[OAUTH-WG] I-D Action: draft-ietf-oauth-attestation-based-client-auth-01.txt

Internet-Draft draft-ietf-oauth-attestation-based-client-auth-01.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: OAuth 2.0 Attestation-Based Client Authentication Authors: Tobias Looker Paul Bastian Name:

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

Regarding #1: We gathered a lot of feedback and many people agreed here ( https://github.com/vcstuff/draft-ietf-oauth-status-list/issues/74 ) that the title seems reasonable. If people do not agree now, I'm happy to discuss so in Prague. Regarding #2: I'm sorry that we forgot to publish

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-security-topics-24.txt

Hi all, with this release of the security BCP, I have started to implement Hannes' feedback from the shepherd's writeup, updated some references, and made some other editorial changes. There are no normative changes in this version. -Daniel Am 23.10.23 um 18:55 schrieb

[OAUTH-WG] I-D Action: draft-ietf-oauth-sd-jwt-vc-01.txt

Internet-Draft draft-ietf-oauth-sd-jwt-vc-01.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: SD-JWT-based Verifiable Credentials (SD-JWT VC) Authors: Oliver Terbu Daniel Fett Name:draft-ietf-oauth-sd-jwt-vc-01.txt

[OAUTH-WG] I-D Action: draft-ietf-oauth-security-topics-24.txt

Internet-Draft draft-ietf-oauth-security-topics-24.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: OAuth 2.0 Security Best Current Practice Authors: Torsten Lodderstedt John Bradley Andrey Labunets

[OAUTH-WG] Updated Identity Chaining Draft

Hi all, we've updated the Identity Chaining draft with some editorial changes & reference fixes. Please find updated version here: draft-schwenkschuster-oauth-identity-chaining-00 - Identity Chaining across Trust Domains

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

inline: On Mon, Oct 23, 2023 at 11:04 AM Kristina Yasuda wrote: > > I find the new name "OAuth Status List" confusing. While I understand > wanting to remove "JWT" and "CWT" from the name, I was not aware of that > discussion during the call for adoption. I would suggest renaming this to >

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-selective-disclosure-jwt-06.txt

Hi all, this release of SD-JWT includes one important normative change, which is a hash in the key binding JWT to ensure the integrity of presentations. The second biggest change is that we restructured some sections of the document to make it more readable. As always, we're looking forward

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-browser-based-apps-15.txt

After a lot of discussion on the mailing list over the last few months, and after some excellent discussions at the OAuth Security Workshop, we've been working on revising the draft to provide clearer guidance and clearer discussion of the threats and consequences of the various architectural

[OAUTH-WG] I-D Action: draft-ietf-oauth-selective-disclosure-jwt-06.txt

Internet-Draft draft-ietf-oauth-selective-disclosure-jwt-06.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: Selective Disclosure for JWTs (SD-JWT) Authors: Daniel Fett Kristina Yasuda Brian Campbell Name:

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

> I find the new name "OAuth Status List" confusing. While I understand wanting > to remove "JWT" and "CWT" from the name, I was not aware of that discussion > during the call for adoption. I would suggest renaming this to "OAuth Token > Status List" instead. I would suggest removing “OAuth”

[OAUTH-WG] I-D Action: draft-ietf-oauth-browser-based-apps-15.txt

Internet-Draft draft-ietf-oauth-browser-based-apps-15.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: OAuth 2.0 for Browser-Based Apps Authors: Aaron Parecki David Waite Philippe De Ryck Name:

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

To Aaron’s naming points, I would be fine changing the title in the draft from “OAuth Status List” to “OAuth Token Status List”, if there’s working group consensus to do so. We could have that discussion in Prague. The name change was motivated by feedback from multiple sources that the old

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

> > I also noticed you didn't mark it as replacing the individual draft in > datatracker. You can email supp...@ietf.org and request that they mark it > as replacing > https://datatracker.ietf.org/doc/draft-looker-oauth-jwt-cwt-status-list/ so > that the history tracks better. > I fixed that.

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

Hi  Aaron, Tobias, Paul, Christian, I just noticed the new working group adopted version of this draft: https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ I posted this comment on Github, but I'll repeat it here for others. I find the new name "OAuth Status List" confusing.

Re: [OAUTH-WG] Call for adoption - JWT and CWT Status List

Tobias, Paul, Christian, I just noticed the new working group adopted version of this draft: https://datatracker.ietf.org/doc/draft-ietf-oauth-status-list/ I posted this comment on Github, but I'll repeat it here for others. I find the new name "OAuth Status List" confusing. While I understand

[OAUTH-WG] I-D Action: draft-ietf-oauth-status-list-00.txt

Internet-Draft draft-ietf-oauth-status-list-00.txt is now available. It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. Title: OAuth Status List Authors: Tobias Looker Paul Bastian Christian Bormann Name:

Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-cross-device-security-04.txt

Hi all, We updated the cross-device security BCP based on guidance received at IETF 117 as well as input during the OAuth Security Workshop (OSW) 2023. The additions include: 1. Introduction of normative SHOULD, RECOMMENDED and MAY when applied to actions the Authorization Server, Resource