Internet-Draft draft-ietf-oauth-attestation-based-client-auth-01.txt is now
available. It is a work item of the Web Authorization Protocol (OAUTH) WG of
the IETF.
Title: OAuth 2.0 Attestation-Based Client Authentication
Authors: Tobias Looker
Paul Bastian
Name:
Regarding #1:
We gathered a lot of feedback and many people agreed here (
https://github.com/vcstuff/draft-ietf-oauth-status-list/issues/74 ) that
the title seems reasonable. If people do not agree now, I'm happy to
discuss so in Prague.
Regarding #2:
I'm sorry that we forgot to publish
Hi all,
with this release of the security BCP, I have started to implement
Hannes' feedback from the shepherd's writeup, updated some references,
and made some other editorial changes.
There are no normative changes in this version.
-Daniel
Am 23.10.23 um 18:55 schrieb
Internet-Draft draft-ietf-oauth-sd-jwt-vc-01.txt is now available. It is a
work item of the Web Authorization Protocol (OAUTH) WG of the IETF.
Title: SD-JWT-based Verifiable Credentials (SD-JWT VC)
Authors: Oliver Terbu
Daniel Fett
Name:draft-ietf-oauth-sd-jwt-vc-01.txt
Internet-Draft draft-ietf-oauth-security-topics-24.txt is now available. It is
a work item of the Web Authorization Protocol (OAUTH) WG of the IETF.
Title: OAuth 2.0 Security Best Current Practice
Authors: Torsten Lodderstedt
John Bradley
Andrey Labunets
Hi all,
we've updated the Identity Chaining draft with some editorial changes &
reference fixes.
Please find updated version here:
draft-schwenkschuster-oauth-identity-chaining-00 - Identity Chaining across
Trust Domains
inline:
On Mon, Oct 23, 2023 at 11:04 AM Kristina Yasuda wrote:
> > I find the new name "OAuth Status List" confusing. While I understand
> wanting to remove "JWT" and "CWT" from the name, I was not aware of that
> discussion during the call for adoption. I would suggest renaming this to
>
Hi all,
this release of SD-JWT includes one important normative change, which is
a hash in the key binding JWT to ensure the integrity of presentations.
The second biggest change is that we restructured some sections of the
document to make it more readable.
As always, we're looking forward
After a lot of discussion on the mailing list over the last few months, and
after some excellent discussions at the OAuth Security Workshop, we've been
working on revising the draft to provide clearer guidance and clearer
discussion of the threats and consequences of the various architectural
Internet-Draft draft-ietf-oauth-selective-disclosure-jwt-06.txt is now
available. It is a work item of the Web Authorization Protocol (OAUTH) WG of
the IETF.
Title: Selective Disclosure for JWTs (SD-JWT)
Authors: Daniel Fett
Kristina Yasuda
Brian Campbell
Name:
> I find the new name "OAuth Status List" confusing. While I understand wanting
> to remove "JWT" and "CWT" from the name, I was not aware of that discussion
> during the call for adoption. I would suggest renaming this to "OAuth Token
> Status List" instead.
I would suggest removing “OAuth”
Internet-Draft draft-ietf-oauth-browser-based-apps-15.txt is now available. It
is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF.
Title: OAuth 2.0 for Browser-Based Apps
Authors: Aaron Parecki
David Waite
Philippe De Ryck
Name:
To Aaron’s naming points, I would be fine changing the title in the draft from
“OAuth Status List” to “OAuth Token Status List”, if there’s working group
consensus to do so. We could have that discussion in Prague.
The name change was motivated by feedback from multiple sources that the old
>
> I also noticed you didn't mark it as replacing the individual draft in
> datatracker. You can email supp...@ietf.org and request that they mark it
> as replacing
> https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ so
> that the history tracks better.
>
I fixed that.
Hi Aaron,
Tobias, Paul, Christian,
I just noticed the new working group adopted version of this draft:
https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/
I posted this comment on Github, but I'll repeat it here for others. I
find the new name "OAuth Status List" confusing.
Tobias, Paul, Christian,
I just noticed the new working group adopted version of this draft:
https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/
I posted this comment on Github, but I'll repeat it here for others. I find
the new name "OAuth Status List" confusing. While I understand
Internet-Draft draft-ietf-oauth-status-list-00.txt is now available. It is a
work item of the Web Authorization Protocol (OAUTH) WG of the IETF.
Title: OAuth Status List
Authors: Tobias Looker
Paul Bastian
Christian Bormann
Name:
Hi all,
We updated the cross-device security BCP based on guidance received at IETF 117
as well as input during the OAuth Security Workshop (OSW) 2023. The additions
include:
1. Introduction of normative SHOULD, RECOMMENDED and MAY when applied to
actions the Authorization Server, Resource
18 matches
Mail list logo