This draft of the Cross-Device Flows: Security Best Current Practice incorporates feedback received during IETF last call from Jim Fenton, Bing Liu, Paul Kyzivat and David Mandelberg.
Kind Regards Pieter Kasselman On Mon, Jan 5, 2026 at 12:41 PM <[email protected]> wrote: > Internet-Draft draft-ietf-oauth-cross-device-security-14.txt is now > available. > It is a work item of the Web Authorization Protocol (OAUTH) WG of the IETF. > > Title: Cross-Device Flows: Security Best Current Practice > Authors: Pieter Kasselman > Daniel Fett > Filip Skokan > Name: draft-ietf-oauth-cross-device-security-14.txt > Pages: 67 > Dates: 2026-01-05 > > Abstract: > > This document describes threats against cross-device flows along with > practical mitigations, protocol selection guidance, and a summary of > formal analysis results identified as relevant to the security of > cross-device flows. It serves as a security guide to system > designers, architects, product managers, security specialists, fraud > analysts and engineers implementing cross-device flows. > > The IETF datatracker status page for this Internet-Draft is: > https://datatracker.ietf.org/doc/draft-ietf-oauth-cross-device-security/ > > There is also an HTML version available at: > > https://www.ietf.org/archive/id/draft-ietf-oauth-cross-device-security-14.html > > A diff from the previous version is available at: > > https://author-tools.ietf.org/iddiff?url2=draft-ietf-oauth-cross-device-security-14 > > Internet-Drafts are also available by rsync at: > rsync.ietf.org::internet-drafts > > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
