Hello Brian and Vittorio,
I have two observations:
* draft-fett-oauth-dpop-04 which is the last version expired on 5
September 2020,
* the podcast as well as draft-fett-oauth-dpop-04 omit to mention the
client/user collaborative attack against which
draft-fett-oauth-dpop-04 is ineffective.
Denis
PS. The podcast is a nice effort but is far too long (29:37).
The mTLS vs DPoP was good in articulating how the two specs are alike,
how they differ and which particular type of app they are meant to serve.
I'm saying this as a person who is generally allergic to technical
podcasts :)
Maybe every RFC that comes out of this WG should have a podcast link
at the top, where the authors discuss it in simple, honest and
non-speccy terms, because that's often how people are best able to
perceive the spirit and subtleties of some technical or spec work.
Vladimir
On 21/09/2020 09:40, Vittorio Bertocci wrote:
Dear all,
This is an informal mail to inform you that there’s a new podcast
<http://identityunlocked.com/>, identityunlocked.com
<http://identityunlocked.com/>, dedicated to inform and explain new
identity specs developments for developers.
You can find a more detailed explanation of the podcast’s goals in
https://auth0.com/blog/identity-unlocked-a-podcast-for-developers/,
but the TL;DR is that the spec themselves aren’t all that easy to
read for the non-initiated, and a lot of useful info emerges during
the discussions leading to the spec but rarely surface in a usable
form to the people who don’t participate in discussions.
The first episode
<https://auth0.com/blog/identity-unlocked-explained-episode-1/>,
featuring Brian Campbell discussing MTLS & DPoP, should give you an
idea of what season 1 of the show will look like.
The full list of the first run is available here
<https://auth0.com/blog/auth0-launches-identity-unlocked-the-identity-podcast-for-developers/>.
Of 6 episodes, 3 of them are about specifications coming out of this
WG- and all guests are actively involved in the IETF.
My main goals sharing this info here are
* *Letting you know that the podcast exists*, so that you can make
use of it if you so choose (e.g. referring people to it if they
need to better understand something covered in an episode)
* *Soliciting proposals for new episodes*: topics you believe are
currently underserved, topics you are often asked about, topics
you would like to be interviewed about on the show
* *Growing the show’s subscriber base*. I was able to get backing
from my company to produce a podcast that has exactly ZERO
product pitches and is purely about identity specs promotion, on
the gamble that the topic does have an audience finding it
useful. So far the reception has been great, and we need to keep
it up if we want to have a season 2.
I hope you’ll find the initiative useful!
Cheers,
V.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth