Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-iss-auth-resp-00.txt

Thu, 07 Jan 2021 04:24:05 -0800 

Hi all,

thank you for your support and the comments/feedback on the draft so far.
The first official WG version does not contain any changes in comparison to our individual draft version -02. 


We would like to ask you for further feedback and comments on the draft.

Best regards,
Karsten

On 06.01.2021 16:27, internet-dra...@ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol WG of the IETF.

         Title           : OAuth 2.0 Authorization Server Issuer Identifier in 
Authorization Response
         Authors         : Karsten Meyer zu Selhausen
                           Daniel Fett
        Filename        : draft-ietf-oauth-iss-auth-resp-00.txt
        Pages           : 10
        Date            : 2021-01-06

Abstract:
    This document specifies a new parameter "iss" that is used to
    explicitly include the issuer identifier of the authorization server
    in the authorization response of an OAuth authorization flow.  If
    implemented correctly, the "iss" parameter serves as an effective
    countermeasure to "mix-up attacks".


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-iss-auth-resp/

There is also an HTML version available at:
https://www.ietf.org/archive/id/draft-ietf-oauth-iss-auth-resp-00.html


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/


_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth


--
Karsten Meyer zu Selhausen
IT Security Consultant
Phone:  +49 (0)234 / 54456499
Web:    https://hackmanit.de | IT Security Consulting, Penetration Testing, 
Security Training

Nehmen Sie an unserer nächsten Live Online-Schulung zur Sicherheit von OAuth 
und OpenID Connect am 27.01 + 28.01.2021 teil:
https://www.hackmanit.de/de/schulungen/127-live-online-schulung-single-sign-on-sicherheit-oauth-openid-connect-am-27-01-28-01-2021

Hackmanit GmbH
Universitätsstraße 60 (Exzenterhaus)
44789 Bochum

Registergericht: Amtsgericht Bochum, HRB 14896
Geschäftsführer: Prof. Dr. Jörg Schwenk, Prof. Dr. Juraj Somorovsky, Dr. 
Christian Mainka, Dr. Marcus Niemietz

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to