Btw, the HTTP signature mechanism now also got published as http://tools.ietf.org/html/draft-richer-oauth-signed-http-request-01
I think we now have a pretty good collection of documents to look at. Ciao Hannes On 04/24/2014 06:40 PM, Hannes Tschofenig wrote: > Hi Lewis, > > good that you ask. > > In the London IETF meeting we have proposed a plan on how to proceed > with the proof-of-possession (PoP) work. > > John had already explained that the main document is > draft-hunt-oauth-pop-architecture-00. It pains the big picture and > points to the relevant documents, in particular to > a) draft-bradley-oauth-pop-key-distribution > b) draft-jones-oauth-proof-of-possession > c) a not-yet-published HTTP signature mechanism. > > (a) explains how the client obtains keys from the authorization server. > (b) describes a mechanism for binding a key to the access token. > (c) illustrates the procedure for the client to interact with the > resource server (based on the PoP mechanism). > > These documents replace prior work on draft-ietf-oauth-v2-http-mac-05 > and draft-tschofenig-oauth-hotk-03. > > We are getting closer to have all relevant parts published. > > Ciao > Hannes > > On 04/24/2014 05:14 PM, Lewis Adam-CAL022 wrote: >> Hi, >> >> >> >> Lots of crypto drafts on OAuth popping up that I need to come up to >> speed on. >> >> draft-bradley-oauth-pop-key-distribution-00 >> <http://datatracker.ietf.org/doc/draft-bradley-oauth-pop-key-distribution/> >> >> draft-hunt-oauth-pop-architecture-00 >> <http://datatracker.ietf.org/doc/draft-hunt-oauth-pop-architecture/> >> >> draft-jones-oauth-proof-of-possession-00 >> <http://datatracker.ietf.org/doc/draft-jones-oauth-proof-of-possession/> >> >> draft-sakimura-oauth-rjwtprof-01 >> <http://datatracker.ietf.org/doc/draft-sakimura-oauth-rjwtprof/> >> >> draft-sakimura-oauth-tcse-03 >> <http://datatracker.ietf.org/doc/draft-sakimura-oauth-tcse/> >> >> draft-tschofenig-oauth-hotk-03 >> <http://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk/> >> >> >> >> Glad to see all the work, but is there a preferred reading order here? >> Which ones build on each other vs. which ones are out there on their own? >> >> >> >> >> >> -adam >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
