REQUEST BEGIN:VTIMEZONE TZID:America/New_York TZURL:http://tzurl.org/zoneinfo-outlook/America/New_York X-LIC-LOCATION:America/New_York BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:1

Re: [OAUTH-WG] Web Authorization Protocol (oauth) WG Virtual Meeting: 2020-04-06

You can find the minutes of the meeting on the link below: https://datatracker.ietf.org/meeting/interim-2020-oauth-03/materials/minutes-interim-2020-oauth-03-202004061800 Thanks to *Jared Jennings* for taking these notes. Regards, Rifaat On Sun, Apr 5, 2020 at 5:47 PM Rifaat Shekh-Yusef

Re: [OAUTH-WG] Web Authorization Protocol (oauth) WG Virtual Meeting: 2020-04-13

The following is a link to the coming interim meeting materials: https://datatracker.ietf.org/meeting/interim-2020-oauth-04/session/oauth It has the chairs and Nested JWT slides. Will upload the JWT Profile for AT slides as soon as I get it. Regards, Rifaat On Tue, Apr 7, 2020 at 1:52 PM IESG

Re: [OAUTH-WG] Web Authorization Protocol (oauth) WG Virtual Meeting: 2020-04-13

I have uploaded the second presentation for today's session, the JWT Profile for Access Tokens. https://datatracker.ietf.org/meeting/interim-2020-oauth-04/session/oauth Regards, Rifaat On Fri, Apr 10, 2020 at 9:35 AM Rifaat Shekh-Yusef wrote: > The following is a link to the coming

[OAUTH-WG] Second WGLC on "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"

Hi all, This is a second working group last call for "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens". Here is the document: https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-06 Please send your comments to the OAuth mailing list by April 29, 2020. Regards, Rifa

Re: [OAUTH-WG] Web Authorization Protocol (oauth) WG Virtual Meeting: 2020-04-13

All, You can find this meeting minutes at the following link: https://datatracker.ietf.org/doc/minutes-interim-2020-oauth-04-202004131200/ Thanks to *Jared Jennings *for taking these notes. Regards, Rifaat & Hannes On Tue, Apr 7, 2020 at 1:52 PM IESG Secretary wrote: > The Web Authorizati

Re: [OAUTH-WG] Web Authorization Protocol (oauth) WG Virtual Meeting: 2020-04-20 CHANGED

All, We had an issue with the time allocated for this meeting on the Webex tool, so we fixed that. As with previous two interim meetings, this one will too be at the same time, *12:00pm EST*. Regards, Rifaat & Hannes On Sun, Apr 19, 2020 at 8:31 AM IESG Secretary wrote: > MEETING DETAILS HAV

[OAUTH-WG] Fwd: Webex meeting changed: OAuth WG Virtual Interim Meeting - April 20th

-- Forwarded message - From: Web Authorization Protocol Working Group Date: Sun, Apr 19, 2020 at 8:25 AM Subject: Webex meeting changed: OAuth WG Virtual Interim Meeting - April 20th To: You changed the Webex meeting information. When it's time, start your Webex meeting here

Re: [OAUTH-WG] Webex meeting changed: OAuth WG Virtual Interim Meeting - April 20th

All, You can find this meeting material at the following link: https://datatracker.ietf.org/meeting/interim-2020-oauth-05/session/oauth Regards, Rifaat & Hannes On Sun, Apr 19, 2020 at 8:36 AM Rifaat Shekh-Yusef wrote: > > > -- Forwarded message - > From: W

[OAUTH-WG] April 20th Interim Meeting Minutes

All, You can find the minutes for this meeting on the following link: https://datatracker.ietf.org/meeting/interim-2020-oauth-05/materials/minutes-interim-2020-oauth-05-202004201200 Thanks to *Jared Jennings *for taking these notes. Regards, Rifaat & Hannes

Re: [OAUTH-WG] Second WGLC on "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"

.BestPractices]. > > To preventing cross-JWT confusion, authorization servers MUST use a > distinct identifier as "aud" claim value to uniquely identify access tokens > issued by the same issuer for distinct resources. > - - - - - - - - - - > > However, the attack v

[OAUTH-WG] April 27th Interim Meeting Material

The following link has the meeting material for the April 27th interim meeting: https://datatracker.ietf.org/meeting/interim-2020-oauth-06/session/oauth Will upload the OAuth 2.1 slides when I get them. Regards, Rifaat ___ OAuth mailing list OAuth@ietf

Re: [OAUTH-WG] April 27th Interim Meeting Material

faat Shekh-Yusef wrote: > The following link has the meeting material for the April 27th interim > meeting: > https://datatracker.ietf.org/meeting/interim-2020-oauth-06/session/oauth > > Will upload the OAuth 2.1 slides when I get them. >

[OAUTH-WG] May 4th Interim Meeting Material

All, Here is a link to the meeting material for tomorrow's meeting: https://datatracker.ietf.org/meeting/interim-2020-oauth-07/session/oauth Regards, Rifaat & Hannes ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth

Re: [OAUTH-WG] May 4th Interim Meeting Material

0 > WhatsApp: +1 816.678.4152 > > > On Sun, May 3, 2020 at 4:02 PM Rifaat Shekh-Yusef > wrote: > >> All, >> >> Here is a link to the meeting material for tomorrow's meeting: >> https://datatracker.ietf.org/meeti

[OAUTH-WG] Fwd: Reminder: Survey on planning for possible online IETF meetings

All, Please take sometime to complete the survey below to help with the planning for the coming, most likely virtual, IETF meetings. Regards, Rifaat -- Forwarded message - From: IETF Executive Director Date: Mon, May 4, 2020 at 3:04 AM Subject: Reminder: Survey on planning fo

[OAUTH-WG] A *Short* 3rd WGLC on "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens"

Hi all, This is a 3rd working group last call for "JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens". Here is the document: https://tools.ietf.org/html/draft-ietf-oauth-access-token-jwt-07 Please send your comments to the OAuth mailing list by May 12, 2020. Regards, Rifaat &

  1   2   3   4   5   6   >