What an awesome coincidence. We at GMX and WEB.DE are currently working on
OAuth support for our mail servers as well and already see the issue in getting
the clients to properly configure and connect with mail servers via OAuth. We
will definitely look into the proposal and are happy to give
. My suggestion to make signing of
the subject_token optional still stands :-)
Kai
From: George Fletcher
Date: Friday, 3. May 2024 at 18:15
To: Kai Lehmann
Cc: Kai Lehmann , oauth
Subject: Re: [OAUTH-WG] [External Sender] Re: Transaction Tokens issuance in
the absence of incoming token
Hi Kai
token has definitely some
benefits as the format/content can be specified, but I don’t see how signing
the JWT would make the trust by the TTS towards the client unnecessary.
Best regards,
Kai
From: OAuth on behalf of George Fletcher
Date: Monday, 22. April 2024 at 17:50
To: Kai Lehmann
Cc
processes).
As this discussion is more or less already concluded, I hope that the spec can
at least allow alternatives.
BR,
Kai
From: George Fletcher
Date: Friday, 12. April 2024 at 19:53
To: Atul Tulshibagwale
Cc: Brian Campbell , Kai Lehmann
, Dmitry Telegin , oauth
Subject: Re: [External
Hi,
that is my thought as well. It does not necessarily be a Token Exchange
profile, but the Token endpoint makes sense as Tokens are issued. Defining a
specific Token grant with the necessary input parameters would fit nicely.
Best regards,
Kai
From: OAuth on behalf of Dmitry Telegin
Hi Sachin, you can find this information in section 6:
https://www.rfc-editor.org/rfc/rfc6749#section-6
“If a
new refresh token is issued, the refresh token scope MUST be
identical to that of the refresh token included by the client in the
request.”
Best regards,
Kai
From: OAuth on
. February 2024 at 01:13
To: OAuth WG , Kai Lehmann
Subject: Re: [OAUTH-WG] OAuth browser based apps with first-party same-domain
apps
Hi Kai,
This sounds similar to an approach described in this draft, although never
actually implemented as far as I know:
https://www.ietf.org/archive/id/draft
From: Kai Lehmann
Date: Monday, 6. November 2023 at 07:48
To: "oauth@ietf.org"
Subject: OAuth browser based apps with first-party same-domain apps
Hi,
I’ve been reading through the recent update of the draft for using OAuth in
browser based apps and highly appreciate the exce
Hi all,
I very much like the draft. We have a similar token mechanism implemented for
our service infrastructure.
I am not quite sure about the reasoning behind using “sub_id” for the subject
identifier instead of using “sub” as used across OAuth technology. The
referenced draft for
From: "Oliva Fernandez, Jorge"
Date: Monday, 12. June 2023 at 11:21
To: Kai Lehmann , "Oliva Fernandez, Jorge"
, "oauth@ietf.org"
Subject: Re: Re: [OAUTH-WG] RFC 9396 - RAR doubt about examples
Hi Kai, and thanks for your response,
The thing is that in section 9
Hi Oliva,
I don’t see inconsistencies. As far as I understand it, the debtorAccount is
information about the authenticated user account. This is information which the
RS may need in order to know where the money needs to be transferred FROM. This
is nothing which the End-User can change as the
or OpenFGA). RAR
(https://www.ietf.org/archive/id/draft-ietf-oauth-rar-18.html) looks promising
here.
Kai Lehmann
1&1 Mail & Media Development & Technology GmbH
From: OAuth on behalf of Warren Parad
Date: Monday, 3. April 2023 at 00:00
To: Clinton Bunch
Cc: "oauth@ietf.org"
sensitive information, and are discussing wether we should encrypt the jwt, or
only encrypt the authorization_details structure using JWE.
S
tor. 12. jan. 2023 kl. 16:44 skrev Kai Lehmann
mailto:401und1...@dmarc.ietf.org>>:
Hi Justin (and Brian),
(I somehow only received the reply from Brian
referencing in the RAR spec.
Thanks,
Kai
From: Brian Campbell
Date: Wednesday, 21. December 2022 at 16:08
To: Justin Richer
Cc: Kai Lehmann , "oauth@ietf.org"
Subject: [SENDER VERFICATION FAILED] Re: [OAUTH-WG] Privacy considerations
regarding RAR and authorization_details in AT JWT
I'l
Hi,
In the privacy considerations section of the RAR specification
(https://www.ietf.org/archive/id/draft-ietf-oauth-rar-21.html#name-privacy-considerationsit)
it is stated:
“The AS needs to take into consideration the privacy implications when
sharing authorization_details with the client or
Hi Rifaat,
the ones regarding the Fine Grained Authorization discussion.
Regards,
Kai
From: Rifaat Shekh-Yusef
Date: Tuesday, 15. November 2022 at 20:45
To: Kai Lehmann
Cc: oauth
Subject: Re: [OAUTH-WG] Tuesday side meeting agenda
Hi Kai,
Unfortunately, we did not take notes
Hi Rifaat,
are the slides/meeting notes available for the side meetings somewhere? There
have been some slides shown and discussed during the side-meeting on Thursday
and I would like to revisit them. If there are slides/notes available, it might
be a good idea to reference them here:
17 matches
Mail list logo
