The IESG has received a request from the Web Authorization Protocol WG (oauth) to consider the following document: - 'Cross-Device Flows: Security Best Current Practice' <draft-ietf-oauth-cross-device-security-13.txt> as Best Current Practice
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2025-12-16. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes threats against cross-device flows along with practical mitigations, protocol selection guidance, and a summary of formal analysis results identified as relevant to the security of cross-device flows. It serves as a security guide to system designers, architects, product managers, security specialists, fraud analysts and engineers implementing cross-device flows. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-oauth-cross-device-security/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
