Good question. The architecture allows different mechanisms to be used for proof-of-possession between the client and the resource server. With the publication of draft-richer-oauth-signed-http-request-01 we have a version that uses a JOSE-based encoding. I have not had time to illustrate how the MAC-based version would fit in there.
On 04/25/2014 10:42 AM, Sergey Beryozkin wrote: > Hi Hannes > > Is the MAC token effort you were leading still on the map ? > > Thanks, Sergey > > On 24/04/14 20:42, Hannes Tschofenig wrote: >> Btw, the HTTP signature mechanism now also got published as >> http://tools.ietf.org/html/draft-richer-oauth-signed-http-request-01 >> >> I think we now have a pretty good collection of documents to look at. >> >> Ciao >> Hannes >> >> >> On 04/24/2014 06:40 PM, Hannes Tschofenig wrote: >>> Hi Lewis, >>> >>> good that you ask. >>> >>> In the London IETF meeting we have proposed a plan on how to proceed >>> with the proof-of-possession (PoP) work. >>> >>> John had already explained that the main document is >>> draft-hunt-oauth-pop-architecture-00. It pains the big picture and >>> points to the relevant documents, in particular to >>> a) draft-bradley-oauth-pop-key-distribution >>> b) draft-jones-oauth-proof-of-possession >>> c) a not-yet-published HTTP signature mechanism. >>> >>> (a) explains how the client obtains keys from the authorization server. >>> (b) describes a mechanism for binding a key to the access token. >>> (c) illustrates the procedure for the client to interact with the >>> resource server (based on the PoP mechanism). >>> >>> These documents replace prior work on draft-ietf-oauth-v2-http-mac-05 >>> and draft-tschofenig-oauth-hotk-03. >>> >>> We are getting closer to have all relevant parts published. >>> >>> Ciao >>> Hannes >>> >>> On 04/24/2014 05:14 PM, Lewis Adam-CAL022 wrote: >>>> Hi, >>>> >>>> >>>> >>>> Lots of crypto drafts on OAuth popping up that I need to come up to >>>> speed on. >>>> >>>> draft-bradley-oauth-pop-key-distribution-00 >>>> <http://datatracker.ietf.org/doc/draft-bradley-oauth-pop-key-distribution/> >>>> >>>> >>>> draft-hunt-oauth-pop-architecture-00 >>>> <http://datatracker.ietf.org/doc/draft-hunt-oauth-pop-architecture/> >>>> >>>> draft-jones-oauth-proof-of-possession-00 >>>> <http://datatracker.ietf.org/doc/draft-jones-oauth-proof-of-possession/> >>>> >>>> >>>> draft-sakimura-oauth-rjwtprof-01 >>>> <http://datatracker.ietf.org/doc/draft-sakimura-oauth-rjwtprof/> >>>> >>>> draft-sakimura-oauth-tcse-03 >>>> <http://datatracker.ietf.org/doc/draft-sakimura-oauth-tcse/> >>>> >>>> draft-tschofenig-oauth-hotk-03 >>>> <http://datatracker.ietf.org/doc/draft-tschofenig-oauth-hotk/> >>>> >>>> >>>> >>>> Glad to see all the work, but is there a preferred reading order here? >>>> Which ones build on each other vs. which ones are out there on their >>>> own? >>>> >>>> >>>> >>>> >>>> >>>> -adam >>>> >>>> >>>> >>>> _______________________________________________ >>>> OAuth mailing list >>>> OAuth@ietf.org >>>> https://www.ietf.org/mailman/listinfo/oauth >>>> >>> >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> OAuth@ietf.org >>> https://www.ietf.org/mailman/listinfo/oauth >>> >> >> >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
