Thanks for the review comments, James. I have just worked on a draft update and incorporated your suggestions. I will submit draft -07 in time for the OAuth WG session tomorrow.
Ciao Hannes -----Original Message----- From: OAuth <oauth-boun...@ietf.org> On Behalf Of Manger, James Sent: Dienstag, 12. März 2019 06:33 To: oauth@ietf.org Subject: Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-06.txt Syntax glitches in draft-ietf-oauth-pop-key-distribution-06: 1. "exp" and "nbf" values should be numbers, not strings, so must not have quotes [Section 4.2.2. "Client-to-AS Response"] 2. h'11' and b64'...' appear in the JSON examples, but should be "..." strings [Section 4.2.2. "Client-to-AS Response", members "kid", "x", "y"] 3. "iss" should be an https URI, such as "https://server.example.com", not "xas.example.com" [Section 4.2.2. "Client-to-AS Response"]. "aud" should probably be https://... as well, not http://.... -- James Manger -----Original Message----- From: OAuth <oauth-boun...@ietf.org> On Behalf Of internet-dra...@ietf.org Sent: Tuesday, 12 March 2019 12:37 AM To: i-d-annou...@ietf.org Cc: oauth@ietf.org Subject: [OAUTH-WG] I-D Action: draft-ietf-oauth-pop-key-distribution-06.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Web Authorization Protocol WG of the IETF. Title : OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution Authors : John Bradley Phil Hunt Michael B. Jones Hannes Tschofenig Mihaly Meszaros Filename : draft-ietf-oauth-pop-key-distribution-06.txt Pages : 17 Date : 2019-03-11 Abstract: RFC 6750 specified the bearer token concept for securing access to protected resources. Bearer tokens need to be protected in transit as well as at rest. When a client requests access to a protected resource it hands-over the bearer token to the resource server. The OAuth 2.0 Proof-of-Possession security concept extends bearer token security and requires the client to demonstrate possession of a key when accessing a protected resource. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-pop-key-distribution/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-06 https://datatracker.ietf.org/doc/html/draft-ietf-oauth-pop-key-distribution-06 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-pop-key-distribution-06 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth